[Info-vax] What to do with my VAX.....
seasoned_geek
roland at logikalsolutions.com
Wed Nov 11 11:52:56 EST 2020
On Tuesday, November 3, 2020 at 8:24:16 PM UTC-6, Arne Vajhøj wrote:
> On 10/18/2020 7:33 PM, seasoned_geek wrote:
> > On Sunday, October 18, 2020 at 12:34:14 PM UTC-5, Grant Taylor
> > wrote:
> >> On 10/18/20 3:17 AM, seasoned_geek wrote:
> >> Judicious firewalling can offer the same level of protection for
> >> the other systems without the complexity of the other protocol(s).
>
> > Not even in a fantasy world can a firewall offer the above level of
> > security and up-time.
> What you described above is a firewall.
>
> One NIC on the outside and one NIC on the inside and no way
> to the inside systems except through the 2 NIC box - that is
> what is called a firewall.
>
> And since there is no access to the inside network,
> then the security benefits of another protocol
> on the inside network are not that big.
No Arne,
Like all too many things you feel compelled to comment on, this is something you know nothing about.
The vast majority of firewalls aren't hardware at all.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_firewalls
https://openport.net/centos-firewall/
https://www.ubuntu18.com/how-to-enable-ubuntu-firewall-in-ubuntu-20-04/
https://www.windowscentral.com/how-open-port-windows-firewall
Even when one has a firewall in a router, PASSTHROUGH PORTS ARE ENABLED for many things.
https://www.tomsguide.com/us/how-to-vpn-firewall,review-139.html
A firewall isn't even remotely close to what I described. Not even on an acid trip.
A firewall is not taking a free-form XML/whatever "open" Internet message and chopping it down into a fixed field length fixed record width message for a queue. This means the people stuffing a billing characters or some other nonsense into that free format message to trigger an overrun so they can perform an SQL injection or some other hack physically can't happen. When someone tries to move a billion characters into a COBOL PIC X(25) field, what happens? The first 25 characters make it and the rest land in the bit bucket.
You are completely incorrect about Security by Obscurity as well. ALL ENCRYPTION is security by obscurity. Period.
Security breaches happen a lot.
https://www.cshub.com/attacks/articles/top-5-cyber-security-breaches-of-2019-so-far
I haven't had time to get back to it given the pandemic, passing of my father and the new book, but it appears TLS currently has a TOD sensitivity. One that could be easily exploited with a bot-net of just a few thousand computers and a few WD Black hard drives to store the data. I wanted to dedicate a few machines to generating the database but haven't had time. What assists the exploit is knowing the vast majority of XML messages have the exact same Prolog.
<?xml version="1.0" encoding="UTF-8"?>
More information about the Info-vax
mailing list