[Info-vax] OpenVMS x64 Atom project

[Stephen Hoffman]

On 2021-06-03 18:39:41 +0000, Arne Vajhj said:

> On 6/3/2021 2:25 PM, Dave Froble wrote:
>> On 6/3/2021 1:04 PM, Bill Gunshannon wrote:
>>> Why are critical systems even on the Internet?

They're not. With recent attacks—ransomware stuff is a booming 
business—those servers don't need to be.

>> Why ask me, I think it's crazy.

A foothold on the internal networks makes for a Bad Day, as Target and 
various others have discovered. As some of us reading here may or will 
discover, too.

> Some attacked systems are not on the internet.

Few of the critical systems attacked have been.

And as for other folks, there are already OpenVMS systems hosted, and 
there'll be more added as the OpenVMS x86-64 port reaches production.

> But if they are connected to systems that are connected to systems that 
> are connected to the internet then ...

Approximately nobody maintains their core servers air-gapped, as RSA 
discovered with their "air-gapped" servers ~ten years ago and was just 
recently reported. RSA's sort-of-airgap got bagged by not having 
rate-limited APIs, and not having detection. By something they hadn't 
expected to happen, and hadn't detected when it did.

Have a fresh look at your assumptions, and at how you're currently 
securing your production apps and data, at how your app security is 
designed and implemented, and at how you're going to restart your apps 
(and app dependencies including OpenVMS servers) if Bad happens.  Have 
a fresh look at your apps and servers and your server and network 
instrumentation; at how you're going to detect integrity and security 
problems when or preferably ahead of when things go bad, too.

Related reading: https://cloud.google.com/security/infrastructure/design

For those of us that don't have to implement and migrate to these 
networks and these designs, our apps can still have to function within 
these newer designs.




-- 
Pure Personal Opinion | HoffmanLabs LLC