Firewall Wizards mailing list archives
Re: SCADA
From: Brian Loe <knobdy () gmail com>
Date: Tue, 14 Apr 2009 11:17:47 -0500
On Tue, Apr 14, 2009 at 10:47 AM, Kaas, David D <David_D_Kaas () rl gov> wrote:
We have a few SCADA and process control networks firewalled from our corporate network which is connected to the Internet. Or policy has been to lock these down to a few specific IP addresses and secure ports and only to/from our corporate network. We have some owners of these networks that would like the firewalls to be more open. Their initial requests are to be able to manage these networks from the Internet (from home), to be able to retrieve Microsoft patches and virus signatures and to do MS file sharing to our corporate network. We currently have these services (patching and virus signatures) available on the corporate network but they believe it would be easier and simpler to retrieve them separately. How do you answer this without just saying NO? Thank you, Dave
You just say no. Their MS updates aren't important. If its truly segregated from the corporate network, their machines do not need antivirus. A SCADA network should not even connect to your corporate network for ANYTHING - or vice versa. We have a data logger system that needs to be able to talk to both networks, it's in a DMZ with TWO firewalls between the corporate network and the control network. Traffic is not allowed to pass between networks, ONLY to and from that system and only on the designated ports for the data logging application (which isn't the same on both networks). With the latest news of China breaching our power (SCADA) networks you would think people wouldn't be so stupid as to ask for this kind of access! _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: [Fwd: Question], (continued)
- Re: [Fwd: Question] Chris Blask (Apr 08)
- Re: [Fwd: Question] ArkanoiD (Apr 10)
- Re: [Fwd: Question] Anton Chuvakin (Apr 10)
- Re: [Fwd: Question] Chris Blask (Apr 11)
- Re: [Fwd: Question] ArkanoiD (Apr 10)
- Re: [Fwd: Question] Jean-Denis Gorin (Apr 14)
- Re: SCADA Bertolett, Richard (Apr 14)
- Re: SCADA Sam Golden (Apr 14)
- Re: SCADA Chris Blask (Apr 14)
- Re: SCADA Marcus J. Ranum (Apr 15)
- Re: SCADA Jim Seymour (Apr 14)
- Re: SCADA Brian Loe (Apr 14)
- Re: SCADA ArkanoiD (Apr 15)
- Re: SCADA Brian Loe (Apr 15)