You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/01/27 22:33:00 UTC

[jira] [Commented] (GUACAMOLE-880) Obfuscation of guacamole client protocol

    [ https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17024720#comment-17024720 ] 

Mike Jumper commented on GUACAMOLE-880:
---------------------------------------

I'll close this here as the general consensus within the project is that such changes (obfuscating the protocol in the hope that an attacker would not be able to read it, altering sent images in the hope that it will be sufficient to defeat steganographic transmission of data) do not make sense:

* With the main point of remote desktop being to interact with a system remotely, and with interaction requiring the transmission of visual information, it's not clear that it is possible to meaningfully defeat steganography without also rendering the remote desktop session unusable.
* With the point of a protocol being to have a standard of communication between to points, it is not possible to obfuscate the protocol in a way which would meaningfully impede the ability of a malicious user to consume the protocol, and doing so would indeed be security through obscurity. The system shouldn't rely on being difficult to understand. The system should be both secure and understandable.

[~bolke], if you do move forward with research and development here, and you end up with something which you believe achieves what you were originally looking for, feel free to reopen this and let us know your findings.

> Obfuscation of guacamole client protocol
> ----------------------------------------
>
>                 Key: GUACAMOLE-880
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole-client, guacamole-server
>            Reporter: Bolke de Bruin
>            Priority: Major
>              Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage possibilities. We recently had a audit on our infrastructure and it was shown that it was quite easy to leak out data through the guacamole protocol by creating special images inside the desktop and then using mitmproxy (python) and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the protocol if configured to do so. Of course this could be done by implementing a custom protocol, but it would be nice if Guacamole would have the facilities (hooks) to do this. One could think of allowing a custom function to encrypt/obfuscate the outgoing stream and attach into the javascript that decrypts the stream.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)