On 5/2/23 03:13, Carlos E. R. wrote:
Anyway, enough of that - when we can't agree on what a trusted network is, I think it's best to stop.
Ok.
That' a good point. One might be able to assume "trust" on a small home network consisting of a desktop and a printer. But can you make the same assumption about a /20 (IPv4) non-natted subnet with hundreds (maybe thousands) of different kinds of connected things? Windows, MAC's, Linux/UNIX (various versions) SAN's, NAS'es, printers, scanners, etc. The risk is there even if the network is professionally managed with all state of the art security controls and processes. Not running host-based firewalls is folly. Again, security must be in depth to be effective. But the mention of a printer reminds me of a security breech we had around 1989 IIRC. A HP printer was compromised by a Russian actor and was used as a vector to try to gain access to the network. No damage was done, we caught it right away, but it does illustrate the problem. Rhetorical question: Can one have a "trusted" network where WiFi access is possible? Regards, Lew