Placeshifter, company firewalls and an IT department that does its job!

[motobarsteward]

Well, my days of watching TV at work are now over! I was running my PlaceShifter over port 443 and very nicely it was working to!

For Christmas, my IT department have bought themselves a spangly new firewall that only allows https over this port. I guess the firewall is now checking application signatures? Other than getting a hacked PlaceShifter that pretends to be IE, can anyone else think of a solution?

I know the firewall is there for a reason but I don't like being told what I can and can't do by people who never asked my opinion in the first place!

In the mean time, if I stand on one left with my finger up my bumb, I can just get HSDPA coverage on my Mobile phone...

[bcjenkins]

Maybe not as ideal, but you can try tunneling over a web ssl connection a la Hamachi? http://en.wikipedia.org/wiki/Hamachi

I think you may have to work on threshold settings to ensure transcoding kicks in, but I believe the feature is there.

B

[hemicuda]

If Hamachi (nice little app, btw) doesn't work...

You could look for a hardware firewall for home that supports SSH directly or 3rd party f/w (use putty as a client) and tunnel everything through port 22 if it's still open. I've "broken" many a company firewall that way.

[uggie]

Quote:

Originally Posted by hemicuda

If Hamachi (nice little app, btw) doesn't work...

You could look for a hardware firewall for home that supports SSH directly or 3rd party f/w (use putty as a client) and tunnel everything through port 22 if it's still open. I've "broken" many a company firewall that way.

ssh is definitely the way to go if the port's still open. Assuming you're not running some bsd/linux box with a packet filter and sshd, you can get a free sshd for windows and use either putty or tunnelier on your work machine. Personally I think tunnelier is a bit more friendly. If you have a hardware firewall you'll need to direct all ssh traffic to the box running sshd. Then you just have to tunnel ports 31099 and 7818 (the latter is probably useless since that's the non-transcoded path...). After that all you need to know is your ip at home and away you go.

If you need more detailed instructions, let me know.

-jason

[S_M_E]

Bypassing IT policy/security *can* get you fired whether or not you think you have a right to do so.

[KJake]

i've always run ssh on port 443 or used port forwarding on my router to enable connecting to ssh over port 443, and then using ssh to tunnel ports from home to my local pc. i've gotten through tons of firewalls this way.

[hemicuda]

Quote:

Originally Posted by S_M_E

Bypassing IT policy/security *can* get you fired whether or not you think you have a right to do so.

Agreed, I should have added a caveat that <southern_drawl>"You pays your money and takes your chances." </southern_drawl>

I only make a habit of it for need-to situations and not on a regular basis. Now that we use cellular cards I mainly use it for a more secure link back to my home pc.

[GKusnick]

Quote:

Originally Posted by hemicuda

Agreed, I should have added a caveat that <southern_drawl>"You pays your money and takes your chances." </southern_drawl>

Except in this case, the OP is the one getting paid. Which, it seems to me, gives his employers the right to tell him what he can or can't do on their time.

[hemicuda]

That is true. Didn't mean to imply otherwise.
At the risk of being redundant, it's just a southern saying I've heard since a kid. In other words, if you're doing something questionable be prepared for any consequences if/when you get caught. YMMV.

OT:

Happy New Year in case I don't post again before then.

[valnar]

Quote:

Originally Posted by motobarsteward

I know the firewall is there for a reason but I don't like being told what I can and can't do by people who never asked my opinion in the first place!

Why would they ask you? Are you the CEO?

As somebody who works in IT and manages my company's firewalls, I would do the same. In fact, I have. Streaming personal audio or video to the detriment of legitimate business traffic *should* get your hand slapped.

[kriilin]

Quote:

Originally Posted by valnar

Why would they ask you? Are you the CEO?

As somebody who works in IT and manages my company's firewalls, I would do the same. In fact, I have. Streaming personal audio or video to the detriment of legitimate business traffic *should* get your hand slapped.

Yes that's true, but as someone who also works in IT, this "friendly hacking" can sometimes alert us to previously unknown vunerabilities. I compare it to not realizing the door is unlocked when your obnoxious neighbour waltzes through it unannounced.

[S_M_E]

Quote:

Originally Posted by kriilin

Yes that's true, but as someone who also works in IT, this "friendly hacking" can sometimes alert us to previously unknown vunerabilities. I compare it to not realizing the door is unlocked when your obnoxious neighbour waltzes through it unannounced.

As someone that writes IT policy, it's not for users to test security and that's no excuse for violating policy. I've fired users for that.

[kriilin]

Quote:

Originally Posted by S_M_E

As someone that writes IT policy, it's not for users to test security and that's no excuse for violating policy. I've fired users for that.

Of course thats not the users job, all I was saying sometimes there are beneficial side effects. I'd rather have a user inadvertently find a security hole than someone with malicious intent. So what kinds of things got them fired? Usually in a well-run shop, there are enough measures in place to save users from themselves, unless there's deliberate hacking attempts. The run of the mill stuff (porn, etc.) should be firewalled in the first place.

[S_M_E]

Quote:

Originally Posted by kriilin

Of course thats not the users job, all I was saying sometimes there are beneficial side effects. I'd rather have a user inadvertently find a security hole than someone with malicious intent. So what kinds of things got them fired? Usually in a well-run shop, there are enough measures in place to save users from themselves, unless there's deliberate hacking attempts. The run of the mill stuff (porn, etc.) should be firewalled in the first place.

I disagree, policy should be enough. Whether or not porn *should* be firewalled, using your example, does not excuse a user from viewing porn at work if there is a "no porn" policy. That they found a way to do something they shouldn't be doing doesn't make it OK to do. It's up to the user to follow policy, not the IT staff to stop them from violating it.

[GKusnick]

Quote:

Originally Posted by kriilin

So what kinds of things got them fired?

Call me old-fashioned, but it seems to me that watching TV instead of doing your job ought to be grounds for disciplinary action all by itself, regardless of security considerations or IT firewall policy.

[S_M_E]

Quote:

Originally Posted by GKusnick

Call me old-fashioned, but it seems to me that watching TV instead of doing your job ought to be grounds for disciplinary action all by itself, regardless of security considerations or IT firewall policy.

Exactly, not all IT policies are about security or firewalls there are also business reasons for some policies.

[motobarsteward]

I agree with S M E to a very large extent.

I never watch TV instead of working. I must admit to listing to music some times or just showing off the television 'because I can'.

I feel the urge to add that we have had a pretty serious outage due to a virus attack over the Christmas break. Maybe someone should have been applying patches rather than upgrading fire wall!

I have an interesting story of how an IT director was recently congratulated for busting a gut and working over a weekend to eradicate a virus infection form many machines on a network. However, when the CEO was informed that a routine M$ patch had been available for 18 months, the director became pretty ex-director-y very quickly!

I think the secret to all of this is to ask yourself the question 'is this to the detriment of the business'. If it is, stop doing it. If you don't know, don't do it. If someone else tells you it is (and they know what they are doing!), stop doing it.

As far as my situation is concerned, my company still allows free access to iPlayer and YouTube, both capable of sucking more bits per second than SageTV.

[S_M_E]

Patches shoud never be ignored for 18 months but not all infections have anything to do with patches. Most major infections are a result of users not following policy, opening attachments/executables they shouldn't and/or visitiing sites they shouldn't.

Just because they still allow youtube, for now, doesn't mean it's OK to bypass or ignore other policy in order to use Sage. Right?

[wayner]

Quote:

Originally Posted by GKusnick

Call me old-fashioned, but it seems to me that watching TV instead of doing your job ought to be grounds for disciplinary action all by itself, regardless of security considerations or IT firewall policy.

But at times the TV watching can be part of the job. I am in the financial industry and I will, from time-to-time, watch CNBC or Bloomberg via Placeshifter if there is something that I want to follow - like a Fed interest rate announcement. You can argue that our company can provide that for you but it is almost impossible to get licensing from a TV station to distribute their channel over your LAN. I tried to convince my company that we should set up a HTPC server to stream TV content over our LAN but when they looked into the licensing it was a total nightmare.

[S_M_E]

Quote:

Originally Posted by wayner

But at times the TV watching can be part of the job.

In the that case the company wouldn't have a policy against it but most do. Many companies have a TV in a central location, like a meeting room or break room but using company bandwidth to watch TV may violate policy even if they don't have a "no tv" policy. They might also have a policy against installing SW on company computers or have a policy against using personal laptops on the company LAN.