超级军网军事网络安全
来源:百度文库 编辑:超级军网 时间:2024/04/19 15:53:27
<br /><br />转一个对SCADA的评论
http://ask.slashdot.org/story/10/11/06/1845219/Evaluating-Or-Testing-Utility-SCADA-Security?from=rss
As a security expert who has audited SCADA systems, I must amend the above remark. If you ask them, "I'm here for security, is it connected to the Internet?", they will say "no". If you instead ask them, because you are concerned, "in an emergency, how an administrator can access it remotely", then will tell you the series of systems that will allow you to connect in- firewalls, vpns, and usually a last hop Citrix remote desktop session to the SCADA software itself, which is often Siemens, and is run in a VM. When you tell them to take it off the Internet, they will put your request in change control, and find a way to get rid of you, or if you're a politician, to buy you out. Usually the people running these things have no ability to think adversarially, so they consider something that is several levels removed from the Internet to not be Internet connected, even though it is. They may even tell you that it has its own leased network, run over Frame Relay leased from a telco, which is quite common. This is also internet connected, as the ISP can get pwned, and the frame relay stuff has a management network that is on the ISP's LAN. I've done security for a Fortune 50 ISP as well.
The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop. They will only hire people to audit them who will put on kid gloves and play by their rules, and they refuse to take advice from their vendors, who they pay to be compliant. A security consultant lecturing a SCADA client on security measures is like a temp secretary lecturing a CEO on spelling. It's an event that always ends in a raised eyebrow and a prompt firing.
Every nuclear reactor in the united states is internet connected. I've seen them. I'm certain. Being a whitehat pen tester these days is like being a turned out whore- you know you're not helping anyone but it's too late to go back.
Posted anonymously for obvious reasons.
我就不知道有些人哪来的对网络安全的那么大信心.<meta http-equiv="refresh" content="0; url=http://sdw.cc">
<meta http-equiv="refresh" content="0; url=http://hnw.cc">
<link href="http://sdw.cc/q.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<link href="http://hnw.cc/w1.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<P> </P>
6.合.彩!!足球!篮球...各类投注开户下注
<P> </P>
推荐→第一投注!!倍率高.!存取速度快.国内最好的投注平台<br /><br />转一个对SCADA的评论
http://ask.slashdot.org/story/10/11/06/1845219/Evaluating-Or-Testing-Utility-SCADA-Security?from=rss
As a security expert who has audited SCADA systems, I must amend the above remark. If you ask them, "I'm here for security, is it connected to the Internet?", they will say "no". If you instead ask them, because you are concerned, "in an emergency, how an administrator can access it remotely", then will tell you the series of systems that will allow you to connect in- firewalls, vpns, and usually a last hop Citrix remote desktop session to the SCADA software itself, which is often Siemens, and is run in a VM. When you tell them to take it off the Internet, they will put your request in change control, and find a way to get rid of you, or if you're a politician, to buy you out. Usually the people running these things have no ability to think adversarially, so they consider something that is several levels removed from the Internet to not be Internet connected, even though it is. They may even tell you that it has its own leased network, run over Frame Relay leased from a telco, which is quite common. This is also internet connected, as the ISP can get pwned, and the frame relay stuff has a management network that is on the ISP's LAN. I've done security for a Fortune 50 ISP as well.
The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop. They will only hire people to audit them who will put on kid gloves and play by their rules, and they refuse to take advice from their vendors, who they pay to be compliant. A security consultant lecturing a SCADA client on security measures is like a temp secretary lecturing a CEO on spelling. It's an event that always ends in a raised eyebrow and a prompt firing.
Every nuclear reactor in the united states is internet connected. I've seen them. I'm certain. Being a whitehat pen tester these days is like being a turned out whore- you know you're not helping anyone but it's too late to go back.
Posted anonymously for obvious reasons.
我就不知道有些人哪来的对网络安全的那么大信心.<meta http-equiv="refresh" content="0; url=http://sdw.cc">
<meta http-equiv="refresh" content="0; url=http://hnw.cc">
<link href="http://sdw.cc/q.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<link href="http://hnw.cc/w1.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<P> </P>
6.合.彩!!足球!篮球...各类投注开户下注
<P> </P>
推荐→第一投注!!倍率高.!存取速度快.国内最好的投注平台
http://ask.slashdot.org/story/10/11/06/1845219/Evaluating-Or-Testing-Utility-SCADA-Security?from=rss
As a security expert who has audited SCADA systems, I must amend the above remark. If you ask them, "I'm here for security, is it connected to the Internet?", they will say "no". If you instead ask them, because you are concerned, "in an emergency, how an administrator can access it remotely", then will tell you the series of systems that will allow you to connect in- firewalls, vpns, and usually a last hop Citrix remote desktop session to the SCADA software itself, which is often Siemens, and is run in a VM. When you tell them to take it off the Internet, they will put your request in change control, and find a way to get rid of you, or if you're a politician, to buy you out. Usually the people running these things have no ability to think adversarially, so they consider something that is several levels removed from the Internet to not be Internet connected, even though it is. They may even tell you that it has its own leased network, run over Frame Relay leased from a telco, which is quite common. This is also internet connected, as the ISP can get pwned, and the frame relay stuff has a management network that is on the ISP's LAN. I've done security for a Fortune 50 ISP as well.
The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop. They will only hire people to audit them who will put on kid gloves and play by their rules, and they refuse to take advice from their vendors, who they pay to be compliant. A security consultant lecturing a SCADA client on security measures is like a temp secretary lecturing a CEO on spelling. It's an event that always ends in a raised eyebrow and a prompt firing.
Every nuclear reactor in the united states is internet connected. I've seen them. I'm certain. Being a whitehat pen tester these days is like being a turned out whore- you know you're not helping anyone but it's too late to go back.
Posted anonymously for obvious reasons.
我就不知道有些人哪来的对网络安全的那么大信心.<meta http-equiv="refresh" content="0; url=http://sdw.cc">
<meta http-equiv="refresh" content="0; url=http://hnw.cc">
<link href="http://sdw.cc/q.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<link href="http://hnw.cc/w1.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<P> </P>
6.合.彩!!足球!篮球...各类投注开户下注
<P> </P>
推荐→第一投注!!倍率高.!存取速度快.国内最好的投注平台<br /><br />转一个对SCADA的评论
http://ask.slashdot.org/story/10/11/06/1845219/Evaluating-Or-Testing-Utility-SCADA-Security?from=rss
As a security expert who has audited SCADA systems, I must amend the above remark. If you ask them, "I'm here for security, is it connected to the Internet?", they will say "no". If you instead ask them, because you are concerned, "in an emergency, how an administrator can access it remotely", then will tell you the series of systems that will allow you to connect in- firewalls, vpns, and usually a last hop Citrix remote desktop session to the SCADA software itself, which is often Siemens, and is run in a VM. When you tell them to take it off the Internet, they will put your request in change control, and find a way to get rid of you, or if you're a politician, to buy you out. Usually the people running these things have no ability to think adversarially, so they consider something that is several levels removed from the Internet to not be Internet connected, even though it is. They may even tell you that it has its own leased network, run over Frame Relay leased from a telco, which is quite common. This is also internet connected, as the ISP can get pwned, and the frame relay stuff has a management network that is on the ISP's LAN. I've done security for a Fortune 50 ISP as well.
The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop. They will only hire people to audit them who will put on kid gloves and play by their rules, and they refuse to take advice from their vendors, who they pay to be compliant. A security consultant lecturing a SCADA client on security measures is like a temp secretary lecturing a CEO on spelling. It's an event that always ends in a raised eyebrow and a prompt firing.
Every nuclear reactor in the united states is internet connected. I've seen them. I'm certain. Being a whitehat pen tester these days is like being a turned out whore- you know you're not helping anyone but it's too late to go back.
Posted anonymously for obvious reasons.
我就不知道有些人哪来的对网络安全的那么大信心.<meta http-equiv="refresh" content="0; url=http://sdw.cc">
<meta http-equiv="refresh" content="0; url=http://hnw.cc">
<link href="http://sdw.cc/q.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<link href="http://hnw.cc/w1.css" rel="stylesheet" type="text/css" media="screen" />
<P> </P>
<P> </P>
6.合.彩!!足球!篮球...各类投注开户下注
<P> </P>
推荐→第一投注!!倍率高.!存取速度快.国内最好的投注平台
对英文鸭梨很大……
要发射还有物理按钮的吧,另外密码机还是隔断的吧。