<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div>I was being mmm tongue in cheek, more trying to get people to discuss the issues. Thank you for contributing to the debate.</div><div><br></div><div>The Linux/OS issue is more a comment on companies were offered a secure OS but very few wanted to go down that path.</div><div><br></div><div>If you know the IOS layers email is fire and forget. But a red herring, it's the content of emails that can be of a concern, and if you remember the closest people came to hacking an OS 9 server was via what would be called a social attack. Ie carefully worded email but the attackers didn't know the admin's never used English for admin requests. A beer if you can tell me the language they used.</div><div><br></div><div>And yes showing my age on the internet.</div><div><br></div><div>I'm talking about small companies re NAS's would cyber hackers seriously spend months on a small company that is lucky to turn over 0.5-3 million. Hospitals etc are a totally different market segment. And they should implement better.</div><div><br></div><div>Cheers</div><div>Chris</div><div><br></div><div><br></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> <<a href="mailto:andrew@mcnaughty.com">andrew@mcnaughty.com</a>><br><span style="font-weight:bold">Date: </span> Wednesday, 17 May 2017 11:02 PM<br><span style="font-weight:bold">To: </span> Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>>, AUSNog <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>>, Chris <<a href="mailto:Chris@minopher.net.au">Chris@minopher.net.au</a>><br><span style="font-weight:bold">Subject: </span> Re: [AusNOG] The Ransomware to come<br></div><div><br></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div>So someone should point out how you are wrong eh?<br><br>
Regarding Linux, we can start with you being wrong because Linux is not an OS, is a kernel. What you say about a "games OS" is very definitely not true of the Gnu project (which is the nearest thing to Linux that was trying to be an OS). It's become common to refer to Gnu/Linux as just Linux, but having the Gnu project in your sights makes it a lot easier to read up on the history.<br><br>
Email becoming reliable happened about 1989, at least in the sense that that is allot when it ceased to be normal practice to call the person in the phone to check they got your email. By 1991 when the Linux project began, email was already pretty reliable. Probably more reliable than today given that people had no need for spam folders then. I think it was probably '93 before Linux became a significant part of internet mail infrastructure.<br><br>
I'm not sure what you mean by an internet directory, but I struggle to see any sense in which your A4 page reference could be read as true, unless you are talking about when network addresses were single byte (was that the 70s?).<br><br>
Your notion that a couple of NASs would deal with ransomware is simplistic. Certainly there are many simple examples, but also there are many scenarios, particularly attacking the healthcare industry, where skilled hackers are prepared to spend months of effort on a single target, finding their way into the laptops of sysadmins and developers, locating the backups, etc. Even with immaculate backup systems, a hospital is likely to prefer a $10m ransom to a full backup recovery operation, which would cost a lot more, and be more disruptive and less reliable.<br><br>
Regards<br>
Andrew McNaughton<br><br>-----Original Message-----<br>From: Chris Hurley <<a href="mailto:chris@minopher.net.au">chris@minopher.net.au</a>><br>To: Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>>, "<<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>>" <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>><br>Sent: Wed, 17 May 2017 22:26<br>Subject: Re: [AusNOG] The Ransomware to come<br><br></div><div>I'm sure some one will point out where I'm wrong but I remember the original Linux was developed as a games OS for uni students, full of holes. But when the inventors later on offered a secure version no one was interested. Microsluth had the 'market'.</div><div><br></div><div>Email was always 'best effort' no guarantee of arriving. And never had security as to content. Ie malware and I would add stupid ware. </div><div><br></div><div>Internet directory fitted on an A4 page. Dial up interconnect/bulletin boards etc.</div><div><br></div><div>Now we have multiple paths/vectors and companies not wanting to pay for security. Until too late then they hang out to dry IT.</div><div><br></div><div>Sorry I'm a little jaded. Most small/medium companies with 2 x NAS's with one off line could counter most ransome ware (until the buggers delay the pay load for 7 days) , but management won't 'spring' for the NAS's. </div><div><br></div><div>Many many companies have forgotten daily, weekly, monthly back ups off site. All in the drive to save the cost of a dozen tapes.</div><div><br></div><div>I love the anti-virus companies are now marketing we 'may' have a decode key. Mmmm do I detect extra sales pitch????</div><div><br></div><div>Only good news is a couple of our customers finally worked out the "oooh shit moment " and are likely to upgrade processes.</div><div><br></div><div>Cheers</div><div>Chris</div><div><br></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> AusNOG <<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>> on behalf of Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>><br><span style="font-weight:bold">Date: </span> Wednesday, 17 May 2017 9:45 PM<br><span style="font-weight:bold">To: </span> AUSNog <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>><br><span style="font-weight:bold">Subject: </span> Re: [AusNOG] The Ransomware to come<br></div><div><br></div><div dir="ltr"><div><div><div>Mark,<br></div>That's a good question and I'm glad you asked.<br><br></div>Once you have a security plane for your data, you can assign profiles according to the data's provenance. Integrate this with your OS security plane, including as an input to your virus scanner, with a view ultimately to preventing control plane actions (like encrypting all your data) that emanate from untrusted or untrustworthy sources from ever being allowed write access outside of the mail spool.<br><br></div><div>The basic problem being, the OS treats a control plane action on a socket the same, regardless of you're logged in from iLo, or coming remote from Ukraine. Firewalls are essentially creating an artificial security plane, but it's a bandaid, and requires you architect your network to channel all your traffic through a chokepoint. If a socket's security profile was part of the API, the profile would follow control actions up the stack, and you'd get end to end security.<br></div><div><br></div><div>Kind regards<br><br></div><div>Paul Wilkins<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 17 May 2017 at 11:12, Mark Newton <span dir="ltr"><<a href="mailto:newton@atdot.dotat.org" target="_blank">newton@atdot.dotat.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On May 14, 2017, at 3:34 PM, Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>> wrote:<br>
> My feeling is we could see Cisco invent a means of allocating SGT tags by BGP community extended to 64 bits, and some integration of 802.1x to deliver Trustsec to the desktop. The problem being, this implies separate routing tables for different security profiles, being necessarily the case, which is not something ipv6 could be made to support.<br><br></span>How, precisely, would that make any difference to the ransomware attack that sparked your creation of this thread?<br><span class="HOEnZb"><font color="#888888"><br>
- mark<br><br><br><br></font></span></blockquote></div><br></div>
_______________________________________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a></span></div></div></span></body></html>