Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: This is a common issue (Score 3, Informative) 284

by Loudog (#43944273) Attached to: Ask Slashdot: How Best To Disconnect Remote Network Access?

Ignore the haters, they don't understand the politics for this. I used to design industrial Ethernet networks for a large vendor, and we spent quite a bit of time pointing out to customers how dangerous the direct lines were. However, IT departments have very little say over manufacturing networks. This isn't always a bad thing (see the many IT/help desk horror stories). Because the remote access is often required as part of the maintenance contract, offer to partner with manufacturing to install a small firewall with access filters that are controlled by IT, but set (requested) by manufacturing.

A small Cisco ASA, Juniper SRX or its like will do the job nicely, and can shield you from hack attempts along that access path.

Comment: Re:Right idea, wrong target (Score 1) 609

by Loudog (#42102101) Attached to: US Scientific R&D Could Face Fiscal Cliff Doom

Denmark is an awesome place I'm sure. It's also about half the population of the greater San Francisco Bay area, which isn't the largest metro area in the USA. You also have a relatively homogeneous culture (with a strong work ethic) and can't project military power very far beyond your borders (to protect your trade). You could drive anywhere in your country in less than a day.

Apples != Oranges.

Comment: Wire the building, make a basement DMZ (Score 1) 257

by Loudog (#40210487) Attached to: Ask Slashdot: Provisioning Internet For Condo Association?

Maintaining the infrastructure of an ISP is challenging over the long term, especially in an environment where your "expert" may sell her/his unit and leave. So you don't want to own any servers. However, it's a damn good idea to wire every unit to a common DMZ/patch bay in a secured space. I'd recommend running some sort of combo cable up to each unit (Cat 5, multimode fiber and RG6), something like this: Each subscriber can then decide how they want to access the Internet, and what they way to pay, and you don't get somebody knocking holes in your walls trying to run cable. You could even designate one of the Cat5 drops as a common net that you put cameras on, if you need to.

Drop in a full size 2 post rack, add in a few shelves (one for each ISP), and make power available. Done.

Comment: Yeah, they've got a problem... (Score 1) 67

by Loudog (#35662208) Attached to: NASA Vulnerable To Crippling Cyber Attacks

...they've always had a problem with this, though. I was there years ago (at the beginning of the Internet boom) and we were one of the most hacked targets on the planet. Everyone seems to think that all the secret UFO data was in NASAs network -- and the pace of attacks was astounding. You had to have an RSA token to login to anything. It got so bad that we ended up having to put an optical tap (even as contractors, we fought that one) on the FDDI ring what was MAE-WEST so the FBI and other TLAs could try to track some of these idiots down.

Given that funding went down and many of the top IT / networking guys went into the booming private sector, I'm not surprised it's still a problem. All of the mission critical stuff is pretty well walled off -- but the rest of it has major issues. I don't think we'll loose a spaceship to it, but getting your email can be very annoying.

Comment: Re:Power Station PLCs should _not_ be connected... (Score 1) 138

by Loudog (#29432515) Attached to: DHS To Review Report On US Power Grid Vulnerability

A combination of VPN access and firewalling does the trick. I've tested it with AB (EthernetIP) gear and it works fine. There are quite a few vendors that will sell you the parts, but they aren't the traditional ones (Omron, AB, etc,...) so most of the controls folks seem to ignore their existence. When it comes to control, go to them. If it's data security, Cisco, Juniper,...

Measure with a micrometer. Mark with chalk. Cut with an axe.