I was involved in a security review of a SCADA system a couple of years ago. Their guy was very impressed with himself and his "Internet air-gap" but managed to leave all their ops consoles on both the SCADA network and their internal corp LAN.
Their corp LAN was a mess with holes through their NAT gateway all over the place to let external support people rdesktop to the SCADA network machines. Of course it was all on private address space internally. So you see, when you put idiots in charge, your screwed whatever you do and private address space and NAT and whatever else will be no more then security by nice stickers and marketing. -- Leigh On 13 Nov 2011, at 15:38, "Jason Lewis" <jle...@packetnexus.com> wrote: > I don't want to start a flame war, but this article seems flawed to > me. It seems an IP is an IP. > > http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html > > I think I could announce private IP space, so doesn't that make this > argument invalid? I've always looked at private IP space as more of a > resource and management choice and not a security feature. > > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
