You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Michael Jumper (Jira)" <ji...@apache.org> on 2019/09/15 17:39:00 UTC
[jira] [Comment Edited] (GUACAMOLE-880) Obfuscation of guacamole
client protocol
[ https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930017#comment-16930017 ]
Michael Jumper edited comment on GUACAMOLE-880 at 9/15/19 5:38 PM:
-------------------------------------------------------------------
There is no level of obfuscation which would prevent the legitimate users of any remote desktop protocol from obtaining information from the graphical content of their own sessions, at least not without making things unusable. Obtaining information from received graphics is exactly what the human brain does when it accesses a remote desktop. You cannot prevent this. Any attempt to obfuscate things while still allowing the remote desktop to be usable would amount to [security through obscurity|https://en.wikipedia.org/wiki/Security_through_obscurity].
As far as ensuring that users external to a remote desktop session cannot capture the content of other sessions, Guacamole already supports this through encryption. It is expected that Guacamole deployments will use SSL/TLS in front of the web application in production. If needed in your use case, you can also enable SSL/TLS between the web application and guacd.
was (Author: mike.jumper):
There is no level of obfuscation which would prevent the legitimate users of any remote desktop protocol from obtaining information from the graphical content of their own sessions, at least without making things unusable. Obtaining information from received graphics is exactly what the human brain does when it accesses a remote desktop. You cannot prevent this. Any to obfuscate things while still allowing the remote desktop to be usable would amount to [security through obscurity|https://en.wikipedia.org/wiki/Security_through_obscurity].
As far as ensuring that users external to a remote desktop session cannot capture the content of other sessions, Guacamole already supports this through encryption. It is expected that Guacamole deployments will use SSL/TLS in front of the web application in production. If needed in your use case, you can also enable SSL/TLS between the web application and guacd.
> Obfuscation of guacamole client protocol
> ----------------------------------------
>
> Key: GUACAMOLE-880
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client, guacamole-server
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage possibilities. We recently had a audit on our infrastructure and it was shown that it was quite easy to leak out data through the guacamole protocol by creating special images inside the desktop and then using mitmproxy (python) and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the protocol if configured to do so. Of course this could be done by implementing a custom protocol, but it would be nice if Guacamole would have the facilities (hooks) to do this. One could think of allowing a custom function to encrypt/obfuscate the outgoing stream and attach into the javascript that decrypts the stream.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)