View Single Post
  #2   (View Single Post)  
Old 8th August 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,711
Default

Quote:
...attacker accessing your workstation...
Nothing at all. Any packet filter or other network protections needed to prevent misuse sourced from the authenticated device is the responsibility of the network admin.

Consider: all authpf(8) does when a connection is authenticated is:
  1. Load admin-provisioned filter rules into PF at the admin-specified anchor point.
  2. Permit the admin to use two PF macros in the rules: $user_ip, the ip address of the authenticated and connected device, and $user_id, the user name connected to the authpf(8) shell on the gateway router.
The rules remain in effect at the anchor point until the ssh(1) session is terminated.

Network protections the astute admin will consider include packet filtering, stateful processing, authentication and authorization systems, and encrypted traffic.
Reply With Quote