+ All Categories

Home > Internet > How to prevent ssh-tunneling using Palo Alto Networks NGFW

How to prevent ssh-tunneling using Palo Alto Networks NGFW

Date post:	09-Jan-2017
Category:	Internet
Upload:	yudi-arijanto
View:	244 times
Download:	7 times

Download Report this document

Share this document with a friend

Embed Size (px):

15

1 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevent SSH Tunneling using NGFW Yudi Arijanto CISSP, CISM, GWAPT, PCNSE System Engineer

Transcript

Page 1: How to prevent ssh-tunneling using Palo Alto Networks NGFW

1 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Prevent SSH Tunneling using NGFW

Yudi Arijanto CISSP, CISM, GWAPT, PCNSE

System Engineer

Page 2: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Diagram

2 | © 2015, Palo Alto Networks. Confidential and Proprietary.

L3-untrust 192.168.55.20/24

L3-trust 192.168.45.20/24

Web-server 192.168.45.65/24

SSH Server 192.168.45.132/24

Win7 client 192.168.55.64/24

Page 3: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Port Forwarding

3 | © 2015, Palo Alto Networks. Confidential and Proprietary.

SSH Client Localhost:8888 SSH Server Web Server

http://192.168.45.65:80

Port 80

ssh tunnel (port 22)

NGFW

Page 4: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Win7 – SSH Client

4 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 5: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Setup SSH Tunneling using Putty.exe

5 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 6: How to prevent ssh-tunneling using Palo Alto Networks NGFW

SSH warning!

6 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 7: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Tunnel is ready! Localhost listening on port 8888

7 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 8: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Access remote web server through SSH

8 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 9: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Network Connection in Win7

9 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 10: How to prevent ssh-tunneling using Palo Alto Networks NGFW

NGFW Traffic Logs

10 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 11: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Now, we want to block ssh-tunnel

11 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 12: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Security Policy

12 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Decryption Policy

We allow only ssh app-id

Page 13: How to prevent ssh-tunneling using Palo Alto Networks NGFW

Remote access to web server using SSH tunneling is blocked !

13 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 14: How to prevent ssh-tunneling using Palo Alto Networks NGFW

NGFW Traffic Logs

14 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Page 15: How to prevent ssh-tunneling using Palo Alto Networks NGFW

15 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Recommended

EPICS CA Tunneling with SSH - Stanford University · 2017-02-17 · EPICS CA Tunneling with SSH Till Straumann July 21, 2011. Controls CA Tunnel 2 Till Straumann July 21, 2011 Overview

1.0 Statement of Work - Bid4Michigan Web viewMCCA – Michigan Colleges Online – Cisco NGFW firewall RFP. 7. ... CISCO NGFW Firewall - NGFW ASA 5545-C. X. High Availability Options.

EPICS CA Tunneling with SSH - Stanford University CA Tunneling with SSH Till Straumann July 21, ... even though SOCKS5 defines a UDP feature ... –Execute a proxy CA ...

Covert Channels · ssh tunnel end-point . SSH Tunneling ... to whom over a public network • Knowing the source and destination of your ... • TOR only works for TCP streams and

Configure SSH on Windows 10 | Configure SSH Server | Free SSH Server

NGFW Clustering Deep Dive - SafePlus Live... · NGFW Clustering Deep Dive Wednesday 9:00 BRKSEC-3035 Firepower Platform Deep Dive Thursday 9:00 BRKSEC-2050 ASA Firepower NGFW typical

NGFW Brochure 08 08

Manual para tunneling por medio de SSH. · 2018-07-06 · El objetivo de este manual es crear un local forwarding usando el protocolo SSH, con el objetivo de hacer una conexión directa

Aspera Enterprise Server Admin Guide 3.6download.asperasoft.com/download/docs/entsrv/3.6.0/es_admin_aix/pdf2/EnterpriseServer...In OpenSSH versions 4.4 and newer, disable SSH tunneling

SSH Tunneling Recipes

SSH Security vs. Automationlinuxtag.org/2013/.../slides/...Automation.e427.pdf · Slide 17 | SSH Security vs. Automation | SSH + PKI ssh-dss AAAAB3NzaC1kc3MAAACBAMeo0PULL9svYvy5kIG7jKDLmz

NGFW for Education the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

NGFW Manager and VPN Broker - Forcepoint...NGFW Manager and VPN Broker 6.7 | Product Guide • NGFW — Allows you to configure and monitor the NGFW Engine. • SD-WAN — Shows elements

FirePower 2100 NGFW - Azlan 2100 NGFW 21 March 2017 Elodie Heurtevent –Security BDM Commercial

Why Cisco NGFW? - Tech Data

[Solution Brief] Enhancing NGFW Security with …€¦ · ENHANCING NGFW SECURITY WITH AUTOMATED MALWARE ANALYSIS ... [Solution Brief] Enhancing NGFW Security with Automated ... sonicwall,

Model SSH-C and SSH-F - Cloud Object Storage | Store ...SSH... · 1 model ssh-c and ssh-f installation, operation and maintenance instructions instruction manual im084r06

Meet the Next Generation Firewall (NGFW). Defining a Next Generation Firewall (NGFW): Firewalling Intrusion Prevention Application Control #1 An NGFW.