Re: [foxboro] Aim* Security

• From: Corey R Clingo <clingoc@xxxxxxxxxxxxx>
• To: foxboro@xxxxxxxxxxxxx
• Date: Tue, 19 Apr 2005 17:24:06 -0400

Capable firewalls can mitigate the DoS problem also, by throttling either 
connection (TCP SYN) attempts, or overall traffic rate, or both.  If the 
source port of the netFoxAPI client on the PC can be fixed, the firewall 
can look for this as well to allow only one process on the client PC to 
connect at a time.

Corey Clingo
BASF Corp.







"Johnson, Alex (Foxboro)" <ajohnson@xxxxxxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
04/19/2005 03:30 PM
Please respond to foxboro

              To:  foxboro 
              cc: 
         Subject:       Re: [foxboro] Aim* Security







By the way, as was pointed out to me not so long ago, you can put a 
firewall
between the AW51 and the PC and close all the ports but the one and you 
can
still have problems.

AW -> FW (open port 45678) -> PC

In particular, a Denial of Service attack - in the configuration shown 
above
- virus would hit the open port on the firewall. Once it sees that that 
port
is open, it would repeatedly hit it. Hitting the port causes load on the
AW51 and can slow it down.

We are actually building a solution to this problem called the 'Isolation
Station' which is based on the 'Isolation Station software'. The ISS is
basically AOS and the INI51/70. This package allows the AW to push data to
the PC outside the firewall.

The trick is that the FW is completely closed on the "out/PC"side and open
to one port only on the "in/AW"side - like this:

AW -> (open port 45678) FW -> PC

If you want more information let me know.


Regards,

Alex Johnson
Invensys Process Systems
Invensys Systems, Inc.
10707 Haddington
Houston, TX 77043
713.722.2859 (voice)
713.722.2700 (switchboard)
713.932.0222 (fax)
ajohnson@xxxxxxxxxxx





 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

• » Re: [foxboro] Aim* Security
• » Re: [foxboro] Aim* Security
• » Re: [foxboro] Aim* Security

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription