[29908] in North American Network Operators' Group
Re: "top secret" security does require blocking SSH
daemon@ATHENA.MIT.EDU (Alex Bligh)
Sun Jul 9 16:14:18 2000
From: Alex Bligh <amb@gxn.net>
To: "Derrick" <Derrick@anei.com>
Cc: nanog@merit.edu
In-reply-to: Your message of "Sun, 09 Jul 2000 15:59:51 EDT."
<KBEDKDGNJOJKLANKGGFGIENNCAAA.Derrick@anei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 09 Jul 2000 21:12:02 +0100
Message-Id: <E13BNQo-00075E-00@sapphire.noc.gxn.net>
Errors-To: owner-nanog-outgoing@merit.edu
"Derrick" <Derrick@anei.com>
> Blocking SSH is a weak solution.
I wrote:
> > No. We are just rapidly approaching the point where people realize
> > it has always been the case that this is impossible.
I meant it has always been the case that blocking covert channels
of communication was technically impossible. You can tunnel ssh
or equivalent through email wordcounts if you really feel the
need. I'm not an expert, but there is good information theory
that says once you allow more than trivial bit rates in/out
of an organization, blocking covert communication encapsulated
one way or another becomes extremely hard.
--
Alex Bligh
VP Core Network, Concentric Network Corporation
(formerly GX Networks, Xara Networks)
