If you can't show how your suggestions will reduce risk then why would you expect a business to spend time and money implementing them.

I'm not sure what is stranger, the material or the Daily Mail publishing something that appears to be factual and informative....

Look at Raynet in the UK.

Cell towers require power and connectivity, can't rely on those being there in an emergency.

The UK is a bit limited in the number of areas you could build such plants. Plenty of countryside but not a lot of suitable mountainous areas and not a lot of will to develop the ones we do have into industrial sites.

That's exactly what it'll be this time too.

There is little chance that UK govt would get rid of all the grey IT VB/Office hacks they have running business critical services. The larger, better funded organisations have been trying to centralise and standardise their IT for years and those guys have barely even started scraping the surface. It'd take decades and cost far more than £200mil.

You can make it accessible without putting it on the public Internet.

A lot of the companies who run SCADA devices will already have some form of MPLS WAN, most providers can give you DSL links onto that network rather than Internet. Lets you reach the device but doesn't let the rest of the world.

Or if that's not an option then stick a cheap VPN endpoint infront of it and run the comms over IPSec.

The problem with hiding the SSID is not so much how it affects the wireless network but how it affects the wireless client machines.

Once joined to that WLAN, the machine will broadcast probes containing that SSID everywhere it goes.

That may also leave the clients open to MITM if an attacker sets up another AP with the same SSID. Not sure if this works in practice.

But Skype is running on the internal network, of course it can punch holes in the NAT device. The concern is for unsolicited access from the outside which will not make it through NAT.

How exactly do you think Skype will work through a stateful firewall? It'll result in exactly the same techniques being used, the client will send an outbound "dummy" packet to allow the relevant incoming UDP traffic when the router things it's part of the same connection. Sure there will be 1/10000 customers who can go onto their firewall and open the incoming port, most people will not so these hacks will be around for a long time to come.

In terms of investors with shares who get dividends, UK dividends come with a "tax credit" that can be subtracted from the individuals tax bill. I think the general idea is the tax credit is the amount of corporation tax that the original company has paid so it avoids being double taxed. Not sure if the USA does something similar.

It is a nice idea to move the taxation onto the individuals. But I think it's a bit of a huge solution to a problem where a simpler fix would be to stop letting companies claim international consultancy as deductible and put a bit more rigor into checking their international costs for tax deductibles, e.g. if Facebook Cayman rents Facebook Ireland a $3k server for $300k/year then it's not quite right and can be looked at under the current laws for tax avoidance.

The UK is currently in the process of developing & deploying a network for government agencies to use called the PSN (public services network). It's sort of a replacement for the GSI. It runs on IPv4, most likely using the DWP address space discussed here.

Pretty much all the UK telcos & several global network manufacturers are involved with the PSN so it's a real missed opportunity that they didn't go with IPv6 for it.

I take it "on the job" doesn't have the same meaning on that side of the pond, because 54 days worth is in no sense of the word "mere".

That's the classical definition but the meaning is evolving, these days I would say it's more accurate to consider hardware forwarding decisions is switching and software/CPU-based forwarding is routing.

As for the original question, lots of networking kit uses Linux behind the scenes. Checkpoint splat platform is Linux (IPSO is FreeBSD), I think Mcafee Sidewinder is too, Cisco ASA was a Linux kernel with an IOS-like shell stuck on it (not sure about the new ones). Bluecoat SGOS is very Linux-like but not sure how close it is in reality.

The difficulty is the lack of hardware forwarding, Enterprise networking kit doesn't generally use fast busses or big backplanes to shift packets, it uses proprietary ASICs to handle the packet processing and forwarding at line rate. You can't just buy a top end server, stick TCP-offloading 10Gbps NICs in it and expect it to firewall at 10Gbps. Although that said a lot of "enterprise" firewalls that are sold as 1Gbps struggle to hit 200Mbps and they still sell plenty of boxes.

You should take Russia seriously because if you shut off your nuclear generation then you'll end up dependant on their gas to keep your lights on.

That $350 doesn't include transceivers which you need at both ends.

I would think about $4k/port is more realistic for an average install (which won't be using Linksys).

It has been implemented in IS-IS, used in some service provider networks.