[Info-vax] HTTP and HTML File Upload Basics

[Arne Vajhøj]

On 10/23/2020 6:50 PM, Scott Dorsey wrote:
> Phillip Helbig (undress to reply) <helbig at asclothestro.multivax.de> wrote:
>> In article <rmv346$1sl$1 at dont-email.me>, Simon Clubley
>> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>>>> Of course, being on private networks, these aren't publicly visible.
>>>
>>> Are you sure ? :-)
>>>
>>> For example, at one time, network printers were merely devices for
>>> printing on sheets of paper.
>>>
>>> Now they can also be used to compromise the rest of the network.
>>
>> I mean something on a network 192.168.1.*.  You can't connect to that IP
>> address from the outside world unless some gateway is involved, and you
>> have control over where requests from outside go to.  As an example,
>> they could all go to one machine, or some cluster address, but other
>> machines on the network aren't visible from outside.  Sure, if you get
>> inside the door, then you can go into another room, but that is a common
>> problem and has nothing to do with VMS.
> 
> I think he is pointing out that since it is increasingly easier for people
> to get inside the door thanks to devices like network printers which can be
> turned into devices that open outgoing connections to servers that feed them
> commands to do evil, that many people are no longer willing to consider their
> internal network to be the isolated garden that they once did.
> 
> And no, that problem has nothing to do with VMS, but it means that you need
> to either prepare VMS systems as if they were on external networks even when
> they are not, or make that much more effort to keep isolated networks isolated
> even in the face of misguided employees who plug wifi-enabled printers into
> them which might inadvertently gateway wifi devices to the internal net.

There should be a firewall between PC & printer LAN and the servers.

Arne