Re: [fw-wiz] SCADA

On Wed, Apr 15, 2009 at 11:00 PM, Paul D. Robertson <paul@xxxxxxxxxxxx> wrote:

1.  I'm not sure "no more" fits in the definition- for instance a system
that's designed to send company email can also send personal email- how
does that make the system less reliable?

It propably - or probably should - violates the company's appropriate
use policy. It may also induce a non-business reply, or forwards,
which may introduce spam and viruses.

That's not exactly true. A system that does exactly what it
is supposed to - no more, no less - is achievable. It's not

I'm not sure it's achievable.  General purpose systems are too flexible to
be completely locked down.  I can use my "Shift" key to play the Monty
Python theme, certainly not a design goal...

You don't put general purpose systems on a SCADA network. They don't
do email - nor do they have an email client installed. The are there
to do one thing, run the SCADA application. Everything else has been
removed or disabled.

One could argue that you don't put general purpose systems on the
corporate network either. You put accounting systems in the accounting
department and HR systems in the HR department.
firewall-wizards mailing list