Re: Bypassing firewall

[Bennett Todd <bet () rahul net>]

2000-01-23-11:06:24 Mailing Lists:
> But I overheard one of my users bragging that it bypassed the firewall 
> using two linux machines doing port redirection.
> [...]
> btw, I don't know what the firewall used is, I'm the sysadm for my 
> division, but we are using the corporate firewall.

Sounds like you should (a) advise your bragging user that they
should cease and desist, if they don't want to get fired, and (b)
advice the folks who run he corporate firewall that someone claims
to be tunneling unapproved protocols through it. They should be able
to catch that behavior reasonably quickly by analyzing logfiles; and
in general catching it by finding anomalous traffic patterns is the
only possible fix, since you can tunnel _anything_ over _anything_.

Of course if your security policy doesn't have a clause that can be
interpreted as "deliberately bypassing the controls imposed by the
security dept. is grounds for termination", then that needs to get
fixed too.

And in terms of deeper followup, either the security policy and
implementation need revising to allow this protocol the user has
tunneled, or else the user desperately needs firing for sabotaging
the company's security policy to do something not needed for work.

-Bennett

Attachment: _bin
Description: