Firewall Wizards mailing list archives
Re: SCADA
From: Victor Williams <bwilliam13 () windstream net>
Date: Tue, 14 Apr 2009 15:16:56 -0500
Why do you need to answer at all? In my experience, the easiest way to make (good) policies moot and unenforceable is to make exceptions for reasons that don't really make (good) sense. I could see windows/microsoft updates, as those can be compartmentalized pretty well with proxy server(s) and internal WSUS server(s). But allowing them to be managed from home? How are you going to manage the connection/equipment/software sitting outside your jurisdiction (the person's home)? ---- "Kaas wrote:
We have a few SCADA and process control networks firewalled from our corporate network which is connected to the Internet. Or policy has been to lock these down to a few specific IP addresses and secure ports and only to/from our corporate network. We have some owners of these networks that would like the firewalls to be more open. Their initial requests are to be able to manage these networks from the Internet (from home), to be able to retrieve Microsoft patches and virus signatures and to do MS file sharing to our corporate network. We currently have these services (patching and virus signatures) available on the corporate network but they believe it would be easier and simpler to retrieve them separately. How do you answer this without just saying NO? Thank you, Dave _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA, (continued)
- Re: SCADA Marcus J. Ranum (Apr 14)
- Re: SCADA Victor Williams (Apr 14)