Path: ...!news.nobody.at!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Don Y <blockedofcourse@foo.invalid>
Newsgroups: sci.electronics.design
Subject: Re: About WiFi7
Date: Fri, 23 Aug 2024 12:26:18 -0700
Organization: A noiseless patient Spider
Lines: 57
Message-ID: <vaanpe$112hi$1@dont-email.me>
References: <va78n1$1ifd7$1@solani.org>
 <va7rd4$14gv$1@nnrp.usenet.blueworldhosting.com> <va98fq$1j36c$1@solani.org>
 <vaa78t$5jo$1@nnrp.usenet.blueworldhosting.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 23 Aug 2024 21:26:39 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="fb085827bc5e887805c2115ba92085bf";
	logging-data="1083954"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18ejF0LMraCw7MZWMFunbDj"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Cancel-Lock: sha1:EsUDiUlIqiA0m82d62nL1QbDUUI=
Content-Language: en-US
In-Reply-To: <vaa78t$5jo$1@nnrp.usenet.blueworldhosting.com>
Bytes: 3867

On 8/23/2024 7:44 AM, Edward Rawde wrote:
> Pretty much everything is on all the time here.

I have at least three boxes running 24/7/365:
- my "network services" box (TFTP, NTP, DNS, etc.)
- this "internet access" box (isolated from the rest of the network)
- at least one workstation
Servers, SANs, NASs, laptops are more "transient" devices that come on and
off as they are needed.

> Servers have to be or they won't be serving. And why would I want to wait
> while Windows says "You will not turn off your computer for half an hour
> while I update". Windows boxes which are mostly turned off invariably spend
> the next hour installing updates when they are turned on.

With an air-gapped network, you don't have to bother with countless "updates"
(which can be seen as malware in and of themselves!)

This machine runs nothing but Firefox and Tbird and HAS nothing on it of
any value (my address book?  stripped of all "personal information", of
course -- even my "username" is anonymous!)  So, there is nothing to lose
if "compromised" and I can restore everything in 12 minutes (the time it
takes to reload the most recent "image")

NOT having a directly routed IP gives added protection from incoming
threats (multi-NAS).  I have a cloaked server that is accessible
(Co-lo'ed) for the select persons that need access to it.

Why would I want to waste time updating and protecting *tools*?

> Networks are safe if configured properly whether wired or wifi.

That's not necessarily true.  *Physical* access trumps all attempts at
protection.

> While it's not likely that an unauthorized user will be able to get directly
> on my LAN, that does not by itself mean that they could obtain information I
> don't want them to have.

But that's true of any site that you visit.  Even your "network identity"
can be uniquely fingerprinted by a remote service WATCHING how you access it.

> If you leave your systems off for anti hacking reasons then you have
> effectively caused a denial of service attack against yourself.

Yup.  But, you only need to make it accessible to *yourself* to avoid that
problem.  Too many businesses expose more than they need to just because
limiting that exposure is harder if "everything" is hiding on the same
server with ACLs as the only practical "defense".

[Do you think a 50 million LoC piece of software doesn't have tens of
thousands of latent bugs??  Bugs that can be identified, verified and
quantified without your ever being aware that this has happened?]

Consider, carefully, what you really need access to outside of your own
physical domain.  Then, RE-consider that!