Re: [foxboro] Infusion on corporte

Yep, this always happens with process control system applications.  You
put any new patches on the system, and it breaks just about everything
else.

Depending on the policies at your company, you may be able to institute
a rollback of the hotfixes\patches in question, and possibly restore to
an earlier version, before the OS patches were applied.  These are all
pretty vanilla operations, and any IT department should be able to
assist.

The chance of an anti-virus program and/or signatures interfering with
your software is unlikely, but if you still can't open Archestra, remove
the anti-virus as well.  Otherwise, restore from your backups (you made
backups, right?).  If these options don't fix it, you're stuck with a
full reinstall of software. =20

In either case, Corey is spot on.  You won't be able to let these
systems receive patches if you want them to be useful.  You'll have to
work out something with IT to ensure that security is maintained, cause
they won't be happy.

Sincerely,
=20
Michael Toecker
Burns and McDonnell Engineering
Control System Security Group
mtoecker@xxxxxxxxxxxx


-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx]
On Behalf Of Corey R Clingo
Sent: Wednesday, May 21, 2008 2:40 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Infusion on corporte

Congratulations.  You just ran into the classic problem with running  a=20
process control system on off-the-shelf IT hardware and software.  The=20
only stuff supported is that which the vendor tells you is supported.

I second (third, fourth?) the notion that the best workaround right now
is=20
to isolate your I/A, except for necessary connections, with a firewall
or=20
other security appliance.  They even have firewalls out now with
built-in=20
virus scanning of passing traffic.  To make both sides happy here, IT
puts=20
up their firewall and we put up ours, back-to-back.  Then we can put=20
whatever we need on our side of our firewall (like XP SP1, a particular=20
antivirus, 15-year-old Swiss-cheese versions of Solaris, etc.)


I'm personally less fond of VLANs for security, because (depending on
the=20
switch used) they can be difficult to set up and document properly, and,

well, I've read about too many ways to hack them :).  For mere traffic=20
isolation they are fine, but If you need to pass your
"isolated/critical"=20
control system traffic across a "public" or "business" network,=20
encryption/VPN technologies are more palatable to me.


Corey Clingo
BASF Corporation






"deepa raju" <dipa.dsk@xxxxxxxxx>=20
Sent by: foxboro-bounce@xxxxxxxxxxxxx
05/21/2008 02:22 AM
Please respond to
foxboro@xxxxxxxxxxxxx


To
foxboro@xxxxxxxxxxxxx
cc

Subject
[foxboro] Infusion on corporte






We have a infusion system(Server 2003) in our lab which is required to
be=20
in
corporate network. For this reason we have installed Mcafee and Security
patches, after installing them I am not able to open Archestra IDE. HAs
anyone faced this situtation before.
       Provide some solution to this as soon as possible.
Thanks in advance.
dsk


=20
=20
=20



=20
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
=20
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe:      =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave
=20
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave

Other related posts: