piercing corporate FW outbound
Chris Brenton
cbrenton at chrisbrenton.org
Sat Feb 7 07:58:54 EST 2004
On Fri, 2004-02-06 at 15:31, Derek Martin wrote:
> On Fri, Feb 06, 2004 at 01:09:52PM -0500, Chris Brenton wrote:
> > For the record, outbound SSH _can_ be a security risk.
>
> So is HTTP, and it's a much more serious one than SSH,
Hummm. I don't remember saying that HTTP _was not_ a security risk.
> for a number of
> reasons, including all the reasons SSH can be, and several more. But you
> don't generally see people trying to block (outgoing) HTTP traffic.
Everything you do with the Internet involves some inherent risk. Its a
matter of which risks you choose to accept as part of doing business,
and which risks you don't. I'm guessing if outbound HTTP is permitted
but SSH is not, there is some business need for HTTP but not SSH.
> > Content checking can be a wonderful thing. :)
>
> But it doesn't solve every problem, and it can make new ones. As Mike
> has discovered... ;-)
Hummm. I don't remember saying that it does solve everything. As for it
being a "problem" in Mike's situation, I'm guessing the local IT group
would refer to it as a "feature". If there is a solid business case to
permit SSH, they'll make an exception for him. If not, its probably
doing exactly what they want.
C
More information about the gnhlug-discuss
mailing list