Firewall Rules: Not as Secure as You Think
owl writes:
https://www.haskellforall.com/2024/08/firewall-rules-not-as-secure-as-you.html
This post introduces some tricks for jailbreaking hosts behind "secure" enterprise firewalls in order to enable arbitrary inbound and outbound requests over any protocol. You'll probably find the tricks outlined in the post useful if you need to deploy software in a hostile networking environment.
The motivation for these tricks is that you might be a vendor that sells software that runs in a customer's datacenter (a.k.a. on-premises software), so your software has to run inside of a restricted network environment. You (the vendor) can ask the customer to open their firewall for your software to communicate with the outside world (e.g. your own datacenter or third party services), but customers will usually be reluctant to open their firewall more than necessary.
For example, you might want to ssh into your host so that you can service, maintain, or upgrade the host, but if you ask the customer to open their firewall to let you ssh in they'll usually push back on or outright reject the request. Moreover, this isn't one of those situations where you can just ask for forgiveness instead of permission because you can't begin to do anything without explicitly requesting some sort of firewall change on their part.
So I'm about to teach you a bunch of tricks for efficiently tunneling whatever you want over seemingly innocuous openings in a customer's firewall.....
We are not condoning such actions, but you cannot secure your own systems unless you know how the opposition will attack them.
Read more of this story at SoylentNews.