On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote: > to...@tuxteam.de (HE12025-03-26): > > I was once sitting at a $(DAYJOB) where they blocked everything but > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake > > didn't look suspect, in case their firewall sniffed that). Bonus: I > > got to see whether they did MITM, since I made my own server and > > client certs. > > If behind a BOFH firewall, ssh is usually a lot easier to tunnel to > sneak through than a VPN.
My bet was that 443 is always open because otherwise mid- and hi- level mgmt would be on top of the poor admins because they couldn't go to their share trading casinos: I won :) > > Bigcorps are like that. It was not that the firewall department didn't > > want to talk to me. It was that they bought a "product" without really > > understanding how it works. > > Must not comment. Must not comment. My goto quote for this is Bruce Schneier's "Security is a process, not a product" [1]. If, at a company, this earns me empty stares, I try to not get involved in their security, but rather watch the fireworks from afar. Cheers [1] https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html -- t
signature.asc
Description: PGP signature
