Re: Arguing against using public IP space

[Leigh Porter <leigh.porter () ukbroadband com>]

I was involved in a security review of a SCADA system a couple of years ago. Their guy was very impressed with himself 
and his "Internet air-gap" but managed to leave all their ops consoles on both the SCADA network and their internal 
corp LAN.

Their corp LAN was a mess with holes through their NAT gateway all over the place to let external support people 
rdesktop to the SCADA network machines.

Of course it was all on private address space internally. 

So you see, when you put idiots in charge, your screwed whatever you do and private address space and NAT and whatever 
else will be no more then security by nice stickers and marketing.

-- 
Leigh


On 13 Nov 2011, at 15:38, "Jason Lewis" <jlewis () packetnexus com> wrote:

> I don't want to start a flame war, but this article seems flawed to
> me.  It seems an IP is an IP.
>
> http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html
>
> I think I could announce private IP space, so doesn't that make this
> argument invalid?  I've always looked at private IP space as more of a
> resource and management choice and not a security feature.
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________