[146436] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Leigh Porter)
Sun Nov 13 13:49:40 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Jason Lewis <jlewis@packetnexus.com>
Date: Sun, 13 Nov 2011 18:50:55 +0000
In-Reply-To: <CA+buB7eG7z0kxh-UZgJqvE8pQqFwY3iRkS+Up7buCLqTi5Dctg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I was involved in a security review of a SCADA system a couple of years ag=
o. Their guy was very impressed with himself and his "Internet air-gap" bu=
t managed to leave all their ops consoles on both the SCADA network and th=
eir internal corp LAN.
Their corp LAN was a mess with holes through their NAT gateway all over th=
e place to let external support people rdesktop to the SCADA network machi=
nes.
Of course it was all on private address space internally.=20
So you see, when you put idiots in charge, your screwed whatever you do an=
d private address space and NAT and whatever else will be no more then sec=
urity by nice stickers and marketing.
--=20
Leigh
On 13 Nov 2011, at 15:38, "Jason Lewis" <jlewis@packetnexus.com> wrote:
> I don't want to start a flame war, but this article seems flawed to
> me. It seems an IP is an IP.
>=20
> http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendo=
rs-use-public-routable-ip-addresses-by-default.html
>=20
> I think I could announce private IP space, so doesn't that make this
> argument invalid? I've always looked at private IP space as more of a
> resource and management choice and not a security feature.
>=20
>=20
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email=20
> ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email=20
______________________________________________________________________
