Re: SCADA

[Victor Williams <bwilliam13 () windstream net>]

Why do you need to answer at all?

In my experience, the easiest way to make (good) policies moot and unenforceable is to make exceptions for reasons that 
don't really make (good) sense.

I could see windows/microsoft updates, as those can be compartmentalized pretty well with proxy server(s) and internal 
WSUS server(s).  But allowing them to be managed from home?  How are you going to manage the 
connection/equipment/software sitting outside your jurisdiction (the person's home)?


---- "Kaas wrote: 
>  
> We have a few SCADA and process control networks firewalled from our corporate network which is connected to the 
> Internet. Or policy has been to lock these down to a few specific IP addresses and secure ports and only to/from our 
> corporate network. We have some owners of these networks that would like the firewalls to be more open.  Their 
> initial requests are to be able to manage these networks from the Internet (from home), to be able to retrieve 
> Microsoft patches and virus signatures and to do MS file sharing to our corporate network.  We currently have these 
> services (patching and virus signatures) available on the corporate network but they believe it would be easier and 
> simpler to retrieve them separately.
>
> How do you answer this without just saying NO?
>
> Thank you,
>
> Dave
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards