[ale] One NIC, two IP addresses on different VLANs?

Jim Kinney jim.kinney at gmail.com
Wed Nov 19 16:22:43 EST 2014


Yeah, but all of those were compromised from inside the LAN by a hijacked
process introduced by a bad code update with trojaned patches. The theft
occurred when security processes allowed connections to unvetted  locations
from within the LAN by supposedly secure machines.

But a local, verified update repo is always a good thing.
On Nov 19, 2014 3:21 PM, "Alex Carver" <agcarver+ale at acarver.net> wrote:

> Let me write just a few words on why your customer data machine
> shouldn't see the Internet directly:
>
> Target, Home Depot, Michaels, Staples, US Postal Service, ...
>
>
>
> On 2014-11-19 12:02, Raj Wurttemberg wrote:
> > Yeah, I have actually started that process. Seems the most secure.
> >
> > Kind regards,
> > /Raj
> >
> >
> >> -----Original Message-----
> >> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Alex
> >> Carver
> >> Sent: Wednesday, November 19, 2014 2:47 PM
> >> To: ale at ale.org
> >> Subject: Re: [ale] One NIC, two IP addresses on different VLANs?
> >>
> >> Sounds like the better idea is to keep the Internet away from your
> system
> >> hosting customer data NFS and set up a completely independent machine
> >> that acts as a local mirror of the Ubuntu repositories.  Let that
> machine
> > have
> >> two NICs one for each VLAN, put lots of firewall rules in place to make
> > sure it
> >> can only contact the external repositories and reject incoming
> connections
> >> then a few cron jobs to keep it synced every day.
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141119/3d4d90d7/attachment.html>


More information about the Ale mailing list