Arguing against using public IP space
Leigh Porter
leigh.porter at ukbroadband.com
Sun Nov 13 18:50:55 UTC 2011
I was involved in a security review of a SCADA system a couple of years ago. Their guy was very impressed with himself and his "Internet air-gap" but managed to leave all their ops consoles on both the SCADA network and their internal corp LAN.
Their corp LAN was a mess with holes through their NAT gateway all over the place to let external support people rdesktop to the SCADA network machines.
Of course it was all on private address space internally.
So you see, when you put idiots in charge, your screwed whatever you do and private address space and NAT and whatever else will be no more then security by nice stickers and marketing.
--
Leigh
On 13 Nov 2011, at 15:38, "Jason Lewis" <jlewis at packetnexus.com> wrote:
> I don't want to start a flame war, but this article seems flawed to
> me. It seems an IP is an IP.
>
> http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html
>
> I think I could announce private IP space, so doesn't that make this
> argument invalid? I've always looked at private IP space as more of a
> resource and management choice and not a security feature.
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the NANOG
mailing list