Originally Posted by WyattHarris
Security by obscurity, an antiquated concept. I put up a new server a week ago and within 3 hours I got the usual "Remote user 'a' has been disconnected due to invalid login attempts". Being found digitally is not hard when any script kiddie can scan for open ports needed for business use. Lately, most clients have been very willing to embrace security so that's a blessing. Usually they need a hacker to pull their shirt over their head before they consider it.
Take note of less likely, not exclusion
If you buy a virtual machine on a farm with decent security and have non-public, unrelated addresses on it, your radar blip is small enough that the likelyhood of a competent attack is very small.
Of course some script kiddy or tempftp chaser, or a bot, will bump into it, but those are all fairly easy things to avoid for any mildly IT literate person that looks for some articles and books and performs basic santizing tasks on whatever public frameworks he's using, if any.
Being google, or yahoo, or anybody like that means you get all kind of profiles of all kind of coloured hats on your case.
It's more of an academical point though, really.
|DoD was who I was referring to but HIPAA, NCUA, FDIC. If you are required to follow compliance regulations then sometimes you don't have a choice but to 'deny all'.|
In those cases it's not even about security. Or rather, it doesn't even get to be a bother because of that, there are prior concerns before security even makes it into the picture.
All public and free services WILL perform a certain level of data mining, whether they admit to it or not, and none admits the full extent of the mining and the size of their vault and what it actually contains, or how the vault is secured.
IF I had to deal with anything that required clearance, security, or even just the communication of personal data that can easily led to an identity theft of the highest order, then I too would obviously refuse ANY and every of those, regardless of their security levels.
That's why I mentioned consulates as well, the amount of passport scans and criminal records going through their internal networks is something you wouldn't believe, as is the type of info you can get. That's why they don't allow work from home and a number of other things, and completely isolate entire sections from any free service. It makes perfect sense.
In the context of what we're talking about in this thread though, an individual interacting with companies chasing a job, I can't think of a single valid reason to shun gmail or any free mail service that's not tied to some weird-arse animal pornography group (because honestly, if your mail is firstname.lastname@example.org I'm unlikely to hire you) ;p
Once you're inside a system, things change.
You should see Marvel's black book to work on their projects if you want something related to our industry that has security measures that make DoD contractors look like they work off a laptop on starbucks' open wifi.
I would tell you, but they'd kill me if I did, and I don't even work on anything Marvel right now!