Alvin Starr via talk wrote on 2024-02-12 20:38:
Honestly, I won’t do that. About three weeks ago I had gotten approval for a new static ip address, at which point I asked for them to allow me to ssh to that address. I was *refused* and told I had to use a VPN because they “have to protect shh from the internet.” (!!!)
So, why not set up a VPN?
This is a risk unaware Microsoft centric answer.
It's a "Why are there incoming connections to our network?!? And what is their purpose? And where do they end up? Who is controlling them?" issue. Imagine being in charge of a large network and seeing countless connections to end points inside the network and having no idea what they're doing - that *should* scare any IT / network admin.
And this is not just a government issue its a big company based issue.
Yup, agreed 100%.
My personal belief is that companies believe that if they pay for the service then they have someone they can sue if things go wrong. Look at the recent set of remote access and data migration products that have had VERY large corporate and government customers and big security breaches.
And suing after the fact accomplishes pretty much nothing. Data is "gone", reputation is ruined, time is wasted recovering, etc. It's more like, "here's a product we trust to manage incoming connections, and if everyone's using this then we can control our network much better". Whether the trust is misplaced or not in any specific product, the idea is valid.
But seriously if you can find a service that they will port forward to your computer you can then just put SSH on that port and have your access.
Doubtful that IT is going to assist with port forwarding or any method of allowing un-monitored and unfettered incoming connections. Better would be to: a) install a VPN like IT said b) use ssh to connect to an outside computer with reverse-tunnelling (I forget the term here) and go in through the outside computer My 2¢ rb