[R] security using R at work

Rainer M Krug R@|ner @end|ng |rom krug@@de
Thu Aug 9 09:19:23 CEST 2018 

I can not agree more, Barry. Very nicely put.

Rainer


> On 8 Aug 2018, at 18:10, Barry Rowlingson <b.rowlingson using lancaster.ac.uk> wrote:
> 
> On Wed, Aug 8, 2018 at 4:09 PM, Laurence Clark
> <Laurence.Clark using healthmanltd.com> wrote:
>> Hello all,
>> 
>> I want to download R and use it for work purposes. I hope to use it to analyse very sensitive data from our clients.
>> 
>> My question is:
>> 
>> If I install R on my work network computer, will the data ever leave our network? I need to know if the data goes anywhere other than our network, because this could compromise it's security.
> 
>> Is there is any chance the data could go to a server owned by 'R' or anything else that's not immediately obvious, but constitutes the data leaving our network?
> 
> You are talking mostly to statisticians here, and if p>0 then there's
> "a chance". I'd say yes, there's a chance, but its pretty small, and
> would only occur through stupidity, accident or malice.
> 
> In the ordinary course of things your data will be on your hard disk,
> or on your corporate network drives, and only exist between your
> corporate network server and your PC's memory. R will load the data
> into that memory, do stuff with it in that memory, and write results
> back to hard disk. Nothing leaves the network this way.
> 
> However... R has facilities for talking to the internet. You can save
> data to google docs spreadsheets, for example, but you'd have to be
> signed in to google, and have to type something like:
> 
>> writeGoogleDoc(my_data, "secretdata.xls")
> 
> that covers "stupid". You should know that google docs are on google's
> servers, and google's servers aren't on your network, and your secret
> data shouldn't go on google's servers.
> 
> Accidents happen. You might be working on non-secret data which you
> want to save to google docs, and accidentally save "data1" which is
> secret instead of "data2" which is okay to be public. Oops. You sent
> it to google. Accidents happen.
> 
> "malice" would be if someone had put code into R or an add-on package
> that you use that sends your data over the network without you
> knowing. For example maybe every time you fit a linear model with:
> 
> lm(age~beauty, data=people)
> 
> R could be transmitting the data to hackers. But the chance of this is
> very small, and I don't think any malicious code has ever been
> discovered in R or the 12000 add-on packages downloadable from CRAN.
> Doesn't mean it hasn't been discovered yet or won't be in the future.
> 
> It used to be said that the only machine safe from hackers was one
> unplugged from the network. But now hackers can get to your machine
> via malicious USB sticks, keyboard loggers, and various other nasties.
> The only machine safe from hackers is one with the power off. But take
> the power plug out because a wake-on-lan packet could switch your
> machine on remotely....
> 
> Barry
> 
> 
> 
> 
> 
> 
> 
>> Thank you
>> 
>> Laurence
>> 
>> 
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> Laurence Clark
>> Business Data Analyst
>> Account Management
>> Health Management Ltd
>> 
>> Mobile:                 07584 556498
>> Switchboard:    0845 504 1000
>> Email:          Laurence.Clark using healthmanltd.com
>> Web:            www.healthmanagement.co.uk
>> 
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipients and may contain confidential and privileged information or otherwise be protected by law. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender, and destroy all copies and the original message.<BR><BR>MAXIMUS People Services Limited is registered in England and Wales (registered number: 03752300); registered office: 202 - 206 Union Street, London, SE1 0LX, United Kingdom. The Centre for Health and Disability Assessments Ltd (registered number: 9072343) and Health Management Ltd (registered number: 4369949) are registered in England and Wales. The registered office for each is Ash House, The Broyle, Ringmer, East Sussex, BN8 5NN, United Kingdom. Remploy Limited is registered in England and Wales (registered number: 09457025); registered office: 18c Meridian East, Meridian Business Park, Leicester,
>  Leicestershire, LE19 1WZ, United Kingdom.</font>
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> 
>> 
>> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> 
>> 
>> #####################################################################################
>> Scanned by MailMarshal - M86 Security's comprehensive email content security solution.
>> Download a free evaluation of MailMarshal at www.m86security.com
>> #####################################################################################
>> 
>> ______________________________________________
>> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
>> and provide commented, minimal, self-contained, reproducible code.
> 
> ______________________________________________
> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:       +41 (0)78 630 66 57
email:      Rainer using krugs.de
Skype:      RMkrug

PGP: 0x0F52F982




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://stat.ethz.ch/pipermail/r-help/attachments/20180809/cf997365/attachment-0002.sig>

More information about the R-help mailing list