![]() Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.) Granted Application number US10/326,226 Other versions US7454785B2 Google Patents Proxy method and system for secure wireless administration of managed entitiesÄownload PDF Info Publication number US20040123159A1 US20040123159A1 US10/326,226 US32622602A US2004123159A1 US 20040123159 A1 US20040123159 A1 US 20040123159A1 US 32622602 A US32622602 A US 32622602A US 2004123159 A1 US2004123159 A1 US 2004123159A1 Authority US United States Prior art keywords wid message user proxy managed entity Prior art date Legal status (The legal status is an assumption and is not a legal conclusion. Google Patents US20040123159A1 - Proxy method and system for secure wireless administration of managed entities Once the two tunnels are created, enter the IP address of the SSH server into the network tab of EnCase.US20040123159A1 - Proxy method and system for secure wireless administration of managed entities When the FIM connects to port 4445 on the SSH server, it is redirected to port 4446 and then down the tunnel to the target machine. Once entered you will have created a second tunnel (shown above listening on :4445) that can now be connected to by a FIM or EEE installation. To create this additional tunnel, the following command is used on the SSH server: ssh -L 4445:localhost:4446 -f -N -g This will prompt you again for the root user s password. ![]() Unfortunately, the reverse tunnel only listen to traffic coming from, so you must create one more tunnel that creates another listening port on port 4445, that redirects to port 4446 and then send the traffic down the SSH tunnel. ![]() You can issue a netstat an grep i listening so make sure the reverse tunnel you just created is listening on port A reverse tunnel creates a port on the remote SSH server that listens for incoming connections and then sends them down the tunnel to your target machine. It can be obtained from: Any other SSH client can be used (such as SSH Secure Shell, but it must be installed on target machine) as long as it can support port forwarding.Ħ Once established you will have a terminal window on the SSH server. ** The SSH server can not be on the same machine as your FIM/SAFE because of port conflicts, the SAFE must use TCP port Putty is the SSH client used in the example below because it is small, compact and can fit on a floppy (364K). In the example described below, port 4445 is used to connect to the SSH server, so unobstructed access must be available to the SSH server on port 4445 from the examiner machine. Examiner Machine (EEE or FIM) The examiner machine located anywhere that can authenticate to it s SAFE and reach the SSH server. Root access is not required, but preferable. This can be default basic linux installation (the example shown here is a default RedHat 8.0 installation). **SSH Server - Machine running SSH daemon. The tools used in this example can fit on a floppy and can be inserted into the target machine and an outbound connection established from the command line. The target machine must establish a SSH connection to the SSH server. Target machine located anywhere, protected by firewall or some other type of network filtering which prevents direct contact by the FIM/SAFE. In order to make a successful connection with FIM or EEE to a machine behind a firewall, the following is needed. 1 HOW TO CREATE A REVERSE SSH TUNNEL AND USE ENCASE ENTERPRISE TO SNAPSHOT/PREVIEW OR ACQUIRE A MACHINE THAT IS PROTECTED ON THE INSIDE OF A NETWORK Lance Mueller, CISSP, GCIH, EnCE, GREM, CFCE, MCP A machine that is located inside a private business/corporation and is protected by a firewall cannot be connected to via the normal EnCase Enterprise techniques due to the firewall blocking any inbound connection.
0 Comments
Leave a Reply. |