On 3/26/25 05:04, to...@tuxteam.de wrote:
On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote:
to...@tuxteam.de (HE12025-03-26):
I was once sitting at a $(DAYJOB) where they blocked everything but
443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake
didn't look suspect, in case their firewall sniffed that). Bonus: I
got to see whether they did MITM, since I made my own server and
client certs.
If behind a BOFH firewall, ssh is usually a lot easier to tunnel to
sneak through than a VPN.
My bet was that 443 is always open because otherwise mid- and hi-
level mgmt would be on top of the poor admins because they couldn't
go to their share trading casinos: I won :)
Bigcorps are like that. It was not that the firewall department didn't
want to talk to me. It was that they bought a "product" without really
understanding how it works.
Must not comment. Must not comment.
My goto quote for this is Bruce Schneier's "Security is a process,
not a product" [1]. If, at a company, this earns me empty stares,
I try to not get involved in their security, but rather watch the
fireworks from afar.
Like a continent or more away. Such attitudes are contagious. Whoever
said security is a process, not a product, nailed it.
Cheers
[1] https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
