Glenn links to a Wired story about an FBI raid of datacenter. First, if you don't know what a datacenter is take a look at the picture atop the Wired story. Those look like 42u racks each of which can hold, in theory, 42 x 1u rackmount servers. In practice you'll have some 2u, 3u, 4u and maybe a few 6u blade servers, as well as rackmount UPSs and networking equipment. Their are eight racks in each aisle and there are eight visible aisles, so we're talking about the potential for a lot of hardware. The article indicates that about 220 computers were taken.
I've been to a couple of datacenters. They're basically warehouses with aisle upon aisle of these computer racks. I know of a couple of companies that have space in datacenters—smallish consulting companies with twenty to thirty employees. They rent half racks. Larger companies will need more space and, obviously, business needs will drive the space requirement, too.
For the FBI to waltz in and take the business critical computers of so many companies because of a couple of bad apples, well, that is a really bad precedent. Looting the bank accounts of the owner of the datacenter is appalling. This is going to force companies around the country to waste time updating their disaster recovery plans to address the recently introduced problem of FBI raids and it's going to driveup the cost of using datacenters.
Showing posts with label cybersecutiry. Show all posts
Showing posts with label cybersecutiry. Show all posts
Wednesday, April 8, 2009
Tuesday, April 7, 2009
Hacking the US
Breitbart tells us that the Pentagon is shoveling money at cyber attacks to the tune of $100 million in half a year. Meanwhile, the Wall Street Journal reports that the US electric grid has been infiltrated by both the Chinese and the Russians.
I don't understand this. Why don't these organizations simply block all traffic originating from IPs assigned to non-friendly nations? That's pretty simple with iptables. Is there some compelling reason to allow that traffic in? Yeah, attackers could get around that by spoofing their IP or with US-based proxies, but I still think this is an 80% solution.
You might be wondering: "maybe people in the organization want to go to websites in those non-friendly nations." The way that iptables (and I presume other firewalls) works is that it can be configured to allow connections that are originated locally while denying remotely originated connections.
I don't understand this. Why don't these organizations simply block all traffic originating from IPs assigned to non-friendly nations? That's pretty simple with iptables. Is there some compelling reason to allow that traffic in? Yeah, attackers could get around that by spoofing their IP or with US-based proxies, but I still think this is an 80% solution.
You might be wondering: "maybe people in the organization want to go to websites in those non-friendly nations." The way that iptables (and I presume other firewalls) works is that it can be configured to allow connections that are originated locally while denying remotely originated connections.
Subscribe to:
Posts (Atom)
Posts
