[LINK] Internet crime stories
David Lochrin
dlochrin@dot.net.au
Mon, 26 Nov 2001 19:21:51 +1100
At 08:39 AM 24-11-2001 +1100, Jan Whitaker wrote:
>Simplest solution re the airport landing light story as well as other civil
>utility concerns like electricity grids, etc.: do not put critical function
>machines on the Internet - full stop. [...] It is beyond my comprehension
>why anyone would put critical systems on an open network. <sigh>
Critical systems are usually placed on the Internet so they can be accessed remotely for system- or application-management purposes. The airport concerned probably didn't have 24-hour (or indeed any) onsite IT staff in order to save money, and the computer probably controlled a good deal more than just the landing lights.
There are highly secure ways to communicate with critical systems over the Internet. Grant identified the real problem I think:
>I say we're not seeing the forest for the trees here simply because we're
>addressing the abuse of badly designed and poorly secured technology
>rather than addressing the root cause here - badly designed and poorly
>secured technology.
I wonder whether the O/S licence said anything about it being unsuitable for critical systems?
David
=================================================
David Lochrin
Networked Systems Consultancy Pty. Limited ABN 20 074 899 853
+61 2 9363 1094 (telephone) 9363 9622 (FAX)
http://www.dot.net.au/~dlochrin
PGP public key available by mail to: pgp-public-keys@keys.pgp.net
subject: GET David Lochrin
=================================================