Firewall Wizards mailing list archives
Re: SCADA
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 16 Apr 2009 00:00:46 -0400 (EDT)
On Wed, 15 Apr 2009, Marcus J. Ranum wrote:
A reliable system is one that does what it is designed to do, no less. And certainly no more. An "insecure" system is one that does quite a bit more than it was designed to do - namely it hosts hostile activity. When discussing "normal" system
1. I'm not sure "no more" fits in the definition- for instance a system that's designed to send company email can also send personal email- how does that make the system less reliable? 2. An "insecure" system _can_ host hostile activity, but that doesn't mean it does.
That's not exactly true. A system that does exactly what it is supposed to - no more, no less - is achievable. It's not
I'm not sure it's achievable. General purpose systems are too flexible to be completely locked down. I can use my "Shift" key to play the Monty Python theme, certainly not a design goal...
Where we get into problems is when the requirements are not anything that can actually be accomplished. As Tom Ptacek once pointed out, in a fit of brilliance, the problem is that we have general-purpose computers that are designed to be programmable to do anything; and we want to restrict what they can do.
I'd already typed the GP computer comment, so I'm leaving it in.
If I had a dollar - just one dollar - for every time I've heard that, I'd be retired and I wouldn't care if the power grid I rely on melts down.
If I had one beer for every time I've heard that, you'd be out of beer! Again! :) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Moderator: Firewall-Wizards mailing list Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SCADA, (continued)