Re: Questions about Network Level Authentication and Remote Desktop

Racist stuff is free speech too. They are allowed to keep it hidden and as long as nobody sees it, nobody will care (yeah unfortunately "out of sight out of mind" applies here, but so be it, it's private!).

"Keep it hidden" also sort of implies it's not subpoenaed or something to that extent and it gets revealed. If it gets revealed, then it gets judged, and M$ as the curator could be viewed as an accessory, hence it's in M$'s interest to remove it. Keep in mind the Fourth Amendment as well. Also the other issue that hasn't been resolved: whether a private company is allowed to search another private entity's data... Apparently it is legal since M$ is using our data to market...

All of this is of course moot if it's not publicly visible, hence the question I had. If any random person could create an account (or if it's visible without any access control at all) and see the questionable matter, then M$ is in their rights to remove it -- however, if that random person needs authorization from the data creators to see the data, then this should NOT be removed as it is now "private" versus "public" data.

In all honesty, people should keep their own data on their own servers, private or public, and never contract out to another company...

Apologies this is all off topic

Re: Questions about Network Level Authentication and Remote Desktop

I think we agree there. I was going to say racist stuff can be free speech, but in some circumstances, it could also be classified has a hate crime (if it incites violence or attempts to incite it, etc). An example was a Facebook post I came across when I used to use that awful site! There was some fit between two children of different ethnicities. I don't remember all the details, but it seemed that race wasn't really involved, just two kids scrapping. Anyone, in the comment section, a gentleman wrote we needed to find the little n**** and hang him.

I feel, and I think the law did as well, that that isn't covered under free speech there, that a hate crime had been committed. Was he going to look for the young teen and try to hang him? I doubt it. I think the guy just felt he could say anything over the net and he'd be good. I was a bit shocked at how many people spoke up against it, yet how many people clicked Like. The Like greatly outweighed the people speaking up against it.

If he said it to himself, or if no one could read it, or hear it, even though it'd still be considered a crime in this case, I don't think anything would have happened. His account and post got deleted shortly after, so I'm sure at least one person reported it.

There are things we do that can take away some of those rights. I joined the military and lost a good deal of my freedom of speech! There's laws in the UCMJ that state I cannot disobey a direct order, I can't talk back to a superior officer, etc. And the military courts will throw your ass in the brigg for breaking some of the laws! So Microsoft could say, by providing this service to the public, the public has to follow the rules we put in place. And if they said no racist comments, I feel the right to free speech doesn't come into play anymore.

Or would the contract not be a legally binding contract? Essentially, can you take away someones rights by having them sign a piece of paper? I wonder.

When you say people, do you mean companies as well? I originally wanted to keep my data on-premise only, but then an A.E. talked to me a bit. Companies like AWS won't be in the papers for a breach of security because that's their life right there. They have people sitting around all day, watching the network traffic coming in, looking for attacks, stopping them, etc. Teams dedicated to just keeping the data secure. Our little business cannot do that yet. So outsourcing for secure data storage might be the way to go. Haven't figured quiet figured that one out yet though.

Re: Questions about Network Level Authentication and Remote Desktop

Just look at the amount of S3 buckets left exposed. Amazon care about their systems and data not their customers.
What makes you think having your data on someone else's server is more secure than you looking after your data yourself ?

Re: Questions about Network Level Authentication and Remote Desktop

this.

if it's about safety, build a concrete box under the house and put a networked drive in it for backup, and another at a friends house connected by rsync over ssh.

that way you have data protection from fire etc.

Re: Questions about Network Level Authentication and Remote Desktop

Okay, I'm not saying having data on someone elses server is more secure. I'm saying having data on a large company that specializes in secure storage is more secure, for us at least, and many small businesses I would think. I will give some examples.

We are just three, here. We physically cannot look at server logs 24/7. We have security software that will send us alerts if someone's trying to get in, etc, but we still require sleep and other tasks need to be completed. At companies that specialize in secure storage, they will have a team dedicated to keeping that data secure. That is something we cannot do.

We do our best, but we just don't have the resources. A large corporation like Corning Incorporated on the other hand probably does have the resources. A company like Google has those resources. But for small businesses, outsourcing for secure data storage is a viable option.

In deposit, our server was hacked. We stored credit card numbers, social security numbers, etc on a Novell server. The IT person who set that up had the logic that because the Novell server didn't have a TCP/IP protocol installed, only IPX, the data was impossible to access from the net. We got very lucky when we were hacked, it was just a website defacement, but if the hackers had done some simple exploring, a LOT of people's information would have been compromised.

We dealt with very large banks. Banks that people don't normally go to but other banks do. We handled over 50,000 transactions a day through the IBM Websphere.

We had client machines and server machines that had the TCP/IP protocol installed and they also had the IPX protocol installed, to communicate with the Novell servers. It was only the Novell server that did not have the TCP/IP protocol installed. The hacker compromised the webserver, which was running an un-updated version of RedHat at the time. They could have used that computer, or any of the other machines with both protocols to access the Novell server.

The head IT at the time also did not know a lot about Linux. One of his many duties was security. He just didn't understand it very well! He thought he did, and the non-IT people who owned the company thought his logic was sound.

If the Novell server doesn't have a TCP/IP protocol installed, and TCP/IP is needed for internet access, how could anyone from the internet access it? And! Linux, it works now. If we update the system, it might break something! So why fix what isn't broken?

The problem there is it was broken and despite my warnings, it wasn't until we got hacked that I was moved to head of IT and fixed a lot of those holes.

With the data that we had, if all that data was compromised, it very well could have (and probably would have) ruined the entire company. We were a world-wide corporation.

Now, if they had outsourced to a well known 3rd party company who specializes in secure data storage, I highly doubt any of that would have ever happened. And that's the reason. IF, because that's their speciality, a breach where to happen, it would ruin their reputation, and I feel they have much more skilled people trying to make sure that doesn't happen.

Re: Questions about Network Level Authentication and Remote Desktop

That might be practical for some, but rsync over ssh doesn't seem like the best solution there Stj. We tried copying 20Gb of data using rsync of ssh and it took like 3 days.

There are many ways to store data, and depending on how quickly you need to retrieve it (is it archival data? is it an active database that you're running query's on all the time? etc) would probably dictate which way to go.

I know for us, it seems cheaper and more secure to outsource for secured storage. Another example is the GDPR and other regulations / compliancies. Sometimes, for small companies, it might be extremely hard to implement those policies and if they're not properly implemented, the fines can be really high. It might make more sense to just outsource to a large company that has many more resources to securely store that data and keep up with the various regulations, etc.

We want to look into it. We use RAID5 and where looking into NAS and tape backup options, but now want to look into using a 3rd party.

I guess it'd probably be for another thread, but I am definitely down for hearing some down sides for using a 3rd party versus on-premise storage. What are the real benefits, from a technical standpoint, to using on-premise storage vs. outsourcing? I know some of the pro's going the other way, but keep in mind, a salesman was telling me about them, so I doubt they'd ever bring up any of the cons.

Re: Questions about Network Level Authentication and Remote Desktop

On premise, I control it's destiny. If it's that precious it wouldn't be connected to the internet. I can back it up and can take it off site. By all means use someone else as a back up, but that should be encrypted.

You could always sneakernet/post the hard drive to the destination then rsync.

GDPR isn't hard.

Re: Questions about Network Level Authentication and Remote Desktop

Sometimes though Diif, there's precious stuff that you need hooked to at least a LAN. Take TopCat's site here. I bet he's outsourcing for the servers and not hosting it himself (feel free to correct me if I'm wrong TopCat :-) ). He's probably not hosting all the usernames and passwords, which I would consider confidential data. I'd say that information is precious, for the simple fact that research tends to show most people reuse passwords, especially if they're complicated.

Hosting that webserver on his own physical servers can get pricey and it probably makes more sense for him to outsource.

For us, GDPR looked not so much hard, just like wow, there is a lot here! And if you're found not to be compliant, isn't it a 10% of your annual revenue or one million dollar fine, whichever one is greater?

Don't get me wrong here! There is stuff that we don't have on the PCs at all because it's stuff we feel would be safer with just physical copies locked up, like people's SS#'s, NDAs, etc.

I'll start a new thread and I'll put it in the Troubleshooting & Designing Networks section, but I don't know if that's the best place for it. We're still designing our network, and we need to access certain data over the network for various reasons. You got the real world experience, like many others here, and we're not 100% sold on the 3rd party internet secure storage thing. It's an option, but I definitely need more info and need to do more research. I'd like to get opinions on other users here to the pro's and con's for the two options.

I know with density, you tend to get that with the on-line storages too I believe. Different tiers. I know we just purchased four 12Gbps SAS drives and they where pricey. Very pricey. Probably a lot more than what some monthly fee would be. But they're fast, much faster than what our internet is. At the same time, one dies, we are responsible for paying that hefty replacement fee. We don't have a backup building yet, I'd imagine if we outsourced, we'd make sure they had one. Lots to think about I guess.

Re: Questions about Network Level Authentication and Remote Desktop

I know this is an old thread, but in the end, I went with your guy's suggestions and we're not outsourcing for backups. I store them at another location. In the end, I felt Diif had some really good points and I just didn't want to trust our data with another company.

I'm getting ready to automate the backups, which will make things a lot easier. I think I'm going to setup a secure tunnel or something to connect to a backup server at the other location and maybe transmit the backups over SSH. I might password protect the archives as well, I dunno.