on Mon, Dec 15, 2003 at 02:56:06PM -0800, Nunya ([EMAIL PROTECTED]) wrote: > As I think about getting a job, I realize wherever next will probably > block outgoing traffic on most ports. > > I always thought I could have ssh listen on some port which gets through > like FTP port or HTTP port to bypass all those restrictions. > > Two obvious, unavoidable problems will be: my employer probably won't > want me wasting bandwidth and opening a security hole. > > (1) Will it work and
Maybe.
> (2) is it opening a security hole?
Yes.
> What are the workarounds? I guess I could live in a Ricochet city and
> use my own laptop not plugged into the company .net.
>
> Does anybody have any thoughts?
Sure:
- What's policy at this location? Is violation of policy a firing
offense? Is there criminal or civil liability? The point is:
while it's _technically_ possible to bypass a great many security
measures, the consequences of doing so may be high. What does your
contract or employment agreement say to this?
- Do you really want to run ssh from an untrusted system? Your
workplace system may be running spyware or monitoring software
either for employee monitoring purposes, or because it's been
compromised itself. Password sniffing is a popular route to system
compromise.
- Do you want to be the point man for any network hiccups or security
questions. By this, I mean the man everyone points to. Depending
on the technical savvy of the employer, you may find that as "the
guy doing weird stuff", you're the usual suspect for anything that
happens -- network problems, worms, data coming in, data going out,
etc. There's also the question of what you're doing with your time
on the job.
- What are your (other) alternatives?
I'd seek clarification from the employer before doing anything of this
nature. You're opening a hole through which data can move in and/or
out, outside of their control. While a large number of shops have few
problems with this, so long as use is reasonable and sane, others do.
Other options include forwarding critical mail to your work account, a
third-party webmail account, or hosting your own remotely-accessible
mail. Or buy yourself a handheld system (e.g.: Zaurus) with wireless
support and get your email fix from a hotspot on your breaks.
Peace.
--
Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Backgrounder on the Caldera/SCO vs. IBM and Linux dispute.
http://sco.iwethey.org/
pgp00000.pgp
Description: PGP signature
