| Deutsch English Français Italiano |
|
<vd8kq7$1i1be$1@news.trigofacile.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.2001:861:3f82:d7c0:b9b5:c706:a4df:8d22!not-for-mail From: =?UTF-8?Q?Julien_=C3=89LIE?= <iulius@nom-de-mon-site.com.invalid> Newsgroups: news.admin.hierarchies,news.software.nntp Subject: Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain) Date: Sat, 28 Sep 2024 12:12:23 +0200 Organization: Groupes francophones par TrigoFACILE Message-ID: <vd8kq7$1i1be$1@news.trigofacile.com> References: <1f19a554-8a81-ce8c-8ac6-7ab1e053a632@isc.org> <66f787ad$1@news.ausics.net> <8m1q14ku79.fsf@raybanana.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sat, 28 Sep 2024 10:12:23 -0000 (UTC) Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="2001:861:3f82:d7c0:b9b5:c706:a4df:8d22"; logging-data="1639790"; mail-complaints-to="abuse@trigofacile.com" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:3jusuILI4SCaoesiQrX9nen/W04= sha256:BhZWIk94xEPnMmD0F0ZozmwsLJKIAYUolEoPTKCc3+U= sha1:Q6r7WvsPp+OWMKIlqM7tCYpK5Ac= sha256:mGtNKa1ieLRLscNoIeqiGx4XQpNK97jzuEt/MDDbqlQ= In-Reply-To: <8m1q14ku79.fsf@raybanana.net> Bytes: 3663 Lines: 46 Hi Wolfgang, >>> However, as ISC also offers support contracts for BIND and Kea, and >>> those customers have their own due diligence policies, we are often >>> subject to scrutiny and audits about how our network runs, and even for >>> a venerable URL like ftp.isc.org, we get questions from auditors like >>> "did you know you have a public FTP server on your network! Why!?" > > I've been working for several large companies that are legally required > to carry out annual audits of their IT infrastucture, both internal and > outsourced, and had to deal with external auditors from PWC, KPMG and > E&Y, to name just a few, and I know that it's absolutely impossible to > argue with external auditors and your customers' management if you care > about your mental health. They will drag you down to their level and > beat you with experience, so ISC is not to blame, IMHO. You are doing well to remind that. I also regularly see external audits on some critical systems used for the public transport in Paris where I work, and we are just asked to follow the recommendations, not to counter-argument them. For the most vital systems, a certification is needed by the ANSSI in France. I think it is a bit like the NSA in the USA or the BSI in Germany. Quoting Wikipedia: "The French National Agency for the Security of Information Systems is a French service created on 7 July 2009 with responsibility for computer security. ANSSI reports to the Secretariat-General for National Defence and Security (SGDSN) to assist the Prime Minister in exercising his responsibilities for defence and national security. The agency ensures the mission of national authority security of information systems. As such it is responsible for proposing rules for the protection of state information systems and verify the implementation of measures adopted. In the field of cyber defence, it provides a monitor, detect, alert and reaction to computer attacks, especially on the networks of the State." So I totally understand Dan's position. As far as INN is concerned, I'll soon provide an updated version of actsyncd which currently can only synchronize the active file from FTP and NNTP external sources. I'll add support for HTTP(S). -- Julien ÉLIE « Audentes fortunat iuvat. » (Virgile)