[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 11/09/16 20:53, Joseph Bennie wrote: Hi Joseph, thanks for your reply! > boom! your seriously paranoid. Yep, that's 100% established around here :] Post-Snowden however it has also been established that I am right to be, which is partly why I make such a good sysadmin. You guys do read the news right? You are aware that multiple European countries are mandating that sensitive data remains balkanized within the country of origin precisely to prevent American private companies hoovering it all up? Which is completely pointless as via 5-eyes data-sharing agreements GCHQ in this country hoovers up UK data and analyses it on behalf of the American agencies to sidestep these restrictions with dubious legality? This isn't exactly the stuff of tinfoil hat UFO believers: it's well understood, well documented and there have been countless articles about it even in the mainstream press, let alone the technical press. Similarly encrypting your data *before* transferring it to a regular commercial cloud service is literally security 101. Simply reading the TOS for Dropbox/GDrive/etc informs one that they can and will decrypt the contents for the security services as required - not that they would ever bother as they simply fibre tap the companies without asking instead, which is why Google et al rapidly and indignantly moved to encrypt cross-data-centre comms recently(-ish, 2013). Research MUSCULAR/INCENSOR/XKEYSCORE for fun and profit. > ps time vault is a custom implementation of zfs. Umm, what? No, it's HFS+ with custom hardlinking. A 2-second Google will tell you this, as will actually mounting a TimeMachine/Capsule and checking mtab. What you're probably thinking of is a while back when everyone (me included) was really excited by rumours that Apple were going to fully integrate ZFS as a first-class FS for MacOS and there were even some developer builds with it included. Sadly this petered out quickly - my guess is this would have been down to Oracle being their usual idiotic selves over licensing/money - and with the upcoming 'Sierra' MacOS release Apple have instead finally rolled their own new attempt at a modern CoW filesystem, APFS. https://developer.apple.com/library/prerelease/content/documentation/FileManagement/Conceptual/APFS_Guide/Introduction/Introduction.html Promising start but it *really* needs some work yet, it's not even bootable. Still, anything's better than HFS I guess. All is not lost however: https://openzfsonosx.org/ Warning: performance is pretty terrible as yet, and it lags significantly behind the reference implementation from the Illumos guys. > if her files are that sensitive, sure as fuck she'll be accessing them via an > encrypted thin client. they sure as hell wont be on her metal. if they are ...fail. Ok, picking my way through this: yes, the files she will *categorically need to do her studies* just like *every other medical student in this country* are THAT sensitive. As in, some of it will be live, partially or even completely un-anonymized patient records and cohort data increasingly related to their specialisations as they progress through their early career from student to junior doctor to registrar and beyond. They will have hands on experience with real, live patients frequently just as they will have access to real, live patient data accordingly which can and WILL be copied to their computers as required, following very strict DPA guidelines that they will be relentlessly and repeatedly drilled on. Keeping any of this sensitive data on non-encrypted USB media, laptops or any other device is strictly forbidden and students and medical staff know this. As for "...accessing them via an encrypted thin client" you're only saying that because you're a sensible man and think that's how it SHOULD be done! You're probably right and I pretty much agree, but sadly, the NHS isn't quite that organized... Here's the thing: even world-leading hospitals and "learning centres" like Kings in London, where I cut my teeth, don't use encrypted thin clients *even within the hospital itself*. You'd imagine all staff desks to have Sunrays, smartcard authentication and full encryption right? Trust me on this, this is NOT the case. The NHS have a multi-million (billion?) pound contract with Dell so you will find simple bog standard Optiplexes on every desk from reception to the morgue and even on the movable carts we shuttle around speciality wards between beds to access everything from PALS to the patient record system. "Security" is often limited to the smartcard reader on the attached Dell keyboard and it's not uncommon to see harassed clinicians and even surgeons and consultants wangle a temporary "blank" access card (supposed to be stand in replacements for the inevitable lost/forgotten tokens) which is left permanently in situ - or at least until the compliance guy or someone from IT notices and dobs them in. For which you will be frozen out by the offender and potentially most of their entire department because although it's a clear breach of hospital policy and in direct contravention of common sense and the DPA, hyper-stressed medics on 100+ hour weeks will take shortcuts sometimes. Just like sometimes the drug cabinets will be left subtly unlocked to speed up the end-run around formally requesting supplies from the pharmacy dept who are also biblically overworked, stressed and late. This is all obviously seriously NOT GOOD and definitely disciplinary, if not sackable, violations of policy but man, if you guys actually knew just how much of a pressure cooker the modern NHS is from inside you'd probably be a bit scared of ever going to a hospital again. "they sure as hell wont be on her metal" - yes they will, see above. Students and staff are rarely issued hospital laptops (students: never) and EVERY SINGLE ONE OF THEM will have medical data under the DPA on their private equipment. EVERY. SINGLE. ONE. They can't do their job or their studies without this, it's well understood, they're trained and drilled in the rules and encryption is enforced. I have seen people fired for screwing this up. In practice of course, compliance is well short of 100% and during my time in the NHS I sweated, slaved and put as much effort as I possibly could into helping staff and students understand the tech and toe the line so they could get on with their day to day business. I was there during the initial transition to mandated encryption and it was a bit of a mess - contacts still there tell me it's still a bit of a mess (surprise!) but has got better over time. > in the real world, a device is disposible, files and data are centrally and > securly stored. Now this is something we can whole-heartedly agree on :] BUT - and it's another big but* - rightly or wrongly the NHS can't handle becoming the Domain Admin for every single student and staff computing device for obvious reasons (cost, complexity, liability, etc). Individuals have to be responsible for their own BYOD security and backups, which at least they are specifically trained on. I could lock down all my department's issued desktops and gear no problem, but as for every single persons phone, tablet, laptop, etc? Just think about how that would actually go down in real life... "Got a nice new Macbook Air, fresh out of the box? Sweet, I'll have that thanks. Now I'm just locking you out of admin, encrypting the storage, enforcing policies and making sure you can only transfer any data in and out of my NHS approved SAN, which is of course massively underfunded, over-provisioned, slow and not available over VPN. Ok, here's your Â1000 doorstop back, have fun! What do you mean you can't install or update anything? Of course not, that might violate NHS policy! Screw iTunes and Netflix sunshine, you're only allowed to read NHS documents on it from now on and at 10% screen brightness in case someone tries to shoulder-surf you on the 37 bus to Wandsworth! You're welcome Professor!" Yes, this was/is quite a mess frankly, and far from ideal but it is what it is. Mercifully, by definition most medical staff/students are pretty smart and will try to do the best they can and us IT bods did our level best to support them to that end. It helps that some things are so clearly defined it's almost impossible to get them wrong, and here I'm directly addressing the "just back it up to iCloud/Dropbox" replies from both of you. I will be as clear as I can why that was profoundly bad advice: Storing DPA-d medical data unencrypted on a third party cloud service IS FLAT-OUT *ILLEGAL*. YOU *CAN* BE FIRED. YOU *COULD* BE PROSECUTED. If you encrypt first, you're fine. Hence why a local encrypted TimeMachine copy - then synced to a cloud service, that would be absolutely fine - is preferable in every way. Ok, I've accidentally written another wall of text, apologies to anyone still following along. I hope this has at least clarified a few things along the way. The NHS have rather different and rather stricter rules than most organisations, second only to the military in my experience, but that's a wall of text for another day I guess. Bet you all can't wait. Cheers * teehee again :] -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq