FreeBSD Mail Archives

Date:      Thu, 13 Aug 2020 16:39:43 -0400
From:      Jon Radel <jon@radel.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: OT: Dealing with a hosting company with it's head up it's rear end
Message-ID:  <451a71db-d3aa-ed2b-3d3e-362081a9acea@radel.com>
In-Reply-To: <CAGBxaX=9asO=X32RucVyNz5kppPhbZc9Ayx-pyiXMBi85BeJ6w@mail.gmail.com>
References:  <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <CAGBxaX=9asO=X32RucVyNz5kppPhbZc9Ayx-pyiXMBi85BeJ6w@mail.gmail.com>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
On 8/13/20 16:12, Aryeh Friedman wrote:
> On Thu, Aug 13, 2020 at 3:59 PM André Boon <freebsd@andreboon.nl> wrote:
>
>>
>> On Thursday, August 13, 2020, Aryeh Friedman wrote:
>>> On Thu, Aug 13, 2020 at 3:04 PM Jack L. <xxjack12xx@gmail.com> wrote:
>>>
>>>> Just change the ssh/rdp ports?
>>>>
>>>>
>>> All ports except 80 and 25 are firewalled
>>>
>> Are you sure port 443 isn't open as well? I would expect so if port 80 is
>> available. That would allow port 80 to be used for SSH if you're OK with
>> only providing HTTPS.
>>
> They have a whacko firewall config that will eat 443/decrypt it/forward it
> on as plain http via a proxy on the firewall
>
>
Well, the availability of TLS off-load is arguably a feature, but to
require the use of it...  Apparently they acquired a security consultant
with a rather limited, and limiting, view of how the world works.  Or
even worse, they don't have a security expert involved and are making it
up as they go.

Much as it pains me to say this, it's probably time to involve the
lawyers and figure out whether the contract has been explicitly or
implicitly breached and see if you can shed the vendor without too big
an expense.   This probably comes down to the extent this project was
discussed as part of the sales process and what representations about
suitability the provider might have made.

And then move to an IaaS provider that gives you direct control over
most of these matters and leave this wacky little PaaS provider to the
market they appear to be aiming for--presumably WordPress sites and the
like.

-- 
--Jon Radel
jon@radel.com



[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
���0��0�Πj��8;�+k��ٸ�RV0
	*�H��
0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0�"0
	*�H��
�0�
����W�(vu@�8���v!P�%yL���}:X>��1.��4vلj��=4H���������K �hyt4�z|��e`'�"��2��@rF5��P�3*U�T��+�%4D5��+
���ZS�u+��=7F_��Z��t����e���
�>)�
��94�F���ro�8��pN��h�FF���#���Ne6���/M{UW���ֱ�m���A��Y����T"o�)�CI�	����m8�4$.zW4 ��r�^M9,R��$
����<0�80U#0���~=���<����8���22�0U��l�����a|�=+qH^ċ�0U��0U�0�0U 
00U 0LUE0C0A�?�=�;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+0�/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0�http://ocsp.comodoca.com0
	*�H��
�x\��(4O<�_VΟ�V쏢k���I��/5��@��q���B!�f�k&k�n���{hJd|�� q��[��L���ǿᓬ�?���"@�f�C���O�ݐrX�ur���J�H5;#���6����8�jle��) �)Y���4N�ezyq{:��������k�x��%���iچ:w#f6�H�LP~jo9KX��n��M������#:�!!6�����9i\���}�^�M�;�TSX�7�	̯�3�]����Tc�6�O$�v�oX�*5!���������4��������.��a���KE8�HI�Ĺ7�?������Ar���}�r#� ��R�/�h�<�ס��n���uy<1	3�mɔv�#��~&�p��v�g�' s��kMH#��/ƨ����$/uX�q��T���u�(�|�^�-vM҆�NKX�7fA\X��5s��h2���q����P�\Yǟ�E��NR�ar��pG��tZ�p��_"���k�7Dd�JVG�z0��0�Ԡt�$�a�,�w��0
	*�H��
0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
180304000000Z
210303235959Z0��10	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*�H��
	
jon@radel.com0�"0
	*�H��
�0�
����LNuOp�S#Of�K��!�Ud�Y�o�����
/�Ǡ8,��K�� ���+��3ڄ�d���I̓�h���3f8\��/�9N���6(6/F�Y~�˩��I�¯.��~�1$�#�D���T����]�~�8�҄��Y�O�7+����8b�°$�a��E��r]��b��W�8���EC��I�GJ����Z��
���t�T���K��5�ڈh�ӎڀ6�P�c�
3=�dE����H����0��0U#0���l�����a|�=+qH^ċ�0Ut�����Z�I&����Ҝ0U��0U�00U%0++0FU ?0=0;+�10+0)+https://secure.comodo.net/CPS0ZUS0Q0O�M�K�Ihttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl0��+0}0U+0�Ihttp://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt0$+0�http://ocsp.comodoca.com0U0�
jon@radel.com0
	*�H��
�T4�i��YDP�#��3�������oN]k�|����Q�ϵ���H�2q-�®��%WK0���P�3c�[��������7Г��<�w�'A\�|M��kY&~��X����;#���`+�;���ok&��I��sݕ?���Cf������p���H�wg2�
�5����A�~���=���f|M��~^=�A�rZSYQ-4�A��;���֎�n��9h����Ek��h�l^}K�y�2B�|(���T]:1�50�10��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt�$�a�,�w��0
	`�He��Y0	*�H��
	1	*�H��
0	*�H��
	1
200813203943Z0/	*�H��
	1" {���g}0�`4^�_�B��5P�2��.LG"�0l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt�$�a�,�w��0��*�H��
	1�����0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt�$�a�,�w��0
	*�H��
��Fg�}�<�>A�V���0��f&1��{ޞ������RV��O��K$My2�C�(���P`��ʻ��c�"г9U���Q,�F�`�aq�^��q����{��
3�`Iv�
�jSU�2��ć��Me0���.��w<F��.��I�q����<H��}H�	([�=E=��H@Z}ޜ��
�-Q�Z�pu18��dP�ո?KE�eܞ���('�/e��]���Q��:X��[��wtB�H�E��9�H��.�Skz}T_�

help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451a71db-d3aa-ed2b-3d3e-362081a9acea>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation