On 5/2/23 03:13, Carlos E. R. wrote:
Anyway, enough of that - when we can't agree on what a trusted network
is, I think it's best to stop.
Ok.
That' a good point. One might be able to assume "trust" on a
small home network consisting of a desktop and a printer. But
can you make the same assumption about a /20 (IPv4) non-natted
subnet with hundreds (maybe thousands) of different kinds of
connected things? Windows, MAC's, Linux/UNIX (various versions)
SAN's, NAS'es, printers, scanners, etc. The risk is there even
if the network is professionally managed with all state of the
art security controls and processes. Not running host-based
firewalls is folly. Again, security must be in depth to be
effective.
But the mention of a printer reminds me of a security breech we
had around 1989 IIRC. A HP printer was compromised by a
Russian actor and was used as a vector to try to gain access to
the network. No damage was done, we caught it right away,
but it does illustrate the problem.
Rhetorical question: Can one have a "trusted" network where
WiFi access is possible?
Regards,
Lew