Hi everybody,
I need to prevent user from my network to tunnel their connection throught authorized port (80, 443).
It's quite annoying because I need to authorize https and http globally (not only on specific site).
I have an Iptables router, and a squid proxy and i have tried everythnig i know (transparent proxying, proxying),
But nothing work. It seems to me that only one port is enough to tunnel everything and so bypass entreprise security.
Is there any way to prevent SSH tunnel globally ?
FUCK ME SWEETY
What's your budget? If you can afford it, Bluecoat web proxy or equiv with SSL module or Palo Alto perhaps can handle this, where if the ssl can't be decrypted and inspected using the client side trusts that it leverages, it can block it.
He's asking about SS_H_, not SS_L_.
cu
59cobalt
Perhaps an IPS may work if you can capture the packets of the initial session then view the headers and see a common pattern you can create a custom signature and drop the packets, a next gen firewall may be able to do this as well but not sure. It also depends what you are really worried about as well web drive bys, sensitive data transfers, etc.....
And that's why this solution would work. The firewall won't be able to correctly process the SSH traffic as SSL, so it will block it, and achieve what the original poster was looking to do.
If you can't spell it, you probably are not authorized to bypass it!
Ding!
Bluecoat and its ilk also understands app level protocols and can be configured in policy to intercept and block SSH specifically (or to allow HTTPS and HTTP exclusively).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.