Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH tunnel question.

from [Leif Ericksen] Network Security [Permanent Link]
Subject: Re: SSH tunnel question.
Date: Wed, 06 Jun 2007 14:23:09 -0500 
Good thoughts, BUT we have a little thing called corporate Policy, and
unless even open source is approved we can not put it on our servers
with out an exception process.  As well some points are I do not own
root or admin on all parts.  Ideally we are to have the final two piece
of the puzzle on a network that is isolated for the Corporate network
via a hop or jump box.  Some folks have violated that and it is a matter
of time before the ports are closed.  

So we have this situation.

XP  ->  Corporate XP Desktop I do have admin rights.
HOP ->  This is the HOP Box on Solaris NO ADMIN rights there.
FW  ->  Firewall Controlled by computer security
BLADE ->  This is one of 120 IBM blade servers one interface talks to
the hop box and other blade, while the other interface is on the
Intenet.
MM  ->  This would be my Management Module (search on IBM.com for 8677
blade centers to learn more or get me off the list)


This is what I have.
XP -> FW -> HOP -> FW -> BLADE -> MM

IN putty set up a SSH connection to go to HOP
In Tunnels setup the Following:
-L 443:localhost:1443
-L  80:localhost:1180
-L 1044:localhost:11044
-L 1045:localhost:11045
-L 5900:localhost:15900

Then with putty in the SSH section you do the following under command
line:
ssh -NL 1443:MM:443 -L 1180:MM:80 -L 11044:localhost:1044 -L
11045:localhost:1045 -L 15900:MM:5900 BLADE

You now point your browser to localhost, but traffic is
tunneled/encapsulated and redirected to MM.

The help that I received from Joseph Spenner as well as some redirection
from a person inside my company that IS Security brought in on this
resulted in the above solution.  

This solution works.  It uses already approved software on the corporate
network, stays within IS Security guidelines, and does not result in
needing to request any new holes be punched into the firewall.

I will be glad to talk with anybody that wants to know more offline.
If this list in general wants to know more I will keep discussion on the
list.

Thank You for the suggestion.

--
Leif Ericksen

On Wed, 2007-06-06 at 15:00 +0300, Ventsislav Genchev wrote:

Then, how about considering using openvpn, instead of some solution
based on ssh? With openvpn you can build a client to server vpn
connection and also define the port and even the protocol that will be
used.

The only thing that might bother you is that you'll need to install an
openvpn tool for your Windows Desktop station.

Check out: http://openvpn.net/

Cheers,
Ventsi


Remainder of the data stripped.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Multihomed Configuration, Nirmal Babu Puliyadi Suriya Kumar -X (npuliyad - HCL at Cisco)
Next by Date:  Re: Multihomed Configuration, Dallas Clement
Previous by Thread:  Re: SSH tunnel question., Ventsislav Genchev
Next by Thread:  Multihomed Configuration, Nirmal Babu Puliyadi Suriya Kumar -X (npuliyad - HCL at Cisco)
Indexes:  [Date] [Thread] [Top] [All Lists]