Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Its not like Microsoft "secure" XP anyway? (Score 1) 137 137

Problem is they also need to be very careful about any files with scripts, like office docs, PDFs, etc. Then anything that uses built in OS libraries, such as image files, SSL connections, etc.

That gets hard, anti-virus is severely limited unless it does proper heuristics which seems to be rare, there are whiteboxing technologies but they are expensive and not foolproof. At some point you need to either isolate those legacy systems from the rest of the world or upgrade them.

Comment Re:marketing (Score 1) 101 101

And then get harassed to produce numbers to prove your point and more numbers to show how your suggestions will help reduce the risk and then even more numbers to show what the ROI to securing their IT is....

If you can't show how your suggestions will reduce risk then why would you expect a business to spend time and money implementing them.

Comment Re:This has happened before (Score 2) 273 273

That's exactly what it'll be this time too.

There is little chance that UK govt would get rid of all the grey IT VB/Office hacks they have running business critical services. The larger, better funded organisations have been trying to centralise and standardise their IT for years and those guys have barely even started scraping the surface. It'd take decades and cost far more than £200mil.

Comment Re: i hope people with SCADA systems learned. (Score 1) 195 195

You can make it accessible without putting it on the public Internet.

A lot of the companies who run SCADA devices will already have some form of MPLS WAN, most providers can give you DSL links onto that network rather than Internet. Lets you reach the device but doesn't let the rest of the world.

Or if that's not an option then stick a cheap VPN endpoint infront of it and run the comms over IPSec.

Comment Re:Some ideas (Score 1) 884 884

The problem with hiding the SSID is not so much how it affects the wireless network but how it affects the wireless client machines.

Once joined to that WLAN, the machine will broadcast probes containing that SSID everywhere it goes.

That may also leave the clients open to MITM if an attacker sets up another AP with the same SSID. Not sure if this works in practice.

Comment Re:Three birds with one stone (Score 1) 445 445

But Skype is running on the internal network, of course it can punch holes in the NAT device. The concern is for unsolicited access from the outside which will not make it through NAT.

How exactly do you think Skype will work through a stateful firewall? It'll result in exactly the same techniques being used, the client will send an outbound "dummy" packet to allow the relevant incoming UDP traffic when the router things it's part of the same connection. Sure there will be 1/10000 customers who can go onto their firewall and open the incoming port, most people will not so these hacks will be around for a long time to come.

Comment Re:Corporations should not pay taxes on profits (Score 1) 592 592

In terms of investors with shares who get dividends, UK dividends come with a "tax credit" that can be subtracted from the individuals tax bill. I think the general idea is the tax credit is the amount of corporation tax that the original company has paid so it avoids being double taxed. Not sure if the USA does something similar.

It is a nice idea to move the taxation onto the individuals. But I think it's a bit of a huge solution to a problem where a simpler fix would be to stop letting companies claim international consultancy as deductible and put a bit more rigor into checking their international costs for tax deductibles, e.g. if Facebook Cayman rents Facebook Ireland a $3k server for $300k/year then it's not quite right and can be looked at under the current laws for tax avoidance.

Comment UKs "new" Government Network is IPv4 (Score 4, Interesting) 100 100

The UK is currently in the process of developing & deploying a network for government agencies to use called the PSN (public services network). It's sort of a replacement for the GSI. It runs on IPv4, most likely using the DWP address space discussed here.

Pretty much all the UK telcos & several global network manufacturers are involved with the PSN so it's a real missed opportunity that they didn't go with IPv6 for it.

Comment Re:Server (Score 1) 140 140

That's the classical definition but the meaning is evolving, these days I would say it's more accurate to consider hardware forwarding decisions is switching and software/CPU-based forwarding is routing.

As for the original question, lots of networking kit uses Linux behind the scenes. Checkpoint splat platform is Linux (IPSO is FreeBSD), I think Mcafee Sidewinder is too, Cisco ASA was a Linux kernel with an IOS-like shell stuck on it (not sure about the new ones). Bluecoat SGOS is very Linux-like but not sure how close it is in reality.

The difficulty is the lack of hardware forwarding, Enterprise networking kit doesn't generally use fast busses or big backplanes to shift packets, it uses proprietary ASICs to handle the packet processing and forwarding at line rate. You can't just buy a top end server, stick TCP-offloading 10Gbps NICs in it and expect it to firewall at 10Gbps. Although that said a lot of "enterprise" firewalls that are sold as 1Gbps struggle to hit 200Mbps and they still sell plenty of boxes.

Syntactic sugar causes cancer of the semicolon. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...