Firewall Wizards mailing list archives
Re: SCADA
From: Brian Loe <knobdy () gmail com>
Date: Thu, 16 Apr 2009 08:56:48 -0500
On Wed, Apr 15, 2009 at 11:00 PM, Paul D. Robertson <paul () compuwar net> wrote:
1. I'm not sure "no more" fits in the definition- for instance a system that's designed to send company email can also send personal email- how does that make the system less reliable?
It propably - or probably should - violates the company's appropriate use policy. It may also induce a non-business reply, or forwards, which may introduce spam and viruses.
That's not exactly true. A system that does exactly what it is supposed to - no more, no less - is achievable. It's notI'm not sure it's achievable. General purpose systems are too flexible to be completely locked down. I can use my "Shift" key to play the Monty Python theme, certainly not a design goal...
You don't put general purpose systems on a SCADA network. They don't do email - nor do they have an email client installed. The are there to do one thing, run the SCADA application. Everything else has been removed or disabled. One could argue that you don't put general purpose systems on the corporate network either. You put accounting systems in the accounting department and HR systems in the HR department. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA, (continued)
- Re: SCADA Chris Blask (Apr 16)
- Re: SCADA Brian Loe (Apr 16)
- Re: SCADA Marcus J. Ranum (Apr 16)
- Re: SCADA Brian Loe (Apr 18)