I know I've been talking about rolling out a group policy to disable USB drives across our enterprise, but I get told I'm being controlling....
They have been our largest infection vector and, like this post shows, an easy way for data to walk out the door without an audit trail.
Incorrect use of DNS...DNS was designed to be very fault tolerant, but when you publish records with 30 second TTLs, so the authoritative server has to be accessed twice a minute, making millions of caching nameservers useless.
When you run TTLs less than 150 (like many of Dyn's customers), your DNS is no longer decentralized and fault tolerant....if you don't change your records often, use a longer TTL. Much of the effect of this attach could have been mitigated by using a 1800 or longer TTL...as long as a few isp and other common caches can get one response for each record every half hour things keep working
Why does everyone use such small DNS TTLs? Checking some of the domains (including twitter) that went down, their TTLs are all less than 200...are their networks so dynamic that 1800, 3600, 7200 wouldn't work? Would really minimize the effect of DNS outages...
You need a PLC configured with the right I/O (relay in/out, analog in/out) with Ethernet and a common, open protocol like ModbusTCP... Automation Direct is a good supplier of these.
Alternatively one could use "dumber" remote I/O devices like these