Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...

To: debian-user <debian-user@lists.debian.org>
Subject: Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
From: Albretch Mueller <lbrtchx@gmail.com>
Date: Sat, 11 Nov 2023 09:35:04 +0000
Message-id: <[🔎] CAFakBwjtRVCj6GPQkEUAhRgXsbM5=KsriW1++KZhHA4UuE80Fg@mail.gmail.com>
In-reply-to: <[🔎] 20231111083233.226e179c@x40>
References: <[🔎] CAFakBwhpqSU66Hak7bELmLR5_PF_--u+LSZaAGbd_QfDOPaErw@mail.gmail.com> <[🔎] 20231111083233.226e179c@x40>

On 11/11/23, tomas@tuxteam.de <tomas@tuxteam.de> wrote:
> In which case you aren't the customer, but the cattle.

 Once we go into exposed mode (go online), we tacitly become all
cattle, don't we? What I am talking about is being more of an
unleashed cattle, a leashed one that is aware.

On 11/11/23, Marco <mm@dorfdsl.de> wrote:
> Am 11.11.2023 01:26 schrieb Albretch Mueller:
>
>>  the politics behind the "cloud trial" may not be compatible with
>> Debian, but I don't know if there is a way to work around such issues
>> or just use the other parts of it:
>
> Why can't you install it manually, maybe with a script?

 Yes, of course, you can always do so. I meant it would be best if
certain security issues are dealt on a hardware level. It may sound as
"paranoid", "crazy" to you, but I always go into exposed mode using a
Debian Live DVD, basically:

 1) boot up
 2) mount local drive (reset my home dir ...)
 3) mount USB pen with extra stuff I need
 4) customize my run by using dpkg to install packages from the USB pen drive
 5) unmount, remove pen drive
 6) physically plug in Internet enabling hardware
 7) install the drivers to be able to connect to the Internet ...
...
 (n-2)) disconnect yourself from the internet (software + hardware by
removing the wifi USB dongle or cable) ...
 (n-1)) run script to check which files were changed during your run and how
 n) shutdown

 Yes, it is cumbersome, but it is the only way I can access the
Internet with some reliability.

 It is not just about soft- and hardware level measures, "hackers" as
part of their modus operandi need "persistence". They would not spend
their while and expertise knowing well that by shutting down your
computer you would be effortlessly erasing all their cr@p, along with
all cookies and all of that and they are smart enough to realize that
they would risk exposing their rear end to the four winds. If they
continue doing such thing you will know the kinds of "legally
protected" hackers that would not mind such risk.

 lbrtchx

Reply to:

Follow-Ups:
- Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
  - From: Michael Kjörling <2695bd53d63c@ewoof.net>

References:
- it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
  - From: Albretch Mueller <lbrtchx@gmail.com>
- Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
  - From: Marco <mm@dorfdsl.de>

Prev by Date: Re: limit on attachment in mail to list
Next by Date: Re: How could the missing MySQL extension required by WordPress be installed?
Previous by thread: Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
Next by thread: Re: it would be nice is Debian live includes the Wazuh unified XDR and SIEM protection framework ...
Index(es):
- Date
- Thread