Do an MSN search on SSH forwarding. You’ll find countless articles detailing how to open an SSH tunnel to your home network and thereby allow for some after-hours work without the hassle of using the official company VPN. Remember the baseline configuration:
- Set a remote forwarding configuration to receive incoming traffic from your home network.
- Execute some clever scripted pings and sleep statements to keep the line alive.
- Set up local forwarding directives on your home system that will use your work PC as a tunnel into your company’s network.
Considering the impacts of a poor home WLAN security design, this setup may have your company infiltrated.
Additionally, you’ll find several great implementations of SSH server technologies that are based on Java and Perl. To you and your firewall, it’s simply a web site receiving encrypted SSL/TLS traffic. To the web site administrator, it’s a private administrative tunnel into the DMZ, available directly from the Internet—and possibly secured with a silly, easy-to-guess password. Point a browser at the target site, authenticate, and get a terminal session.
At this point, we need to stop and consider all those hacker probes of SSH installations. We know that old SSH software often gives root access "by the onesies" via buffer overflows. Additionally, after looking over the many articles describing ways to use SSH to beat firewall restrictions, I believe that there are other reasons hackers probe SSH installations and web sites. Amateur SSH security designs will create unmonitorable paths with full privilege to most devices in your DMZ. Add in those DMZ-to-intranet connections some companies allow, the ones the Evil Developers force on us, and the pathway infiltrates the intranet itself.