Forgot your password?
typodupeerror

Comment: Re:This has happened before (Score 2) 273

by pacman on prozac (#46107887) Attached to: UK Government May Switch from MS Office to Open Source

That's exactly what it'll be this time too.

There is little chance that UK govt would get rid of all the grey IT VB/Office hacks they have running business critical services. The larger, better funded organisations have been trying to centralise and standardise their IT for years and those guys have barely even started scraping the surface. It'd take decades and cost far more than £200mil.

Comment: Re: i hope people with SCADA systems learned. (Score 1) 195

by pacman on prozac (#45932853) Attached to: Hackers Gain "Full Control" of Critical SCADA Systems

You can make it accessible without putting it on the public Internet.

A lot of the companies who run SCADA devices will already have some form of MPLS WAN, most providers can give you DSL links onto that network rather than Internet. Lets you reach the device but doesn't let the rest of the world.

Or if that's not an option then stick a cheap VPN endpoint infront of it and run the comms over IPSec.

Comment: Re:Some ideas (Score 1) 884

by pacman on prozac (#42971709) Attached to: Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?

The problem with hiding the SSID is not so much how it affects the wireless network but how it affects the wireless client machines.

Once joined to that WLAN, the machine will broadcast probes containing that SSID everywhere it goes.

That may also leave the clients open to MITM if an attacker sets up another AP with the same SSID. Not sure if this works in practice.

Comment: Re:Three birds with one stone (Score 1) 445

by pacman on prozac (#42609651) Attached to: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

But Skype is running on the internal network, of course it can punch holes in the NAT device. The concern is for unsolicited access from the outside which will not make it through NAT.

How exactly do you think Skype will work through a stateful firewall? It'll result in exactly the same techniques being used, the client will send an outbound "dummy" packet to allow the relevant incoming UDP traffic when the router things it's part of the same connection. Sure there will be 1/10000 customers who can go onto their firewall and open the incoming port, most people will not so these hacks will be around for a long time to come.

Comment: Re:Corporations should not pay taxes on profits (Score 1) 592

by pacman on prozac (#42418969) Attached to: Facebook Paid 0.3% Taxes On $1.34 Billion Profits

In terms of investors with shares who get dividends, UK dividends come with a "tax credit" that can be subtracted from the individuals tax bill. I think the general idea is the tax credit is the amount of corporation tax that the original company has paid so it avoids being double taxed. Not sure if the USA does something similar.

It is a nice idea to move the taxation onto the individuals. But I think it's a bit of a huge solution to a problem where a simpler fix would be to stop letting companies claim international consultancy as deductible and put a bit more rigor into checking their international costs for tax deductibles, e.g. if Facebook Cayman rents Facebook Ireland a $3k server for $300k/year then it's not quite right and can be looked at under the current laws for tax avoidance.

Comment: UKs "new" Government Network is IPv4 (Score 4, Interesting) 100

by pacman on prozac (#42220773) Attached to: UK Organization Set Up To Encourage IPv6 Adoption Closes

The UK is currently in the process of developing & deploying a network for government agencies to use called the PSN (public services network). It's sort of a replacement for the GSI. It runs on IPv4, most likely using the DWP address space discussed here.

Pretty much all the UK telcos & several global network manufacturers are involved with the PSN so it's a real missed opportunity that they didn't go with IPv6 for it.

Comment: Re:Server (Score 1) 140

by pacman on prozac (#40260613) Attached to: Ask Slashdot: Enterprise-Grade Linux Networking Hardware?

That's the classical definition but the meaning is evolving, these days I would say it's more accurate to consider hardware forwarding decisions is switching and software/CPU-based forwarding is routing.

As for the original question, lots of networking kit uses Linux behind the scenes. Checkpoint splat platform is Linux (IPSO is FreeBSD), I think Mcafee Sidewinder is too, Cisco ASA was a Linux kernel with an IOS-like shell stuck on it (not sure about the new ones). Bluecoat SGOS is very Linux-like but not sure how close it is in reality.

The difficulty is the lack of hardware forwarding, Enterprise networking kit doesn't generally use fast busses or big backplanes to shift packets, it uses proprietary ASICs to handle the packet processing and forwarding at line rate. You can't just buy a top end server, stick TCP-offloading 10Gbps NICs in it and expect it to firewall at 10Gbps. Although that said a lot of "enterprise" firewalls that are sold as 1Gbps struggle to hit 200Mbps and they still sell plenty of boxes.

Comment: Firewall the boundary - all that's needed (Score 1) 78

by pacman on prozac (#33433122) Attached to: Misconfigured Networks Main Cause of Breaches

There's a lot of comments saying "use a decent firewall and you're sorted".

On any non-trivial network, if the only security in place is a firewall on the boundary then you're probably one of the 3/4 of easily exploitable networks mentioned in the article.

Viruses, social engineering, playing with applications that are allowed through (e.g. HTTPS web apps), dial-ins, wireless, abusive staff, there is a never ending list of attack vectors if you only pay attention to the perimeter. Like the article says: 43% of respondents view planting a rogue member of staff inside a company as one of the most successful hacking methodologies..

Ma Bell is a mean mother!

Working...