OT: Dealing with a hosting company with it's head up it's rear end

[Aryeh Friedman]

On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk <tundra at tundraware.com> wrote:

> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" <steve at sohara.org>
> wrote
>
>  Again many corporate firewalls don't allow ssh out (or in directly)
>> because tunnelling bypasses the firewalls. And again it seems odd for a
>> hosting company.
>>
>
>
> ssh out is typically prohibited to lower the risk of employee transfer of
> sensitive data to external destinations - So called Data Loss Prevention.
> This, along with email scanning and man in the middle cert management is
> pretty common.
>

Unless it is 100% air gapped with no ability to plug in portable media
and/or record the screen then nothing is 100% immune from such loss and
thus not allowing it makes very little sense.   If on the other hand the
idea is to limit the damage that malware/spyware can do then it makes sense
(even if someone does in [accidentally] install malware/spyware it can not
send the results of its dirty work anywhere).

 But for the hosting company in question this seems to not be a concern we
have had to clear some accidentally installed bitcoin miner off the windows
machine 5 times in the last year even with all these "safeguards".


-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org