• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

IT Staff Rant O' The Day

A

Armitage

Banned
So we have a stand-alone Linux workstation for some classified work. No network at all. Accesible by, at last count, 4 people., locked away in a secured area. The only media introduced to this system comes from similarly locked down systems in the form of compressed data files on CD or USB HD.

Our IT security guy decides that this box really needs anti-virus protection :roll:
So he puts ClamAV on it - from the documentation:

Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways.
Click to expand...

This box has a huge amount of compressed data on it, which gives this thing fits. It spends about 3 days running the weekly virus scan, pegging one of the CPUs and most of the IO performance in the process.

Of course, if you question this stuff, you get this holier-then-thou "aren't you concerned about security??" attitude.

Oh well ... I'll just kick it up to my boss ... that's why they pay him the big bucks I guess.
 
But, now it's protected against all the viruses it'll never get since it's not plugged into the network!

Piss in the coffee pot.
 
I read it because I didn't know if I would care, but now that I've read it: I don't. Who the hell cares about your silly work problems :|


😉 just kidding, of course

I'd say this sounds like an opportunity to argue for the most ridiculously expensive hardware money can buy (for a workstation, at least) 🙂. If that would make much of an improvement, that is. But realistically, couldn't you just scan everything that comes in on the cds and keys and leave it at that?
 
Originally posted by: SpunkyJones
Originally posted by: Transition
But what about airborne viruses. . . .
Click to expand...

True, thats a very underated issue. 😛
Click to expand...

meh ... the room is definitely pigeon proof as well 😛

More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
 
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
 
Originally posted by: kamper
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
Click to expand...

Yea, I figure a 300GB HD probably masses about the same as a coconut ... there's some bandwidth for ya!
There's still the matter of how to grip it though 😕
 
Originally posted by: Armitage
Originally posted by: kamper
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
Click to expand...

Yea, I figure a 300GB HD probably masses about the same as a coconut ... there's some bandwidth for ya!
There's still the matter of how to grip it though 😕
Click to expand...

That's simple, you take two swallows and tie the coconut, erm, hd between them with two strings!
 
Originally posted by: Armitage
Originally posted by: SpunkyJones
Originally posted by: Transition
But what about airborne viruses. . . .
Click to expand...

True, thats a very underated issue. 😛
Click to expand...

meh ... the room is definitely pigeon proof as well 😛

More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
Click to expand...

If you have anything newer then Redhat 7.x then there is no Linux viruses you have to worry about. So you can probably simply delete all the records and be set.
 
Originally posted by: amdfanboy
Originally posted by: kamper
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
Click to expand...

I can't believe someone actually submitted that

http://www.ietf.org/rfc/rfc2549.txt?number=2549
Click to expand...

Not just submitted ... some guys actually tested it IRL. Strapped flash chips onto the bird's legs or such. Was on /. Beat a T1 on badwidth IIRC, but the latency pretty much sucked!
 
Originally posted by: drag
Originally posted by: Armitage
Originally posted by: SpunkyJones
Originally posted by: Transition
But what about airborne viruses. . . .
Click to expand...

True, thats a very underated issue. 😛
Click to expand...

meh ... the room is definitely pigeon proof as well 😛

More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
Click to expand...

If you have anything newer then Redhat 7.x then there is no Linux viruses you have to worry about. So you can probably simply delete all the records and be set.
Click to expand...

Yea, I tried to explain that ... but didn't get anywhere. I'll accept it if they cut the thing down to something reasonable. I'll get my work done, security can keep believing they are protecting the program, and we'll all be happy 😛

 
Originally posted by: Armitage
Originally posted by: amdfanboy
Originally posted by: kamper
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
Click to expand...

I can't believe someone actually submitted that

http://www.ietf.org/rfc/rfc2549.txt?number=2549
Click to expand...

Not just submitted ... some guys actually tested it IRL. Strapped flash chips onto the bird's legs or such. Was on /. Beat a T1 on badwidth IIRC, but the latency pretty much sucked!
Click to expand...

lol
 
Originally posted by: Armitage
Originally posted by: amdfanboy
Originally posted by: kamper
Originally posted by: Armitage
meh ... the room is definitely pigeon proof as well 😛
Click to expand...

Oh geez, I love geek humour :laugh: Although I'm somewhat surprised that there was no discussion about the differences between African and European swallows 😕
Click to expand...

I can't believe someone actually submitted that

http://www.ietf.org/rfc/rfc2549.txt?number=2549
Click to expand...

Not just submitted ... some guys actually tested it IRL. Strapped flash chips onto the bird's legs or such. Was on /. Beat a T1 on badwidth IIRC, but the latency pretty much sucked!
Click to expand...

Nevermind the problem that your link layer might very well migrate south come winter. That would give you a lot of trouble sending data north!
 
Originally posted by: Armitage
More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
Click to expand...

That's sad. There's actually two very serious issues there, if the "necessity" of virus-scanning on that box keeps up: 1) If the data on that box is need-to-know classified, then what business does any other program, possibly stored on a removable, but writable, media device have being attached to that PC? I don't think that this would apply to ClamAV since it's supposed to be open-source, but there have been allegations in the past of certain intellegence agencies' involvement with AV companies. Think about it, you are allowing those apps unfettered access to your most secretive documents and files. Considering that most commercial Windows' AV products communicate back with "home base" on a nearly daily basis (often to a different country!), supposedly to download new "virus updates" - I don't think that it would be difficult to establish a covert backchannel. 2) If this box isn't network-connected, then obviously there will have to be some sort of continued outside access to update the virus definitions, right? Effectively, the machine now *is* on a network, even if that is "sneakernet". You've just lowered your security access policy defenses, in the false name of increasing security. One has to ask why, and of course you would know better than I the situation about how to stop that, before the tiny leak destroys the entire dam and brings it all down. Who knows? The next request might well be to place the machine on the network, to make the updating of virus defs. easier on the admins.

I found it interesting, actually, that Trend Micro's "HouseCall" internet-based AV scanning service, asks you where you are, and when you enter USA, you get connected to their european servers. Given what is "known" about Echelon and national laws and international intelligency-agency agreements, along with the rumored allegations against AV vendors, it all starts to make a scary amount of sense.

I haven't run an AV product for years on my boxen, and I don't plan to. Don't want the performance hit either.

What I would suggest, is a secondary "quarantine zone" box, that all media going to/from the target machine is scanned at. I still don't suggest that the secondary machine be on a network either though.
 
Originally posted by: VirtualLarry
Originally posted by: Armitage
More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
Click to expand...

That's sad. There's actually two very serious issues there, if the "necessity" of virus-scanning on that box keeps up: 1) If the data on that box is need-to-know classified, then what business does any other program, possibly stored on a removable, but writable, media device have being attached to that PC? I don't think that this would apply to ClamAV since it's supposed to be open-source, but there have been allegations in the past of certain intellegence agencies' involvement with AV companies. Think about it, you are allowing those apps unfettered access to your most secretive documents and files. Considering that most commercial Windows' AV products communicate back with "home base" on a nearly daily basis (often to a different country!), supposedly to download new "virus updates" - I don't think that it would be difficult to establish a covert backchannel. 2) If this box isn't network-connected, then obviously there will have to be some sort of continued outside access to update the virus definitions, right? Effectively, the machine now *is* on a network, even if that is "sneakernet". You've just lowered your security access policy defenses, in the false name of increasing security. One has to ask why, and of course you would know better than I the situation about how to stop that, before the tiny leak destroys the entire dam and brings it all down. Who knows? The next request might well be to place the machine on the network, to make the updating of virus defs. easier on the admins.
Click to expand...

I'm not to concerned with this ... the system is not on a network, not even an internal one. That's a whole nother can of worms (see below). Any sneakernet is absolutely one-way. Updates are sneakernetted to the box, but no media that touches the box can ever go out and touch an unclass box again.

I found it interesting, actually, that Trend Micro's "HouseCall" internet-based AV scanning service, asks you where you are, and when you enter USA, you get connected to their european servers. Given what is "known" about Echelon and national laws and international intelligency-agency agreements, along with the rumored allegations against AV vendors, it all starts to make a scary amount of sense.

I haven't run an AV product for years on my boxen, and I don't plan to. Don't want the performance hit either.
Click to expand...

Yea, the whole "phone home" thing for any app makes me nervous. I don't know why people put up with it, especially on closed stuff where you can't really know whats going on.

What I would suggest, is a secondary "quarantine zone" box, that all media going to/from the target machine is scanned at. I still don't suggest that the secondary machine be on a network either though.
Click to expand...

every box has to run AV ... quarantine box would make sense ... scanning the media once when you download the data would make sense. But security is not about making sense, its about checking boxes. I was just told that approval to add a 3TB file server to this standalone machine may take 14 months because we are now creating a :evil::shocked:NETWORK:shocked::evil: Still completely isolated, but it's now a network which spins up the security guys even more. In the meantime, work on an important program with potentially significant impact on national security is dramatically impaired.

The problem is that security is not answerable to anybody but themselves ... which is neccesary to a degree I suppose. I just wish that the true cost of security was honestly appraised when they put some of these things into effect.
 
Originally posted by: VirtualLarry
Originally posted by: Armitage
More seriously, I just talked with the guy in the hall about reviewing this issue. He's adament that there has to be some virus protection on there, but we'll discuss how it's done in more detail next week. Hopefully we can at least scale it back to just known Linux viruses, as there are only a handful and scanning for that should be much faster. I suspect they are currently scanning for whole portfolio of Windows dysentary.
Click to expand...

That's sad. There's actually two very serious issues there, if the "necessity" of virus-scanning on that box keeps up: 1) If the data on that box is need-to-know classified, then what business does any other program, possibly stored on a removable, but writable, media device have being attached to that PC? I don't think that this would apply to ClamAV since it's supposed to be open-source, but there have been allegations in the past of certain intellegence agencies' involvement with AV companies. Think about it, you are allowing those apps unfettered access to your most secretive documents and files. Considering that most commercial Windows' AV products communicate back with "home base" on a nearly daily basis (often to a different country!), supposedly to download new "virus updates" - I don't think that it would be difficult to establish a covert backchannel. 2) If this box isn't network-connected, then obviously there will have to be some sort of continued outside access to update the virus definitions, right? Effectively, the machine now *is* on a network, even if that is "sneakernet". You've just lowered your security access policy defenses, in the false name of increasing security. One has to ask why, and of course you would know better than I the situation about how to stop that, before the tiny leak destroys the entire dam and brings it all down. Who knows? The next request might well be to place the machine on the network, to make the updating of virus defs. easier on the admins.

I found it interesting, actually, that Trend Micro's "HouseCall" internet-based AV scanning service, asks you where you are, and when you enter USA, you get connected to their european servers. Given what is "known" about Echelon and national laws and international intelligency-agency agreements, along with the rumored allegations against AV vendors, it all starts to make a scary amount of sense.

I haven't run an AV product for years on my boxen, and I don't plan to. Don't want the performance hit either.

What I would suggest, is a secondary "quarantine zone" box, that all media going to/from the target machine is scanned at. I still don't suggest that the secondary machine be on a network either though.
Click to expand...



even if it was on a network, the classified network is physically separate from the internet. no way an app can phone home.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top