Re: Re:Predictive failures

On 4/16/2024 9:21 PM, Edward Rawde wrote:

The internal network isn't routed.  So, the only machines to worry about
are
this one (used only for email/news/web) and a laptop that is only used
for ecommerce.

 My LAN is more like a small/medium size business with all workstations,
servers and devices behind a firewall and able to communicate both with each
other and online as necessary.

I have 72 drops in the office and 240 throughout the rest of the house
(though the vast majority of those are for dedicated "appliances")...
about 2.5 miles of CAT5.
I have no desire to waste any time installing the latest OS & AV updates,
keeping an IDS operationally effective, etc.  My business is designing
devices so my uses reflect that -- and nothing else.
"Patch Tuesday?"  What's that??  Why would I *want* to play that game?

I wouldn't want to give online security advice to others without doing it
myself.

The advice I give to others is to only leave "exposed" what you absolutely
MUST leave exposed.  Most of my colleagues have adopted similar strategies
to keep their intellectual property secure; it's a small inconvenience
to (physically) move to a routed workstation when one needs to check email
or chase down a resource online.

I have an out-facing server that operates in stealth mode and won't appear
on probes (only used to source my work to colleagues).  The goal is not to
look "interesting".

 Not sure what you mean by that.
Given what gets thrown at my firewall I think you could maybe look more
interesting than you think.

Nothing on my side "answers" connection attempts.  To the rest of the world,
it looks like a cable dangling in air...

The structure of the house's fabric allows me to treat any individual
node as being directly connected to the ISP while isolating the
rest of the nodes.  I.e., if you bring a laptop loaded with malware into
the house, you can't infect anything (or even know that there are other
hosts, here); it's as if you had a dedicated connection to the Internet
with no other devices "nearby".

 I wouldn't bother. I'd just not connect it to wifi or wired if I thought
there was a risk.

So, you'd have to *police* all such connections.  What do you do with hundreds
of drops on a factory floor?  Or, scattered throughout a business?  Can
you prevent any "foreign" devices from being connected -- even if IN PLACE OF
a legitimate device?  (after all, it is a trivial matter to unplug a network
cable from one "approved" PC and plug it into a "foreign import")

It's been a while since I had to clean a malware infested PC.

My current project relies heavily on internetworking for interprocessor
communication.  So, has to be designed to tolerate (and survive) a
hostile actor being directly connected TO that fabric -- because that
is a likely occurrence, "in the wild".
Imagine someone being able to open your PC and alter the internals...
and be expected to continue to operate as if this had not occurred!