Firewall Wizards mailing list archives

Re: SCADA

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 16 Apr 2009 00:00:46 -0400 (EDT)

On Wed, 15 Apr 2009, Marcus J. Ranum wrote:

A reliable system is one that does what it is designed to do,
no less. And certainly no more. An "insecure" system is one
that does quite a bit more than it was designed to do - namely
it hosts hostile activity. When discussing "normal" system


1.  I'm not sure "no more" fits in the definition- for instance a system 
that's designed to send company email can also send personal email- how 
does that make the system less reliable?

2.  An "insecure" system _can_ host hostile activity, but that doesn't 
mean it does.

That's not exactly true. A system that does exactly what it
is supposed to - no more, no less - is achievable. It's not


I'm not sure it's achievable.  General purpose systems are too flexible to 
be completely locked down.  I can use my "Shift" key to play the Monty 
Python theme, certainly not a design goal...

Where we get into problems is when the requirements are not
anything that can actually be accomplished. As Tom Ptacek once
pointed out, in a fit of brilliance, the problem is that we
have general-purpose computers that are designed to be
programmable to do anything; and we want to restrict what
they can do.


I'd already typed the GP computer comment, so I'm leaving it in.

If I had a dollar - just one dollar - for every time I've
heard that, I'd be retired and I wouldn't care if the power
grid I rely on melts down.


If I had one beer for every time I've heard that, you'd be out of beer!  
Again! :)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: SCADA, (continued)
- - - Re: SCADA Paul D. Robertson (Apr 27)
    - Re: SCADA Jim Seymour (Apr 27)
    - Re: SCADA Dotzero (Apr 27)
    - Re: SCADA Paul D. Robertson (Apr 27)
    - Re: SCADA ArkanoiD (Apr 27)
- Re: SCADA Bill McGee (bam) (Apr 15)
  - Re: SCADA Brian Loe (Apr 15)
    - Re: SCADA Marcus J. Ranum (Apr 15)
    - Re: SCADA Brian Loe (Apr 16)
  - Re: SCADA Marcus J. Ranum (Apr 15)
    - Re: SCADA Paul D. Robertson (Apr 15)
    - Re: SCADA Marcus J. Ranum (Apr 15)
    - Re: SCADA Paul D. Robertson (Apr 15)
    - Re: SCADA Brian Loe (Apr 16)
    - Re: SCADA Paul D. Robertson (Apr 16)
    - Re: SCADA Chris Myers (Apr 16)
    - Re: SCADA Brian Loe (Apr 16)
    - Re: SCADA Marcus J. Ranum (Apr 16)
    - Re: SCADA Chris Blask (Apr 16)
    - Re: SCADA Brian Loe (Apr 16)
    - Re: SCADA Marcus J. Ranum (Apr 16)

(Thread continues...)