On 8 Aug 2018, at 18:10, Barry Rowlingson <b.rowling...@lancaster.ac.uk> wrote:
On Wed, Aug 8, 2018 at 4:09 PM, Laurence Clark
<laurence.cl...@healthmanltd.com> wrote:
Hello all,
I want to download R and use it for work purposes. I hope to use it to analyse
very sensitive data from our clients.
My question is:
If I install R on my work network computer, will the data ever leave our
network? I need to know if the data goes anywhere other than our network,
because this could compromise it's security.
Is there is any chance the data could go to a server owned by 'R' or anything
else that's not immediately obvious, but constitutes the data leaving our
network?
You are talking mostly to statisticians here, and if p>0 then there's
"a chance". I'd say yes, there's a chance, but its pretty small, and
would only occur through stupidity, accident or malice.
In the ordinary course of things your data will be on your hard disk,
or on your corporate network drives, and only exist between your
corporate network server and your PC's memory. R will load the data
into that memory, do stuff with it in that memory, and write results
back to hard disk. Nothing leaves the network this way.
However... R has facilities for talking to the internet. You can save
data to google docs spreadsheets, for example, but you'd have to be
signed in to google, and have to type something like:
writeGoogleDoc(my_data, "secretdata.xls")
that covers "stupid". You should know that google docs are on google's
servers, and google's servers aren't on your network, and your secret
data shouldn't go on google's servers.
Accidents happen. You might be working on non-secret data which you
want to save to google docs, and accidentally save "data1" which is
secret instead of "data2" which is okay to be public. Oops. You sent
it to google. Accidents happen.
"malice" would be if someone had put code into R or an add-on package
that you use that sends your data over the network without you
knowing. For example maybe every time you fit a linear model with:
lm(age~beauty, data=people)
R could be transmitting the data to hackers. But the chance of this is
very small, and I don't think any malicious code has ever been
discovered in R or the 12000 add-on packages downloadable from CRAN.
Doesn't mean it hasn't been discovered yet or won't be in the future.
It used to be said that the only machine safe from hackers was one
unplugged from the network. But now hackers can get to your machine
via malicious USB sticks, keyboard loggers, and various other nasties.
The only machine safe from hackers is one with the power off. But take
the power plug out because a wake-on-lan packet could switch your
machine on remotely....
Barry
Thank you
Laurence
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Laurence Clark
Business Data Analyst
Account Management
Health Management Ltd
Mobile: 07584 556498
Switchboard: 0845 504 1000
Email: laurence.cl...@healthmanltd.com
Web: www.healthmanagement.co.uk
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the
intended recipients and may contain confidential and privileged information or otherwise be
protected by law. Any unauthorised review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender, and destroy all copies
and the original message.<BR><BR>MAXIMUS People Services Limited is registered
in England and Wales (registered number: 03752300); registered office: 202 - 206 Union
Street, London, SE1 0LX, United Kingdom. The Centre for Health and Disability Assessments
Ltd (registered number: 9072343) and Health Management Ltd (registered number: 4369949) are
registered in England and Wales. The registered office for each is Ash House, The Broyle,
Ringmer, East Sussex, BN8 5NN, United Kingdom. Remploy Limited is registered in England and
Wales (registered number: 09457025); registered office: 18c Meridian East, Meridian
Business Park, Leicester,
Leicestershire, LE19 1WZ, United Kingdom.</font>
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#####################################################################################
Scanned by MailMarshal - M86 Security's comprehensive email content security
solution.
Download a free evaluation of MailMarshal at www.m86security.com
#####################################################################################
______________________________________________
R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
______________________________________________
R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
