Hi list, Andreas wrote: > the DCS systems including AW51C with solaris 2.5.1 are > already open for hackers! EVERY System is open for attacks, if it has at least one connection to some other system. The question is, how easy a software and hardware provider like Invensys it makes for users to make things wrong and with that to increase a potential risk. All connectivity has always pro's and con's which need to be carefully weighted against each other. Proprietary technologies may have some disadvantages to customers like e.g. single source for supply, but it's by the nature of the thing more unlikely that there exploits for bugs existing and the risk of being compromised by an attack is much lower, if not near zero. On each strategic decision for introducing new technologies this is an important thing to consider. Example OPC: Imagine what security door you open if you just set up a plain OPC server on a standard AW machine! to set this up safely you need a seperate box and two firewalls between this new OPC server and the system and between the OPC server and the outer world with all the associated configuration and maintenance work. If you just use FoxAPI and some proprietary software that uses the Foxboro libraries and connects directly to that you use a proprietary technology where exploits are unlikely. Another example: With the FDSI FBM232/233 you can set up OPC connections on the Fieldbus. If the OPC FBM gets compromised (which is easily possible for someon who has access to the network link) this attack stops in the FDSI, as the Fieldbus behind is proprietary and not open and not supporting open protocols with e.g. remote execute, the attack can not proceed to the CP or into the system. Proprietary protocols protect systems using these. (And please don't let us discuss the advantages of OPC against FoxAPI, we all know them ;-). This was just an example for the usage of open against proprietary technology.) Best regards - Marcel Sieling Senior Application Consultant Invensys Systems GmbH Emanuel-Leutze-Str. 11 40547 Duesseldorf Germany T: +49-211-5966-302 F: +49-163-99-5966302 M: +49-163-5966302 Skype: marcel.sieling mailto:marcel.sieling@xxxxxxxxxxxxxxxx http://www.foxboro-deutschland.de > -----Original Message----- > From: foxboro-bounce@xxxxxxxxxxxxx > [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Weiss, Andreas > Sent: Friday, March 10, 2006 9:36 AM > To: foxboro@xxxxxxxxxxxxx > Subject: Re: [foxboro] Foxboro I/A OPC > > > Hi Marcel, > > > Is everybody wanting this well aware that this opens the DCS=20 > > systems to an uncontrolled and unsecure platform which is subject > > for=20 hacker attacks? > > the DCS systems including AW51C with solaris 2.5.1 are > already open for hackers! > > > > Noone from wonderware or Invensys or Foxboro can support > any kind of > > problems on the browser side that may arise from this=20 approach. > > It depends on the way of thinking how Invensys is interested > to sale support and products. > > > > this approach would be chosen, all DCS data would have to be=20 > >exposed to the browsers on a webserver. How can this made really > >secure and=20 stable? Do we > > want to rely on this technology for business-critical applications? > >=20 > > Amazon for example has his business-critical application (a > book shop) already working in the INTERNET. Working for a lot > of years. Ok, you are right it is not an easy job but it is a > task for EVERY company in the future. > > > Andreas > > > ______________________________________________________________ > _________ > This mailing list is neither sponsored nor endorsed by > Invensys Process Systems (formerly The Foxboro Company). Use > the info you obtain here at your own risks. Read > http://www.thecassandraproject.org/disclaimer.html > > foxboro > mailing list: //www.freelists.org/list/foxboro > to subscribe: > mailto:foxboro-request@xxxxxxxxxxxxx?subject=join > to > unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave > > _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave