The Pentagon bans foreign citizens from accessing highly sensitive data, but Microsoft bypasses this by using engineers in China and elsewhere to remotely instruct American “escorts” who may lack expertise to identify malicious code.
I once worked for a fairly large multinational and was the main data center admin.
We ordered two separate comcast business account lines to serve as an emergency management network juuuuuuuuuuuust in case everything enterprise level went down. A true catastrophe somewhere else.
My boss put a windows xp box on it, and it alone with a single linux router in between it any the internet, totally insecure except for fail2ban and port knocking.
The entire time we were waiting for the rest of the data center to be wired it stood up, never being penetrated. Maybe a month or so.
BUT we’d banned basically the entire public IP space.
I’ve actually seen medical offices setup similarly. Some random computer in a back office with all of their patient data on it, completely exposed to the internet, protected by nothing but a few Windows Firewall rules limiting the connections to a few IP blocks. Just so they can share information office-to-office for say… a root canal and dental crown to be done on the same day, but at 2 separate locations due to limited space.
I’d run out of fingers if I were to count the number of times I’ve seen similar setups, 3-4 toes would be needed at least.
I once worked for a fairly large multinational and was the main data center admin.
We ordered two separate comcast business account lines to serve as an emergency management network juuuuuuuuuuuust in case everything enterprise level went down. A true catastrophe somewhere else.
My boss put a windows xp box on it, and it alone with a single linux router in between it any the internet, totally insecure except for fail2ban and port knocking.
The entire time we were waiting for the rest of the data center to be wired it stood up, never being penetrated. Maybe a month or so.
BUT we’d banned basically the entire public IP space.
This was back in the early 2010s
I’ve actually seen medical offices setup similarly. Some random computer in a back office with all of their patient data on it, completely exposed to the internet, protected by nothing but a few Windows Firewall rules limiting the connections to a few IP blocks. Just so they can share information office-to-office for say… a root canal and dental crown to be done on the same day, but at 2 separate locations due to limited space.
I’d run out of fingers if I were to count the number of times I’ve seen similar setups, 3-4 toes would be needed at least.
Terrifying.
We did it just as a for funsies test, when we actually began to put equipment in it was all properly secured.