Firewall Wizards mailing list archives
Re: SCADA
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 15 Apr 2009 21:41:03 -0500
Brian Loe wrote:
The question is, do you connect your SCADA network to your corporate network and therefore the Internet. The answer was and is, IMO, NO!!!
#ifdef PURIST Brian's response here is perfect and nuanced. You'll notice that he implicitly introduces transitive trust as a given in "and therefore..." #endif
I really DON'T have to update the Windows 95 boxes running on the SCADA network. They are currently as secure as they ever will be. The ability for someone or something to attack them has been mitigated as much as can be for them to still do the job they are assigned.
#define PURIST BrianLoe I'll teach you the secret magic handshake later. :) In the meantime you can remain in a state of default denial. :) The one thing we have going for us in internet security is that we can disconnect our targets from the background. I.e.: we can create folds in the space in which we operate, then control the attachment points. That is an ability for which most practical military thinkers would have traded their left... well, a whole lot. That we security practitioners can define our terrain, yet _refuse_ to take advantage of it, is one of the tragedies of the day. mjr. -- Marcus J. Ranum CSO, Tenable Network Security, Inc. http://www.tenablesecurity.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA, (continued)