Follow Slashdot stories on Twitter


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Depends on the industry (Score 1) 348

Some industries do make it a standard to disable firewalls on everything except perimeter devices. Networking talent is rare in these industries so it makes a certain amount of economic sense. You might be surprised to hear that SCADA and industrial control are one of the industries where this is common.

It's not totally crazy, either. If you know that if anything were to ever get on your internal network, you're going to be more diligent than usual about letting things on it. If you put all your eggs in the perimeter firewall basket and it's pretty good, then what's the problem?

Well, here's a big difference: the guy running your water plant is way different than the minimum wage guy you have running the till. The cashier has more incentive to attack the system, especially if he can get away with running a skimmer without getting caught. But the cashier has physical access to the system for several hours per day! What's the firewall going to do to stop him? He can just reboot the machine into an OS he controls, then turn off the firewall by writing to the disk directly.

There's another more important problem: if SQL Server Express is involved then I'll bet the PoS app is doing cleartext database writes, which might include credit card transactions in the future. If that's the case, the firewall has to be configured to allow these writes in cleartext. Mr. skimmer guy just needs to put a tap inline with the register's network port to get all this data, firewall or not. The app is the problem here.

Security is a people problem. Think about your staff and your vendors and choose them wisely. Until that's done pontificating about firewall best practices probably shouldn't be your first priority.

Comment Powershell and other tools (Score 5, Informative) 427

Powershell. The only tool that knows how to talk to all the different frameworks in Windows is Powershell. No other tool can talk to .NET, COM, WMI, native APIs (via P/Invoke), and external stdio based tools. If you can't do the automation you want using something in one of the above frameworks, you've got bigger problems than finding a good automation tool.

Since the test guy usually has to be a part time sysadmin too, you should be aware of these tools:

System update readiness tool:
WMI diagnostic utility:
Windows SDK (including debugging tools for windows):
sysinternals suite:
Windows Management Framework:
Windows 7 SP1 WAIK supplement:

If XP is involved, check out Windows SteadyState. It's like deepfreeze, if you've ever used that. qemu is also a great way to boot test machines and capture output at scale; using CoW disks you can have fresh machines every time you boot regardless if the test machines are XP or not.

Comment It should work up to half a mile (Score 1) 338

Lockheed Martin recently put out a press release about their magnetic communications system (MCS), which works at distances of up to half a mile through solid rock:

Although the MCS probably uses large coils and low wavelengths on both sides to achieve that impressive distance, typical RFID cards have small coils. To make up for this, very strong digitally controlled magnetic fields could be used to couple to a coil from far away. For example, see this implementation of a static 0.7 tesla magnet:

A strong enough, highly directional magnetic field and a sensitive enough detector could couple all the way to the theoretical maximum distance permitted by the RFID card's frequency. Like the MCS, that distance is one third the wavelength of 125 KHz (1.5 miles), or half a mile.

Money is better than poverty, if only for financial reasons.