I am recently tasked to improve our workplace security via installing third party agents (essentially a black box) to monitor suspicious network traffic on employees' work computers, which made me wonder, since ssh traffic is encrypted, is it possible for network traffic to be hidden via multiple nested SSH tunnels together with tools like scp to transmit data out of work computers?
As far as my understanding of networking goes, the only traffic that should be detectable is the initial SSH connection from work computer to the first SSH server. Any "other" malicious traffic beyond that layer shouldn't be detectable?
Appreciate any advice!
No comments:
Post a Comment