OT: Dealing with a hosting company with it's head up it's rear end

Jerry jerry at seibercom.net
Sat Aug 15 12:21:53 UTC 2020

On Fri, 14 Aug 2020 21:37:06 +0200, Polytropon stated:
>On Fri, 14 Aug 2020 10:44:35 -0400, Aryeh Friedman wrote:
>> On Fri, Aug 14, 2020 at 10:32 AM Jon Radel <jon at radel.com> wrote:
>> > On 8/14/20 09:48, Aryeh Friedman wrote:  
>> > > On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk
>> > > <tundra at tundraware.com>  
>> > wrote:  
>> > >  
>> > >> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith"
>> > >> <steve at sohara.org> wrote
>> > >>
>> > >>  Again many corporate firewalls don't allow ssh out (or in
>> > >> directly)  
>> > >>> because tunnelling bypasses the firewalls. And again it seems
>> > >>> odd for a hosting company.
>> > >>>  
>> > >> ssh out is typically prohibited to lower the risk of employee
>> > >> transfer  
>> > of  
>> > >> sensitive data to external destinations - So called Data Loss  
>> > Prevention.  
>> > >> This, along with email scanning and man in the middle cert
>> > >> management is pretty common.
>> > >>  
>> > > Unless it is 100% air gapped with no ability to plug in portable
>> > > media and/or record the screen then nothing is 100% immune from
>> > > such loss and thus not allowing it makes very little sense.   If
>> > > on the other hand the idea is to limit the damage that
>> > > malware/spyware can do then it makes  
>> > sense  
>> > > (even if someone does in [accidentally] install malware/spyware
>> > > it can  
>> > not  
>> > > send the results of its dirty work anywhere).
>> > >  
>> > Untrue.  As the CISO at my latest employer said to me (paraphrasing
>> > some, as it's been a while):
>> >
>> > You and I know how to circumvent the restrictions, but the vast
>> > majority of the staff hasn't a clue.  This cuts down the noise I
>> > have to wade through. 
>> Oh great security by obfuscation!  Sounds like the CSIO missed the
>> first day of security 101.    False sense of security is always a
>> bad idea.  
>But but but we are ISO-9660 certified! And we have that expensive
>snake oil sprinkled everywhere! ;-)
>There are measures that do not "add security", but can help to
>limit the line noise. A typical example is moving SSH to some
>non-standard port: That doesn't prevent anyone to perform a
>port scan and connect to that non-standard port, but it limits
>the fun for skript kiddies that connect as "Administrator" on
>the default SSH port.
>Those who _want_ to extract data will find a way. As it has
>been mentioned, a screen capture send per e-mail, or a screen
>photo taken with the private smartphone will work. There are
>so many possibilities of data extraction that you cannot stop
>with a firewall rule...
>> > And back to the main topic of this thread:  What does your lawyer
>> > say about your client that is huffing and puffing threats over your
>> > inability to perform magic to paper over their unwise contracting
>> > actions in regard to a different vendor?  Seems to me that you
>> > left the land of technology a ways back on this one.
>> >
>> Actually the client has signed the one piece of paper we needed to
>> move forward which is a waiver of liability for stuff we said was
>> inherently risky (in writing) before we started the work.   It
>> should also be noted that due to lack of competance by the hosting
>> company and by the equipment supplier we have become the client's
>> defecto IT dept. Even though we were originally hired as programmers
>> only (this means when push comes to shove the client almost always
>> trusts us over anyone else and for the most part "I will find
>> someone else '' is just his lack of social graces and not an actual
>> threat).  
>Tell them you're "devops" now. :-)

I have a suggestion on how to rectify this supposed problem that is
causing Aryeh Friedman all this frustration and agita.

The basis behind any successfully capitalistic society is the ability
of an individual or consortiums to create and manage their own
businesses. Since Aryeh obviously feels that he is the smartest man or
woman in the room, and the ultimate authority on the operation of
'cable/hosting companies', why doesn't he simply assemble a group of
supporters and other financial institutions to back his creation of a
new "Supreme" hosting company, created in his own likeness and bound to
his rules.

Now that sounds like a perfect solution to me. Besides, as my old
grandpa use to say, "You can curse the darkness or light a candle. In
either case, shut the f*%K up."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200815/cd060c21/attachment.sig>

More information about the freebsd-questions mailing list