Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment This is a common issue (Score 3, Informative) 284

Ignore the haters, they don't understand the politics for this. I used to design industrial Ethernet networks for a large vendor, and we spent quite a bit of time pointing out to customers how dangerous the direct lines were. However, IT departments have very little say over manufacturing networks. This isn't always a bad thing (see the many IT/help desk horror stories). Because the remote access is often required as part of the maintenance contract, offer to partner with manufacturing to install a small firewall with access filters that are controlled by IT, but set (requested) by manufacturing.

A small Cisco ASA, Juniper SRX or its like will do the job nicely, and can shield you from hack attempts along that access path.

Comment Re:Right idea, wrong target (Score 1) 609

Denmark is an awesome place I'm sure. It's also about half the population of the greater San Francisco Bay area, which isn't the largest metro area in the USA. You also have a relatively homogeneous culture (with a strong work ethic) and can't project military power very far beyond your borders (to protect your trade). You could drive anywhere in your country in less than a day.

Apples != Oranges.

Comment Wire the building, make a basement DMZ (Score 1) 257

Maintaining the infrastructure of an ISP is challenging over the long term, especially in an environment where your "expert" may sell her/his unit and leave. So you don't want to own any servers. However, it's a damn good idea to wire every unit to a common DMZ/patch bay in a secured space. I'd recommend running some sort of combo cable up to each unit (Cat 5, multimode fiber and RG6), something like this: Each subscriber can then decide how they want to access the Internet, and what they way to pay, and you don't get somebody knocking holes in your walls trying to run cable. You could even designate one of the Cat5 drops as a common net that you put cameras on, if you need to.

Drop in a full size 2 post rack, add in a few shelves (one for each ISP), and make power available. Done.

Comment Yeah, they've got a problem... (Score 1) 67

...they've always had a problem with this, though. I was there years ago (at the beginning of the Internet boom) and we were one of the most hacked targets on the planet. Everyone seems to think that all the secret UFO data was in NASAs network -- and the pace of attacks was astounding. You had to have an RSA token to login to anything. It got so bad that we ended up having to put an optical tap (even as contractors, we fought that one) on the FDDI ring what was MAE-WEST so the FBI and other TLAs could try to track some of these idiots down.

Given that funding went down and many of the top IT / networking guys went into the booming private sector, I'm not surprised it's still a problem. All of the mission critical stuff is pretty well walled off -- but the rest of it has major issues. I don't think we'll loose a spaceship to it, but getting your email can be very annoying.

Comment Re:Power Station PLCs should _not_ be connected... (Score 1) 138

A combination of VPN access and firewalling does the trick. I've tested it with AB (EthernetIP) gear and it works fine. There are quite a few vendors that will sell you the parts, but they aren't the traditional ones (Omron, AB, etc,...) so most of the controls folks seem to ignore their existence. When it comes to control, go to them. If it's data security, Cisco, Juniper,...

Slashdot Top Deals

Prototype designs always work. -- Don Vonada