Date: Fri, 14 Aug 2020 09:48:36 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Tim Daneliuk <tundra@tundraware.com> Cc: "Steve O'Hara-Smith" <steve@sohara.org>, Polytropon <freebsd@edvax.de>, =?UTF-8?Q?Andr=C3=A9_Boon?= <freebsd@andreboon.nl>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <CAGBxaX=gs57EXsm028%2B6Var89MUoGh-7d1gfPdGmbm5gPBnufA@mail.gmail.com> In-Reply-To: <173ed205550.27bc.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <CAGBxaX=9asO=X32RucVyNz5kppPhbZc9Ayx-pyiXMBi85BeJ6w@mail.gmail.com> <20200814004312.bb0dd9f1.freebsd@edvax.de> <20200814065701.2b390145ac6d189161bc31b4@sohara.org> <173ed205550.27bc.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk <tundra@tundraware.com> wrote: > On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" <steve@sohara.org> > wrote > > Again many corporate firewalls don't allow ssh out (or in directly) >> because tunnelling bypasses the firewalls. And again it seems odd for a >> hosting company. >> > > > ssh out is typically prohibited to lower the risk of employee transfer of > sensitive data to external destinations - So called Data Loss Prevention. > This, along with email scanning and man in the middle cert management is > pretty common. > Unless it is 100% air gapped with no ability to plug in portable media and/or record the screen then nothing is 100% immune from such loss and thus not allowing it makes very little sense. If on the other hand the idea is to limit the damage that malware/spyware can do then it makes sense (even if someone does in [accidentally] install malware/spyware it can not send the results of its dirty work anywhere). But for the hosting company in question this seems to not be a concern we have had to clear some accidentally installed bitcoin miner off the windows machine 5 times in the last year even with all these "safeguards". -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaX=gs57EXsm028%2B6Var89MUoGh-7d1gfPdGmbm5gPBnufA>