Lew Wolfgang wrote:
On 5/2/23 03:13, Carlos E. R. wrote:
Anyway, enough of that - when we can't agree on what a trusted network is, I think it's best to stop.
Ok.
That' a good point. One might be able to assume "trust" on a small home network consisting of a desktop and a printer.
You know what they say about "assume" :-) If the home/hobby/wannabe admin is genuinely concerned about the safety of her network, she should not be making assumptions. She should determine what "trusted" means and whether those conditions are met.
But can you make the same assumption about a /20 (IPv4) non-natted subnet with hundreds (maybe thousands) of different kinds of connected things? Windows, MAC's, Linux/UNIX (various versions) SAN's, NAS'es, printers, scanners, etc.
I'll be happy to provide an answer, but what is your billing address? For security consultancy, I charge 2000/day. Okay, simple answers are 100/word. To maybe drum up some business, the free answer is "no". Non-free: a) don't make assumptions. b) don't make assumptions about security topics c) no, a /20 without access limitations cannot be ass-u-me'd to be trusted. d) don't make assumptions. That's about 20 words, (d) was for free.
The risk is there even if the network is professionally managed with all state of the art security controls and processes.
No it isn't. If the latter applies, there won't be any "Windows, MAC's, Linux/UNIX (various versions), SAN's, NAS'es, printers, scanners, etc. connected.
Not running host-based firewalls is folly.
I've already told you that you and Carlos are kindred nutt .... uh spirits. Same water.
But the mention of a printer reminds me of a security breech we had around 1989 IIRC.
At that time, all I knew about networking was SNA. I could IML an NCP, whichever one.
Rhetorical question: Can one have a "trusted" network where WiFi access is possible?
Yes, I don't see an issue in that, provided no trusted machines access the wifi. -- Per Jessen, Zürich (17.5°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes