[Oisf-users] Endpoints outside of the US

Nelson, Cooper cnelson at ucsd.edu
Tue Jan 22 23:09:01 UTC 2019

A reality of modern cloud computing and globalism is that lots of data centers are being ‘outsourced’ outside of the country in order to keep costs down.  There isn’t anything you can do about it other switching to a competitor with a better domestic presence.  Both Google and Amazon will make an effort to keep your data inside your country of origin, for example.  But who knows how long that is going to be the case.

Personally, I don’t think there is much of a risk with this model currently, especially if your data is encrypted.  Given state-sponsored actors, anything is possible, however.  Including insider threats and ‘layer 1’ supply-chain attacks on the infrastructure itself.

Something I proposed @Suricon was to start scoring ASNs by risk in order to start holding the big cloud players accountable and potentially allow for scoping TLS interception using a trust model.  So, for example, allowing TLS to known-good domestic ASNs while intercepting (or even blocking) it for foreign or low-trust networks.


From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Albert E. Whale, CEH CHS CISA CISSP
Sent: Tuesday, January 22, 2019 2:24 PM
To: Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org>
Subject: [Oisf-users] Endpoints outside of the US

I'm looking at a lot of traffic to 443 connections to Singapore, Hong Kong, Japan, Netherlands and more.  Some of this traffic's IP Addresses are assigned to Microsoft.

I want to believe the that there is nothing malicious, but I Don't believe that there is a need to send my data to Singapore or Japan, when I live in the USA.

Is there a need to send data to a foreign country to use Microsoft products?

President - Chief Info Security Officer
IT Security, Inc.<http://www.IT-Security-inc.com> - A Service Disabled Veteran Owned Company - (SDVOSB)
HUBZone Certified
LinkedIn<https://www.linkedin.com/in/albertwhale> Profile

Phone: 412-515-3010 | Email: Albert.Whale at IT-Security-inc.com<mailto:Albert.Whale at IT-Security-inc.com>
Cell: 412-889-6870
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190122/7098c482/attachment-0001.html>

More information about the Oisf-users mailing list