| Deutsch English Français Italiano |
|
<vaarue$gq1$1@nnrp.usenet.blueworldhosting.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail From: "Edward Rawde" <invalid@invalid.invalid> Newsgroups: sci.electronics.design Subject: Re: About WiFi7 Date: Fri, 23 Aug 2024 16:37:33 -0400 Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com) Lines: 98 Message-ID: <vaarue$gq1$1@nnrp.usenet.blueworldhosting.com> References: <va78n1$1ifd7$1@solani.org> <va7rd4$14gv$1@nnrp.usenet.blueworldhosting.com> <va98fq$1j36c$1@solani.org> <vaa78t$5jo$1@nnrp.usenet.blueworldhosting.com> <vaanpe$112hi$1@dont-email.me> Injection-Date: Fri, 23 Aug 2024 20:37:34 -0000 (UTC) Injection-Info: nnrp.usenet.blueworldhosting.com; logging-data="17217"; mail-complaints-to="usenet@blueworldhosting.com" Cancel-Lock: sha1:cnXrI18vyB4q3ESdctwTihJyFvc= sha256:pNeQoDQxjLNSmWVaCZbBz2z/syhn3F4NnTcUnTOGxXw= sha1:E6Q/gdRlfeBc/B9OUASzHj06F3Q= sha256:nL2jSQHi2Dv8p9TXq7eN3k1XAfIEh7xg84mVB6v86no= X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-MSMail-Priority: Normal X-RFC2646: Format=Flowed; Response X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-Priority: 3 Bytes: 6026 "Don Y" <blockedofcourse@foo.invalid> wrote in message news:vaanpe$112hi$1@dont-email.me... > On 8/23/2024 7:44 AM, Edward Rawde wrote: >> Pretty much everything is on all the time here. > > I have at least three boxes running 24/7/365: > - my "network services" box (TFTP, NTP, DNS, etc.) > - this "internet access" box (isolated from the rest of the network) > - at least one workstation > Servers, SANs, NASs, laptops are more "transient" devices that come on and > off as they are needed. > >> Servers have to be or they won't be serving. And why would I want to wait >> while Windows says "You will not turn off your computer for half an hour >> while I update". Windows boxes which are mostly turned off invariably spend >> the next hour installing updates when they are turned on. > > With an air-gapped network, you don't have to bother with countless "updates" > (which can be seen as malware in and of themselves!) But I don't see how an air-gapped network is a network. I would not be able to get anything done. > > This machine runs nothing but Firefox and Tbird and HAS nothing on it of > any value (my address book? stripped of all "personal information", of > course -- even my "username" is anonymous!) So, there is nothing to lose > if "compromised" and I can restore everything in 12 minutes (the time it > takes to reload the most recent "image") > > NOT having a directly routed IP gives added protection from incoming > threats (multi-NAS). I have a cloaked server that is accessible > (Co-lo'ed) for the select persons that need access to it. Paranoia does have a lot to answer for in the cybersecurity world. I came across an individual with three virus scanners installed a few days ago. I didn't bother giving advice, I just left them to waste hours running scans. I did ask when they last found a virus and was confidently told "never". > > Why would I want to waste time updating and protecting *tools*? > >> Networks are safe if configured properly whether wired or wifi. > > That's not necessarily true. *Physical* access trumps all attempts at > protection. You haven't got a network if you need physical access. You have to be there. I could be writing this post from one country today and another tomorrow. Countries I never go to (Mostly non-English speaking countries) are blocked inbound by pfsense. That leaves "hackers" in USA and a few other countries who go on a pfsense blacklist if they are persistent. They aren't going to guess the password anyway but I don't like my logs cluttered with obvious password guessing attempts. A quick look at the firewall log shows that I'll probably add this one to the blacklist https://www.abuseipdb.com/check/104.234.229.117 > >> While it's not likely that an unauthorized user will be able to get directly >> on my LAN, that does not by itself mean that they could obtain information I >> don't want them to have. > > But that's true of any site that you visit. Even your "network identity" > can be uniquely fingerprinted by a remote service WATCHING how you access it. Not sure what you mean by that but Tor is ready for any site I don't want to "identify" to. > >> If you leave your systems off for anti hacking reasons then you have >> effectively caused a denial of service attack against yourself. > > Yup. But, you only need to make it accessible to *yourself* to avoid that > problem. Too many businesses expose more than they need to just because > limiting that exposure is harder if "everything" is hiding on the same > server with ACLs as the only practical "defense". That's usually because management don't know how anything works. and those who do prefer an "if it aint broke don't fix it" approach to avoid upsetting management with system downtime. Sometimes it's because the installation instructions for say, a database server, are followed and everything seems to work fine. But no-one pays attention to where inbound connections to 3306 might come from. > > [Do you think a 50 million LoC piece of software doesn't have tens of > thousands of latent bugs?? Bugs that can be identified, verified and > quantified without your ever being aware that this has happened?] > > Consider, carefully, what you really need access to outside of your own > physical domain. Oh I have, for a long time. So for me I can work from anywhere I might need to work from as if I was here, and all my files are here (not in any cloud). I've never had a malware issue, well not since I accidentally put an unpatched Windows 2000 box on a raw connection and got nimda. Since it was a fresh install it didn't matter. It was quickly wiped. >Then, RE-consider that! >