David, Yes, these systems are effectively open to any once you find your way on to either the "2nd Ethernet Port" network or the Foxboro internal network. Isolation from corporate networks and vigilant perimeter security can help with this vulnerability to basic script kiddie stuff, but not prevent it completely. It also doesn't help that the IA account password is just about as standard across systems as a "ps -ef". Welcome to my life. :) Sincerely, Michael Toecker Control System Security Designer Compliance & Infrastructure Protection Burns & McDonnell Engineering -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of David Johnson Sent: Wednesday, May 06, 2009 8:34 AM To: foxboro@xxxxxxxxxxxxx Subject: [foxboro] SOlaris Security was network locked Corey, Last weekend, my son and some of his hacker friends wanted to do some testing in our office. Using nothing but Zenmap and metasploit they had root access on a 51B (Solaris 2.5.1) after about 20 minutes of playing. I was not too surprised, but it did underscore the fact that these are pretty open. The funny part was after running "ls" and "pwd" they started asking me for unix commands to run. Script kiddies yes, unix savvy no. The Solaris 8 boxes are significantly better, at least the high schoolers didn't get into it so easily. Regards, David _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave