0_o Posted July 19, 2018 Author Report Share Posted July 19, 2018 As for the .net secure comm, I didn't go too deep into it, I simply trust the .net department when they say it is secure. I'll ask them in our next meeting. As for the certification of code in the community and inside NI... I feel very much like the CERN guy from the video. No one is concerned with security. They just check for functionality, calibration, maintainability, licenses and safety. The only solution I see is the agreement defining the limited responsibility Quote Link to comment
ShaunR Posted July 19, 2018 Report Share Posted July 19, 2018 1 hour ago, 0_o said: As for the .net secure comm, I didn't go too deep into it, I simply trust the .net department when they say it is secure. I'll ask them in our next meeting. As for the certification of code in the community and inside NI... I feel very much like the CERN guy from the video. No one is concerned with security. They just check for functionality, calibration, maintainability, licenses and safety. The only solution I see is the agreement defining the limited responsibility You may also be interested in the responses when I posed the question Security? Who cares?. I don't think much has changed since then. Quote Link to comment
0_o Posted July 19, 2018 Author Report Share Posted July 19, 2018 LOL, you could have started with this post saying that you already talked this issue over there. Thanks. It's always nice to read stuff that Jack, you and the rest of the old folks here write about yet it didn't calm me at all. It is as if we are all experts here, real programmers and physics/elec engs yet when it comes to security we just finished kindergarten and we heard of another big world out there from rumors. 1 Quote Link to comment
Rolf Kalbermatter Posted July 20, 2018 Report Share Posted July 20, 2018 On 7/19/2018 at 2:43 PM, 0_o said: It is as if we are all experts here, real programmers and physics/elec engs yet when it comes to security we just finished kindergarten and we heard of another big world out there from rumors. It may not help to calm you down at all, but even many of the security experts just know barely what they are talking about. It's a special world and the really tricky part is that what is considered safe enough today is already tomorrow outright inadequate. A computer from just 10 years ago wouldn't survive even a single day nowadays when connected to the net without being compromised in some ways, and even fully up to date computer systems are under continuous attack when they are visible in any way to the big dangerous net out there. You can only hope that your network modem will keep your internal network invisible and that the modem itself hasn't been compromised in some way already. Mirai and friends don't only can be used to attack network cameras but just about any network appliance. Quote Link to comment
ShaunR Posted July 21, 2018 Report Share Posted July 21, 2018 (edited) On 7/20/2018 at 3:00 PM, rolfk said: It may not help to calm you down at all, but even many of the security experts just know barely what they are talking about. It's a special world and the really tricky part is that what is considered safe enough today is already tomorrow outright inadequate. A computer from just 10 years ago wouldn't survive even a single day nowadays when connected to the net without being compromised in some ways, and even fully up to date computer systems are under continuous attack when they are visible in any way to the big dangerous net out there. You can only hope that your network modem will keep your internal network invisible and that the modem itself hasn't been compromised in some way already. Mirai and friends don't only can be used to attack network cameras but just about any network appliance. Well. Just to fan the flames of fear a bit more . I worry more about all the web/DNS servers, updaters, databases and weird and wonderfully named background tasks/services,(some of which I have no idea what they are for) that get installed by NI out-of-the-box, than tricksy code like that. I try and push that sort of defence problem to IT. However, when you install LabVIEW the attack surface increases 100 fold. It would be helpful if NI produced a document detailing all the services and background apps - what they do, what they are for and, more importantly, what LabVIEW features rely on which. A lot of them could also be on-demand rather than continuously running as I have found out by trial and error. Edited July 21, 2018 by ShaunR Quote Link to comment
0_o Posted July 22, 2018 Author Report Share Posted July 22, 2018 (edited) The problem is not only with those services. When I need to send someone an exe that says hello world I need to send along LV Runtime with a lot of functionality that my exe doesn't actually require. It is the same with .net but this is not the case in python for example. The fundamental issue can be compared to VM vs dockers: In the VM you have a complete OS with all the security and tools while in the case of a docker you only take the functionality you actually need with you. Maybe a VM can get you better in depth security but a docker has much less attack surface. Edited July 22, 2018 by 0_o Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.