|
|
|
|
|
|
by jimrandomh
3853 days ago
|
|
|
> "How do you think I got the firmware updates? We just made an SSH tunnel over TCP 53 and proxied HTTP to the Sun website." Sounds like the real problem was they didn't have a better mechanism for getting things like that in. If a security system stops people from doing their jobs, they'll poke a hole in it unless you provide a better option. |
|
|
Any mechanism for getting things like that in is a break in the air gap, by definition. (Well, by a strict definition.) But at least a better mechanism would be managed by security policy, not by underlings' need to get their job done. (That is, the security policy would have to take into account the need for updates as well as the potential security implications of importing new executable code from outside.)