[Nottingham] SSH, port-forward and X-forwarding magic
jasonirwin73 at gmail.com
Thu May 10 12:42:38 UTC 2018
On 10 May 2018 at 12:18, Martin via Nottingham <
nottingham at mailman.lug.org.uk> wrote:
> Do not underestimate the false sense of security of a VPN/tunnel...
Not my call.
> Are your endpoints themselves secure and trustworthy?
The VPN? I have no clue, I don't manage that.
> Do your local machines (lazily) assume the internal LAN to be secure and
No. Every personal machine is firewalled with only the specific ports
opened (which is, generally speaking, almost none).
The corporate box? Pretty sure it is, but I have little control over that.
Is your internal LAN still really secure and trusted with a VPN
> tunnelling through your firewall from the unclean bad outside?
No VPN inbound, only outbound (that's why I need SSH to get into my LAN)
Are your systems still secure when they assume all their connections are
> "local only" and yet you now have a remote connection from "somewhere
Mine? Yes, AFAIK.
Corporate? Mine seem to be, I have stories about others. :-)
... As demonstrated by the giggle of remote workers working for two
> different corporates/call-centres, and using two VPNs that then
> inadvertently connect the internal networks of those two remote entities
> together for much hilarity...
I have seen that happen.
That's the usual lame lazy excuse of the Proprietary world and the old
> game of lock-in...
The services are not on the public internet, so some kind of tunnel/proxy
I guess you could expose them and use SSO or similar, but I am not sure how
much better/worse that would be.
It's not my call.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nottingham