Download - Prevent ssh-tunneling
![Page 1: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/1.jpg)
1 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Prevent SSH Tunneling using NGFW
Yudi Arijanto CISSP, CISM, GWAPT, PCNSE
System Engineer
![Page 2: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/2.jpg)
Diagram
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
L3-untrust 192.168.55.20/24
L3-trust 192.168.45.20/24
Web-server 192.168.45.65/24
SSH Server 192.168.45.132/24
Win7 client 192.168.55.64/24
![Page 3: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/3.jpg)
Port Forwarding
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SSH Client Localhost:8888 SSH Server Web Server
http://192.168.45.65:80
Port 80
ssh tunnel (port 22)
NGFW
![Page 4: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/4.jpg)
Win7 – SSH Client
4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 5: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/5.jpg)
Setup SSH Tunneling using Putty.exe
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 6: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/6.jpg)
SSH warning!
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 7: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/7.jpg)
Tunnel is ready! Localhost listening on port 8888
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 8: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/8.jpg)
Access remote web server through SSH
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 9: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/9.jpg)
Network Connection in Win7
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 10: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/10.jpg)
NGFW Traffic Logs
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 11: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/11.jpg)
Now, we want to block ssh-tunnel
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 12: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/12.jpg)
Security Policy
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Decryption Policy
We allow only ssh app-id
![Page 13: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/13.jpg)
Remote access to web server using SSH tunneling is blocked !
13 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 14: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/14.jpg)
NGFW Traffic Logs
14 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 15: Prevent ssh-tunneling](https://reader030.vdocuments.site/reader030/viewer/2022021506/58730d5f1a28ab99088b71c7/html5/thumbnails/15.jpg)
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.