<p dir="ltr">Yeah, but all of those were compromised from inside the LAN by a hijacked process introduced by a bad code update with trojaned patches. The theft occurred when security processes allowed connections to unvetted locations from within the LAN by supposedly secure machines.</p>
<p dir="ltr">But a local, verified update repo is always a good thing.</p>
<div class="gmail_quote">On Nov 19, 2014 3:21 PM, "Alex Carver" <<a href="mailto:agcarver%2Bale@acarver.net">agcarver+ale@acarver.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Let me write just a few words on why your customer data machine<br>
shouldn't see the Internet directly:<br>
<br>
Target, Home Depot, Michaels, Staples, US Postal Service, ...<br>
<br>
<br>
<br>
On 2014-11-19 12:02, Raj Wurttemberg wrote:<br>
> Yeah, I have actually started that process. Seems the most secure.<br>
><br>
> Kind regards,<br>
> /Raj<br>
><br>
><br>
>> -----Original Message-----<br>
>> From: <a href="mailto:ale-bounces@ale.org">ale-bounces@ale.org</a> [mailto:<a href="mailto:ale-bounces@ale.org">ale-bounces@ale.org</a>] On Behalf Of Alex<br>
>> Carver<br>
>> Sent: Wednesday, November 19, 2014 2:47 PM<br>
>> To: <a href="mailto:ale@ale.org">ale@ale.org</a><br>
>> Subject: Re: [ale] One NIC, two IP addresses on different VLANs?<br>
>><br>
>> Sounds like the better idea is to keep the Internet away from your system<br>
>> hosting customer data NFS and set up a completely independent machine<br>
>> that acts as a local mirror of the Ubuntu repositories. Let that machine<br>
> have<br>
>> two NICs one for each VLAN, put lots of firewall rules in place to make<br>
> sure it<br>
>> can only contact the external repositories and reject incoming connections<br>
>> then a few cron jobs to keep it synced every day.<br>
><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>