Path: ...!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail From: "Edward Rawde" Newsgroups: sci.electronics.design Subject: Re: Re:Predictive failures Date: Wed, 17 Apr 2024 01:39:51 -0400 Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com) Lines: 76 Message-ID: References: Injection-Date: Wed, 17 Apr 2024 05:39:57 -0000 (UTC) Injection-Info: nnrp.usenet.blueworldhosting.com; logging-data="99142"; mail-complaints-to="usenet@blueworldhosting.com" Cancel-Lock: sha1:Pfsemk7utsTmRIoo/YTIdHz/dEc= sha256:Az210PZtS6eBmxNUT0f8xsGQ+08GszTBU3atzdE27Bo= sha1:gxT3VIRvg4w3YHHG47pYO9Qj/HU= sha256:7TRep8PA3xJibP6V+eT/q08wkOK+XvZe9vLZQCzNR/A= X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Response X-Priority: 3 Bytes: 4617 "Don Y" wrote in message news:uvnlr6$1e3fi$1@dont-email.me... > On 4/16/2024 9:21 PM, Edward Rawde wrote: >>> The internal network isn't routed. So, the only machines to worry about >>> are >>> this one (used only for email/news/web) and a laptop that is only used >>> for ecommerce. >> >> My LAN is more like a small/medium size business with all workstations, >> servers and devices behind a firewall and able to communicate both with >> each >> other and online as necessary. > > I have 72 drops in the office and 240 throughout the rest of the house > (though the vast majority of those are for dedicated "appliances")... > about 2.5 miles of CAT5. Must be a big house. > >... >>> I have an out-facing server that operates in stealth mode and won't >>> appear >>> on probes (only used to source my work to colleagues). The goal is not >>> to >>> look "interesting". >> >> Not sure what you mean by that. >> Given what gets thrown at my firewall I think you could maybe look more >> interesting than you think. > > Nothing on my side "answers" connection attempts. To the rest of the > world, > it looks like a cable dangling in air... You could ping me if you knew my IP address. > >>> The structure of the house's fabric allows me to treat any individual >>> node as being directly connected to the ISP while isolating the >>> rest of the nodes. I.e., if you bring a laptop loaded with malware into >>> the house, you can't infect anything (or even know that there are other >>> hosts, here); it's as if you had a dedicated connection to the Internet >>> with no other devices "nearby". >> >> I wouldn't bother. I'd just not connect it to wifi or wired if I thought >> there was a risk. What I mean by that is I'd clean it without it being connected. The Avira boot CD used to be useful but I forget how many years ago. > > So, you'd have to *police* all such connections. What do you do with > hundreds > of drops on a factory floor? Or, scattered throughout a business? Can > you prevent any "foreign" devices from being connected -- even if IN PLACE > OF > a legitimate device? (after all, it is a trivial matter to unplug a > network > cable from one "approved" PC and plug it into a "foreign import") Devices on a LAN should be secure just like Internet facing devices. > >> It's been a while since I had to clean a malware infested PC. > > My current project relies heavily on internetworking for interprocessor > communication. So, has to be designed to tolerate (and survive) a > hostile actor being directly connected TO that fabric -- because that > is a likely occurrence, "in the wild". > > Imagine someone being able to open your PC and alter the internals... > and be expected to continue to operate as if this had not occurred! >