Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SCADA

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 15 Apr 2009 21:41:03 -0500
Brian Loe wrote:

The question is, do you connect
your SCADA network to your corporate network and therefore the
Internet. The answer was and is, IMO, NO!!!


#ifdef PURIST
Brian's response here is perfect and nuanced. You'll
notice that he implicitly introduces transitive trust
as a given in "and therefore..."
#endif


I really DON'T have to update the Windows 95 boxes running on the
SCADA network. They are currently as secure as they ever will be. The
ability for someone or something to attack them has been mitigated as
much as can be for them to still do the job they are assigned.


#define PURIST BrianLoe

        
I'll teach you the secret magic handshake later. :) In the
meantime you can remain in a state of default denial. :)

The one thing we have going for us in internet security
is that we can disconnect our targets from the background. I.e.: we
can create folds in the space in which we operate, then
control the attachment points. That is an ability for
which most practical military thinkers would have traded
their left... well, a whole lot.

That we security practitioners can define our terrain, yet
_refuse_ to take advantage of it, is one of the tragedies
of the day.


mjr.
--
Marcus J. Ranum         CSO, Tenable Network Security, Inc.
                        http://www.tenablesecurity.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: