Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
response to a Twitter user questioning the organization’s silence, TIAA responded saying that its offices were closed
response to a Twitter user questioning the organization’s silence, TIAA responded saying that its offices were closed
…they could have notified the hackers that they were closed?
This is what sftp, scp, and SSH are good for. Alice’s has a machine on her DMZ, forwarding a port via autoSSH to a cloud based VM where traffic prices are low. Bob also forwards his SSH port to that machine. All versions of SSH use key only authentication, and the VM is protected by network ACLs to only allow SSH from Alice and Bob’s IP address ranges. From there, ssh -j is used to copy files.
As an additional precaution, files can be encrypted and signed, and the signature verified on the recipient’s s
This is what sftp, scp, and SSH are good for. Alice’s has a machine on her DMZ, forwarding a port via autoSSH to a cloud based VM where traffic prices are low. Bob also forwards his SSH port to that machine. All versions of SSH use key only authentication, and the VM is protected by network ACLs to only allow SSH from Alice and Bob’s IP address ranges. From there, ssh -j is used to copy files.
OK, not convince an IT department to do just that. And assume the firewall only allows port 80 and 443 through, and
Windows has SSH built in these days. GNU Privacy Guard isn’t, but done right, that might not have to be used. With just that, and some Powershell scripting, one could do file transfers between two orgs.
For hosting uploads and downloads, just the fact that MoveIT has so much internal access is just asking for issues. Even something like an Avid appliance (long since gone) where it would allow users to upload/download to the appliance, which was on the DMZ would be better. Yes, one couldn’t just send a file from their desktop, but allowing a direct channel from an internal desktop to/from an external user is asking for a compromise, without something like a hop box or a FTP appliance. No, it isn’t point and click easy, but it would greatly reduce the available attack surface.
Even IBM has dedicated file transfer appliances which would be functionally similar to MoveIT, but because they work as proxies between an external user and an internal, they add value when it comes to security.
Did the hackers wear their teacher-demanded face guards & masks while stealing that retirement data-money?
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
VMware, AMD, Samsung and RISC-V Push For Confidential Computing Standards
Colorado, Connecticut Data Privacy Laws Go Into Effect July 1
Real programmers don’t write in BASIC. Actually, no programmers write in BASIC after reaching puberty.