Date: Mon, 18 May 2020 03:05:56 +0200 From: Polytropon <freebsd@edvax.de> To: "@lbutlr" <kremels@kreme.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life Message-ID: <20200518030556.3283f631.freebsd@edvax.de> In-Reply-To: <2161E572-945A-44EC-9E70-35DA3552E8BD@kreme.com> References: <20200217231452.717FA1E820@freefall.freebsd.org> <CAFYkXjmZi1-MB6W0HsMx9gHek7Xg5heoSKKWkNTnw74dxRTwAw@mail.gmail.com> <85E7C97E-EF8B-4FC7-8EF1-758B7BCBAE90@kreme.com> <05112EEC-7FA3-4E18-974B-263A58058E01@kicp.uchicago.edu> <332714B8-2798-42CF-A082-9EDA180CC65B@kreme.com> <20200516201923.8676289a.freebsd@edvax.de> <257EF587-92B5-4671-B6F4-89E86CC2ACA0@kreme.com> <20200516215437.4802660c.freebsd@edvax.de> <2161E572-945A-44EC-9E70-35DA3552E8BD@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 17 May 2020 00:33:50 -0600, @lbutlr wrote: > On 16 May 2020, at 13:54, Polytropon <freebsd@edvax.de> wrote: > > On Sat, 16 May 2020 12:56:25 -0600, @lbutlr wrote: > >> Otherwise, old OSes are porous insecure botnets-in-wait with > >> dozens or hundreds or thousands of exploits. > > > > That is true, but is significant only as far as those systems > > interact with other things, especially over Internet. > > If the computer is air-gapped, that is one thing. If the computer > is on a network and that network is air gapped, that is something > else. Oof that computer is on a network and any machines on that > network have access to the Internet, then that old insecure > machine should be assumed to be on the Internet. That is a fully valid opinion (and good description of reality). It depends on how good you can control all involved factors, and especially the "weakest links" in that chain. Luckily, for the setting I've been refering to, everything is under control. There are no "too intelligent" printers, but security-sensitive people using that specific kind of equipment. Data that goes in and out is quite restricted. There is no 100 % security, but you can at least actively try to achieve it (instead of stupid claims or "the PC told me I'm safe"). > Just look at the many exploits for non-Internet connected LAN > printers. Absolutely true. It also applies to battery chargers, fax machines or any other "smart" device that can connect to something else (!) on its own. But if your equipment is old enough, it probably won't be that "smart". ;-) A good countermeasure is to always keep complexity as low as possible. Don't obtain or store data that you don't need. Don't put functionality into the device that isn't neccessary. Test your software. Watch for compiler warnings and _act_ according to them. Check runtime warnings. Keep things simple and use established approaches to problems. Physical security is a plus. Know as much as possible about the things you're using. Understand how things work, don't rely on 3rd party services too much without proper understanding. Read the documentation. Write your own documentation. Don't add things for the sake of adding them. Think outside the box. Always wear a helmet. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200518030556.3283f631.freebsd>