Liste des Groupes | Revenir à e design |
On 4/16/2024 9:21 PM, Edward Rawde wrote:>The internal network isn't routed. So, the only machines to worry about>
are
this one (used only for email/news/web) and a laptop that is only used
for ecommerce.
My LAN is more like a small/medium size business with all workstations,
servers and devices behind a firewall and able to communicate both with
each
other and online as necessary.
I have 72 drops in the office and 240 throughout the rest of the house
(though the vast majority of those are for dedicated "appliances")...
about 2.5 miles of CAT5.
>
...>I have an out-facing server that operates in stealth mode and won't>
appear
on probes (only used to source my work to colleagues). The goal is not
to
look "interesting".
Not sure what you mean by that.
Given what gets thrown at my firewall I think you could maybe look more
interesting than you think.
Nothing on my side "answers" connection attempts. To the rest of the
world,
it looks like a cable dangling in air...
>The structure of the house's fabric allows me to treat any individual>
node as being directly connected to the ISP while isolating the
rest of the nodes. I.e., if you bring a laptop loaded with malware into
the house, you can't infect anything (or even know that there are other
hosts, here); it's as if you had a dedicated connection to the Internet
with no other devices "nearby".
I wouldn't bother. I'd just not connect it to wifi or wired if I thought
there was a risk.
>
So, you'd have to *police* all such connections. What do you do with
hundreds
of drops on a factory floor? Or, scattered throughout a business? Can
you prevent any "foreign" devices from being connected -- even if IN PLACE
OF
a legitimate device? (after all, it is a trivial matter to unplug a
network
cable from one "approved" PC and plug it into a "foreign import")
>It's been a while since I had to clean a malware infested PC.>
My current project relies heavily on internetworking for interprocessor
communication. So, has to be designed to tolerate (and survive) a
hostile actor being directly connected TO that fabric -- because that
is a likely occurrence, "in the wild".
>
Imagine someone being able to open your PC and alter the internals...
and be expected to continue to operate as if this had not occurred!
Les messages affichés proviennent d'usenet.