Date: Sat, 15 Aug 2020 08:16:00 -0400 From: Jerry <jerry@seibercom.net> To: "User Questions" <freebsd-questions@freebsd.org> Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <20200815081600.55107873@scorpio.seibercom.net> In-Reply-To: <20200814213706.18eb16b9.freebsd@edvax.de> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <CAGBxaX=9asO=X32RucVyNz5kppPhbZc9Ayx-pyiXMBi85BeJ6w@mail.gmail.com> <20200814004312.bb0dd9f1.freebsd@edvax.de> <20200814065701.2b390145ac6d189161bc31b4@sohara.org> <173ed205550.27bc.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com> <CAGBxaX=gs57EXsm028%2B6Var89MUoGh-7d1gfPdGmbm5gPBnufA@mail.gmail.com> <4d320acd-a995-7a35-5c0e-c2c22e7e6f96@radel.com> <CAGBxaXnjDAnZPjx_nksb_ed-f%2BX=PowLTUYMX706oMScd8HDaw@mail.gmail.com> <20200814213706.18eb16b9.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/gIGqDRAVVAKGMdm4It0f482 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 14 Aug 2020 21:37:06 +0200, Polytropon stated: >On Fri, 14 Aug 2020 10:44:35 -0400, Aryeh Friedman wrote: >> On Fri, Aug 14, 2020 at 10:32 AM Jon Radel <jon@radel.com> wrote: >> =20 >> > On 8/14/20 09:48, Aryeh Friedman wrote: =20 >> > > On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk >> > > <tundra@tundraware.com> =20 >> > wrote: =20 >> > > =20 >> > >> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" >> > >> <steve@sohara.org> wrote >> > >> >> > >> Again many corporate firewalls don't allow ssh out (or in >> > >> directly) =20 >> > >>> because tunnelling bypasses the firewalls. And again it seems >> > >>> odd for a hosting company. >> > >>> =20 >> > >> ssh out is typically prohibited to lower the risk of employee >> > >> transfer =20 >> > of =20 >> > >> sensitive data to external destinations - So called Data Loss =20 >> > Prevention. =20 >> > >> This, along with email scanning and man in the middle cert >> > >> management is pretty common. >> > >> =20 >> > > Unless it is 100% air gapped with no ability to plug in portable >> > > media and/or record the screen then nothing is 100% immune from >> > > such loss and thus not allowing it makes very little sense. If >> > > on the other hand the idea is to limit the damage that >> > > malware/spyware can do then it makes =20 >> > sense =20 >> > > (even if someone does in [accidentally] install malware/spyware >> > > it can =20 >> > not =20 >> > > send the results of its dirty work anywhere). >> > > =20 >> > Untrue. As the CISO at my latest employer said to me (paraphrasing >> > some, as it's been a while): >> > >> > You and I know how to circumvent the restrictions, but the vast >> > majority of the staff hasn't a clue. This cuts down the noise I >> > have to wade through.=20 >>=20 >> Oh great security by obfuscation! Sounds like the CSIO missed the >> first day of security 101. False sense of security is always a >> bad idea. =20 > >But but but we are ISO-9660 certified! And we have that expensive >snake oil sprinkled everywhere! ;-) > >There are measures that do not "add security", but can help to >limit the line noise. A typical example is moving SSH to some >non-standard port: That doesn't prevent anyone to perform a >port scan and connect to that non-standard port, but it limits >the fun for skript kiddies that connect as "Administrator" on >the default SSH port. > >Those who _want_ to extract data will find a way. As it has >been mentioned, a screen capture send per e-mail, or a screen >photo taken with the private smartphone will work. There are >so many possibilities of data extraction that you cannot stop >with a firewall rule... > >> > And back to the main topic of this thread: What does your lawyer >> > say about your client that is huffing and puffing threats over your >> > inability to perform magic to paper over their unwise contracting >> > actions in regard to a different vendor? Seems to me that you >> > left the land of technology a ways back on this one. >> > >> Actually the client has signed the one piece of paper we needed to >> move forward which is a waiver of liability for stuff we said was >> inherently risky (in writing) before we started the work. It >> should also be noted that due to lack of competance by the hosting >> company and by the equipment supplier we have become the client's >> defecto IT dept. Even though we were originally hired as programmers >> only (this means when push comes to shove the client almost always >> trusts us over anyone else and for the most part "I will find >> someone else '' is just his lack of social graces and not an actual >> threat). =20 > >Tell them you're "devops" now. :-) I have a suggestion on how to rectify this supposed problem that is causing Aryeh Friedman all this frustration and agita. The basis behind any successfully capitalistic society is the ability of an individual or consortiums to create and manage their own businesses. Since Aryeh obviously feels that he is the smartest man or woman in the room, and the ultimate authority on the operation of 'cable/hosting companies', why doesn't he simply assemble a group of supporters and other financial institutions to back his creation of a new "Supreme" hosting company, created in his own likeness and bound to his rules. Now that sounds like a perfect solution to me. Besides, as my old grandpa use to say, "You can curse the darkness or light a candle. In either case, shut the f*%K up." --=20 Jerry --Sig_/gIGqDRAVVAKGMdm4It0f482 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEIQb/tTwl6I1ueEVtOHMGOIfexWQFAl830gAACgkQOHMGOIfe xWQLMAf8DtvYvtIX8DEjbUKsunnGiawZMkwoRMR0K6d5I024vfPj+CvVq6xnL2+o 1pnhdTodSB4ljjhwSpgkaguMHFIhZjWJCguSvBrpDzDD81oUZl2XGt/mUu/YZANg rFYLosCV25O4tTPt+4cHlocB1e3VUBYPX3Y89lJjFf+BOTtDq/C7ZqtvC6JArBhM SZ7OqKAjojp4h2UQ6hjxz/iXgqGpvXcsCoxV0CiDRrmPqTVcNx+aieCLL9R5roRH Rdak9375xWdv8puGIiXjghm3V3QCcJcatLK/VkklQre7eRNe4xuUGNrSyp5oEBzM kjTM+EyiW4D1v2t3bsN7dojFhKhXuQ== =DRz7 -----END PGP SIGNATURE----- --Sig_/gIGqDRAVVAKGMdm4It0f482--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200815081600.55107873>