[foxboro] Aim* Security

• From: Jeremy Milum <jmilum@xxxxxxxxx>
• To: foxboro@xxxxxxxxxxxxx
• Date: Tue, 19 Apr 2005 14:39:06 -0500

Currently we have two ethernet cards in our Aim* Win2K box: one on the
DCS 2nd ethernet network to collect data, and the other on the plant deskto=
p
network to serve data. I don't like this since if the box is compromised it=
 has
a direct connection to the Solaris boxes on the DCS side (which are also
very vulnerable).  I would like to put both ethernet cards on the plant sid=
e
and allow only open the ports (for one card) that Aim* needs in my firewall=
.
So one card would still serve the data, and one collect, but if the box is=
=20
compromised only one port will be open to the DCS side (or however many
Aim* needs). =20

Sooooooo, what ports are needed by Aim*, and does this sound like
an OK solution?

Jeremy

--=20
Patron saints in general are broadband connections to the Almighty
- Michelle Delio, Wired News
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription