Date: Fri, 14 Aug 2020 10:32:33 -0400 From: Jon Radel <jon@radel.com> To: freebsd-questions@freebsd.org Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <4d320acd-a995-7a35-5c0e-c2c22e7e6f96@radel.com> In-Reply-To: <CAGBxaX=gs57EXsm028%2B6Var89MUoGh-7d1gfPdGmbm5gPBnufA@mail.gmail.com> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <CAGBxaX=9asO=X32RucVyNz5kppPhbZc9Ayx-pyiXMBi85BeJ6w@mail.gmail.com> <20200814004312.bb0dd9f1.freebsd@edvax.de> <20200814065701.2b390145ac6d189161bc31b4@sohara.org> <173ed205550.27bc.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com> <CAGBxaX=gs57EXsm028%2B6Var89MUoGh-7d1gfPdGmbm5gPBnufA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 8/14/20 09:48, Aryeh Friedman wrote:
> On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk <tundra@tundraware.com> wrote:
>
>> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" <steve@sohara.org>
>> wrote
>>
>> Again many corporate firewalls don't allow ssh out (or in directly)
>>> because tunnelling bypasses the firewalls. And again it seems odd for a
>>> hosting company.
>>>
>>
>> ssh out is typically prohibited to lower the risk of employee transfer of
>> sensitive data to external destinations - So called Data Loss Prevention.
>> This, along with email scanning and man in the middle cert management is
>> pretty common.
>>
> Unless it is 100% air gapped with no ability to plug in portable media
> and/or record the screen then nothing is 100% immune from such loss and
> thus not allowing it makes very little sense. If on the other hand the
> idea is to limit the damage that malware/spyware can do then it makes sense
> (even if someone does in [accidentally] install malware/spyware it can not
> send the results of its dirty work anywhere).
>
Untrue. As the CISO at my latest employer said to me (paraphrasing
some, as it's been a while):
You and I know how to circumvent the restrictions, but the vast majority
of the staff hasn't a clue. This cuts down the noise I have to wade
through.
-----
And back to the main topic of this thread: What does your lawyer say
about your client that is huffing and puffing threats over your
inability to perform magic to paper over their unwise contracting
actions in regard to a different vendor? Seems to me that you left the
land of technology a ways back on this one.
Actually, better yet, you probably don't want to discuss that on a
public list......
Good luck.
--
--Jon Radel
jon@radel.com
[-- Attachment #2 --]
0 *H
010
`He�0 *H
��
00Πj8;+kٸRV0
*H
�01
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z01
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0"0
*H
��0
�W(vu@8v!P%y
L}:X>1.4vلj=4HK hyt4z|e`'"2@rF5P3*UT+%4D5+
ZSu+=7F_Zte
>)
94Fro8pNhFF#Ne6/M{UWֱmAYT"o)CI m84$.zW4 r^M9,R$
�<080 U
#0~=<8220
U
la| =+qH^ċ0U
0U
0�0U
00U
�0LU
E0C0A?=;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+0/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0http://ocsp.comodoca.com0
*H
��x\(4O<_VΟV쏢kI/5@qB
!fk&kn{hJd| q[Lǿᓬ?"@fCOݐrX
urJH5;#68jle) )Y4Nezyq{:�kx%iچ:w#f6HLP~jo9KXnM#:!!6
9i\}^M;TSX7 ̯3]Tc6O$voX*5!4.aKE8HIĹ7?
Ar}r# �R/h<סnuy<1 3mɔv#~&p
vg' skMH#/ƨ$/uX
qTu(|^-vM҆NKX7fA\X5sh2qP\YǟENRarpGtZp
_" k7Dd JVGz00Ԡt$a,w0
*H
�01
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
180304000000Z
210303235959Z01
0 UUS10
U221501
0 UVA10U
Springfield10U 6917 Ridgeway Dr.10U
Jon T. Radel1200U
)Issued through Jon T. Radel E-PKI Manager1 0
U
Corporate Secure Email10U Jon Radel1
0 *H
jon@radel.com0"0
*H
��0
�
LNuOpS#OfK!UdYo
/Ǡ8,K +3ڄdI̓ h3f8\/9N
6(6/FY~˩
I¯
.~1$#DT]
~8҄YO7+8b °$aEr]bW8ECIGJZ
tTK�5ڈhӎڀ6Pc
3=dEH�00 U
#0la| =+qH^ċ0
U
t
ZI&Ҝ0U
0
U
0�0
U
%0++0FU
?0=0;
+10+0)+
https://secure.comodo.net/CPS0ZU
S0Q0OMKIhttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl0+0}0U+0Ihttp://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0U
0
jon@radel.com0
*H
��T4iYDP#3oN]k|QϵH2q-®%WK0P3c[7Г<w'A\|MkY&~X;#
`+;ok&I
sݕ?CfpHwg2
5A~=f|M~^=ArZSYQ-4A;֎n9hEkh
l^}Ky2B|(T]:1501001
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0
`He�Y0 *H
1
*H
0
*H
1
200814143233Z0/ *H
1" =i7hhT)qDc
B]sc0l *H
1_0]0
`He*0
`He0
*H
0*H
�0
*H
@0+0
*H
(0 +71001
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0
*H
101
0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0
*H
��maEm
KGC*g|~Зo$)!Fi$
m/jw+"!T1؈'.`
O NK3Ix6u^Z:"b cp ǠCZmw]^V6?}4Kn۾#vPvkKM,_4m2DGmztV23ISu#/P3),&Cm}CE<
0M.J
9|
E"sL
NV]A>à!&їt������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d320acd-a995-7a35-5c0e-c2c22e7e6f96>