OT: Dealing with a hosting company with it's head up it's rear end
Jon Radel
jon at radel.com
Fri Aug 14 14:32:39 UTC 2020
On 8/14/20 09:48, Aryeh Friedman wrote:
> On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk <tundra at tundraware.com> wrote:
>
>> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" <steve at sohara.org>
>> wrote
>>
>> Again many corporate firewalls don't allow ssh out (or in directly)
>>> because tunnelling bypasses the firewalls. And again it seems odd for a
>>> hosting company.
>>>
>>
>> ssh out is typically prohibited to lower the risk of employee transfer of
>> sensitive data to external destinations - So called Data Loss Prevention.
>> This, along with email scanning and man in the middle cert management is
>> pretty common.
>>
> Unless it is 100% air gapped with no ability to plug in portable media
> and/or record the screen then nothing is 100% immune from such loss and
> thus not allowing it makes very little sense. If on the other hand the
> idea is to limit the damage that malware/spyware can do then it makes sense
> (even if someone does in [accidentally] install malware/spyware it can not
> send the results of its dirty work anywhere).
>
Untrue. As the CISO at my latest employer said to me (paraphrasing
some, as it's been a while):
You and I know how to circumvent the restrictions, but the vast majority
of the staff hasn't a clue. This cuts down the noise I have to wade
through.
-----
And back to the main topic of this thread: What does your lawyer say
about your client that is huffing and puffing threats over your
inability to perform magic to paper over their unwise contracting
actions in regard to a different vendor? Seems to me that you left the
land of technology a ways back on this one.
Actually, better yet, you probably don't want to discuss that on a
public list......
Good luck.
--
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200814/208d3043/attachment.bin>
More information about the freebsd-questions
mailing list