On 2024-02-12 23:55, Ron / BCLUG via talk wrote: [snip]
This is a risk unaware Microsoft centric answer.
It's a "Why are there incoming connections to our network?!? And what is their purpose? And where do they end up? Who is controlling them?" issue.
Imagine being in charge of a large network and seeing countless connections to end points inside the network and having no idea what they're doing - that *should* scare any IT / network admin. You are right. There is a lot to be said for a single point of control.
Complaints about using a VPN make me think of the times when I have had use VPNs that forced me to have a separate windows PC. Its less of a problem now because more and more places have VPNs that have Linux clients but that was not always the case, and I found the VPN support in organizations that were that windows centric, terrible. I did have one client a couple of years ago who could not get the linux client for their VPN to work and eventually I had to bounce through 2 web based console apps to get access. I was allowed to setup an SSH back link to my network where I could then sign into the systems.
And this is not just a government issue its a big company based issue.
Yup, agreed 100%.
My personal belief is that companies believe that if they pay for the service then they have someone they can sue if things go wrong. Look at the recent set of remote access and data migration products that have had VERY large corporate and government customers and big security breaches.
And suing after the fact accomplishes pretty much nothing. Data is "gone", reputation is ruined, time is wasted recovering, etc.
The desire to feel that you have someone you can hold accountable has just about 0 correlation with the actual ability to hold them accountable.
It's more like, "here's a product we trust to manage incoming connections, and if everyone's using this then we can control our network much better".
Whether the trust is misplaced or not in any specific product, the idea is valid.
There was once a saying. "Nobody ever got fired for buying IBM". I think that moved to Cisco some years ago and now I think it can be used with AWS. [snip] -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||