Protection for enterprises

[alex-fischer-70]

I think we should add a focus on protection for enterprises and companys. They are obviously the victims of industrial espionage but live cds are not really useable in enterprise environnements. So what could a company do to "break prism"? We should give them also some tips.

[Zegnat]

Exactly the same tips apply to companies as individuals because both are targeted by exactly the same PRISM. Or am I missing something here?

[alex-fischer-70]

Yes I agree. But enterprises can't use these email providers, because they need own domains. And how can a company use anonymizing networks like Tor or Jondo in their firewall environnements. And: How can they use live CDs? They need other systems.

[cr1pt0]

@Zegnat Actually there a difference.

We are now listing some open core products. For private use they can be okay as long as you need no support. But most companies need support, and then they are required to buy a proprietary license. And if it is proprietary you have no idea what's in there and what to check for. Especially since some of these providers such as Zimbra are US based and the NSA has required back doors to be inserted before.

[Zegnat]

Yes I agree. But enterprises can’t use these email providers, because they need own domains.

Actually, MyKolab will let you use your own domain.

And: How can they use live CDs? They need other systems.

They could, but they would probably want to add their own choice of software packages. The idea of a live CD is simply that the Operating System cannot be compromised because it sits on a non-writable piece of hardware. There is no reason a company can’t make use of this ‘trick’. They could even just set the computers to always boot from CD and leave a live CD in all the time.

Anonymising networks networks are slightly harder, but again, not impossible. They could set-up their router to push everything over Tor, much like the Onion Pi could do for your home network. The real question there is whether companies should need to do that. I can think of very few legal companies that will object to their IP being visible. Remember that the actual employees are still anonymous behind that IP.

I believe a company could make itself just as secure with the things on this list as any individual. More so if the company has the money to hire a sysadmin to set-up their own mail and cloud servers.

---

@cr1pt0, that’s interesting, I must have missed those discussions then. In #315, @nylira kept Univention of the list exactly because I raised some issues with the licensing for corporate use. Back then the closing argument was:

With no libre version of UCS, I don't think it belongs on this list with so many other strong alternatives already.

[cr1pt0]

@Zegnat I see. In that case let's hope that the people who promoted UCS do not see the thread because they may even argue to be more libre than those that are now listed. ;)

[Zegnat]

I’m debating if I should open an issue for it and get @nylira to give us some kind of guideline on the matter or just wait for him to drop by here.

[Cathryne]

Maybe this could be tied in with the idea #556. "What kind of user are you?" could be one of the filters, with options like "I surf the web and write emails", "I run my own server" and "I am the head of a companies IT department".

[nylira]

@cr1pt0 UCS will be reconsidered for addition. https://github.com/nylira/prism-break/pull/315

As for the topic, I don't think corporations need specific focus at this time, but it's worth considering for the future. Many of the projects listed on PRISM Break are easily scalable to corporation levels of users.

[NRG-R9T]

Working on an informational basis (as journalist) with CIO's, Distributors (plus VAD), System Integrators and Business Software Vendors for years, I can assure you that: If business users can't see any suggestion about support in prism-break.org, the list will be of no use for them. I suggest to add a line for guaranteed support levels for every item. for example: blank for unknown or unexisting, Consumer Grade (1-3 users), Pro (up to 200 users), Enterprise (above).

[alex-fischer-70]

I don't know why this issue is closed, because we don't have really a solution. I thougt of systems like appliances to integrate Tor in a enterprise entwork. And we need informations how to use live cds in an enterprise. And of course it is important to have the anonymity tools in a company: According to surfing and email you could analyse the strategie of a company. For example you could find out th who they want to establish contact for example for new investments. And all the inverstigation programs like PRISM have also the aim of industrial espionage. So we shouldn't let the companies alone!

[Cathryne]

@alex-fischer-70 I don't think there are any live CDs specifically are designed for company environments. Since they are supposed to be loaded up from an individual computer anyway, the standard instructions would apply. See https://tails.boum.org/getting_started/index.en.html for example or http://livecdlist.com/ for the list I checked just now for something related to "company" or "enterprise".

[alex-fischer-70]

@Cathryne I agree that there aren't live CDs for company environnments. But I think a live CD isn't really useable in enterprise environnments because then the administrator will loose the control of the computers. So companies need special solutions. And we should recommend some solutions that fit in a company environnment.

[Cathryne]

Agreed. Do you have basic knowledge of git(hub), forking, committing changes, pull requests? Please contribute to reduce the discrepancy between posted ideas and done work ;-)

It doesn't seem to be difficult. I've started with this really just a week ago, but got some edits accepted right away.

[Atavic]

Unified Threat Management (UTM) are tailored for enterprise use: Sophos UTM, Endian Firewall, Untangle NG, IPFire, pfSense.

[Hillside502]

Open Source Endian Firewall Community Alternatives - AlternativeTo.net https://alternativeto.net/software/endian-firewall-community/?license=opensource

[lukateras]

We list a whole bunch of enterprise-friendly fully free (not open core) software with optional paid support from developers: Kolab, Nextcloud, Fedora, CentOS, OpenVPN. I don't see anything actionable in this issue perhaps other than adding "Support" link where available in fashion similar to #1906.

[Atavic]

Some software has telemetry, like Sophos UTM; while IPFire hasn't such "feature".