No Industrial Controller should ever be connected to the internet.
This security problem applies to all Manufacturing, Chemical, Pharmaceutical, and Power industries.
When multiple sites need to be connected, they should use a Serial Dial-up or Leased Line connection
or a VPN bridge that cannot respond to any Internet requests that do not originate from the VPN.
DDOS attacks against the VPN nodes should only be able to disconnect the controller networks
at which point a fallback Dial-up connection will take over.
Industrial Controller networks should look like this:
remote PLC/PID -- Firewall -- remote HMI/SCADA/Historian -- Firewall -- VPNbridge -- Internet -- VPNBridge -- Firewall -- HQ HMI/SCADA/Historian
An industrial Controller network should generate an severe error alert if any internet site is reachable.
a mac with Elgato eyeTV will ignore the cable Do Not Copy flag.
eyeTV supports the HDHomeRun as an input device and can receive any Clear QAM cable TV signal.
BlueGen Fuel Cell uses Natural Gas to generate 1.5Kw electric power and 0.5Kw heat as 25 gallons/day of hot water. The fuel cell is designed to run 24/7/365 and works with power company net metering. Think of it as an infinite duration UPS.
http://www.bluegen.info/
TOR for network transport
Encrypted/Signed DNS local DNS proxy for locating public network resources
Anonymous TOR DNS for locating encrypted network resources
Bittorrent for distributed storage and data transport
Overlay protocols for WEB, MAIL, CHAT, Internet Phone, etc that never leave the TOR network
with local proxy/forwarders and distributed servers or no servers at all
Exit Node proxies with white-lists for Twitter, Facebook, Google, etc.
All wrapped up in a simple to use installer for Windows, Mac OS, Linux, Unix, IOS and Android.
For the open square, a regular grid of telephone poles with staggered height sheets of white canvas or translucent plastic.
This allows unobstructed air circulation while blocking 50% to 80% of the sun's heat.
For passive ventilation, 4 tall telephone poles arraigned in a square with transparent plastic sheets forming a square chimney.
Inside the chimney have sheets of black plastic forming an X between the poles. The sun's heat on the black plastic will cause
an updraft that will draw cooler air into the square through the gaps between the staggered height tents. There should be a
number of chimneys arraigned around the square to provide enough draft to handle the heat generated by the people in the
square [10,000 people = 1-5 megawatts].
Water hoses can be strung between the tent poles with mist sprinklers spraying the people in the square.
The temperature may be 111F outside but it will be less than 90F under the shade of the tents.
The easiest way to legally protect your personal info is to
get congress to pass a law to make personally identifiable info
joint property between the the person who is identified and
the collector of the info.
Then, the holder of personal info will need your explicit
consent in order to legally sell your info. You would need to
voluntarily sell your ownership interest in the info to loose
legal control of it. All of the normal property laws would take
effect.
I worked 25 years as a Systems Programmer and Software Engineer before I finished my B.S. in Computer Science. Experience and allways having a job when you look for another job are the keys to working in the software field.
Out of the box, OS X has an active firewall based on the standard unix IPFW with all ports defaulting to closed. Also all of the standard daemons and services are inactive by default.
The user must explicitly enable each service and open the associated port in the firewall to allow a service to be visible from outside otherwise nothing will be listening to the ports used by PC worms.
OS X also does not enable the root userid and instead displays a dialog prompting for the administrator password for each function that wants to update a system option.
Non Administrator users cannot install a virus even if they want to because they cannot update any folder except/var/temp and their home folder.
Slashdot Mirror
No Industrial Controller should ever be connected to the internet. This security problem applies to all Manufacturing, Chemical, Pharmaceutical, and Power industries.
When multiple sites need to be connected, they should use a Serial Dial-up or Leased Line connection or a VPN bridge that cannot respond to any Internet requests that do not originate from the VPN. DDOS attacks against the VPN nodes should only be able to disconnect the controller networks at which point a fallback Dial-up connection will take over.
Industrial Controller networks should look like this:
remote PLC/PID -- Firewall -- remote HMI/SCADA/Historian -- Firewall -- VPNbridge -- Internet -- VPNBridge -- Firewall -- HQ HMI/SCADA/Historian
An industrial Controller network should generate an severe error alert if any internet site is reachable.
a mac with Elgato eyeTV will ignore the cable Do Not Copy flag. eyeTV supports the HDHomeRun as an input device and can receive any Clear QAM cable TV signal.
BlueGen Fuel Cell uses Natural Gas to generate 1.5Kw electric power and 0.5Kw heat as 25 gallons/day of hot water. The fuel cell is designed to run 24/7/365 and works with power company net metering. Think of it as an infinite duration UPS. http://www.bluegen.info/
Let the Censors be hoist on their own petard...
TOR for network transport
Encrypted/Signed DNS local DNS proxy for locating public network resources
Anonymous TOR DNS for locating encrypted network resources
Bittorrent for distributed storage and data transport
Overlay protocols for WEB, MAIL, CHAT, Internet Phone, etc that never leave the TOR network
with local proxy/forwarders and distributed servers or no servers at all
Exit Node proxies with white-lists for Twitter, Facebook, Google, etc.
All wrapped up in a simple to use installer for Windows, Mac OS, Linux, Unix, IOS and Android.
For the open square, a regular grid of telephone poles with staggered height sheets of white canvas or translucent plastic. This allows unobstructed air circulation while blocking 50% to 80% of the sun's heat.
For passive ventilation, 4 tall telephone poles arraigned in a square with transparent plastic sheets forming a square chimney. Inside the chimney have sheets of black plastic forming an X between the poles. The sun's heat on the black plastic will cause an updraft that will draw cooler air into the square through the gaps between the staggered height tents. There should be a number of chimneys arraigned around the square to provide enough draft to handle the heat generated by the people in the square [10,000 people = 1-5 megawatts].
Water hoses can be strung between the tent poles with mist sprinklers spraying the people in the square.
The temperature may be 111F outside but it will be less than 90F under the shade of the tents.
The easiest way to legally protect your personal info is to get congress to pass a law to make personally identifiable info joint property between the the person who is identified and the collector of the info.
Then, the holder of personal info will need your explicit consent in order to legally sell your info. You would need to voluntarily sell your ownership interest in the info to loose legal control of it. All of the normal property laws would take effect.
I worked 25 years as a Systems Programmer and Software Engineer before I finished my B.S. in Computer Science. Experience and allways having a job when you look for another job are the keys to working in the software field.
Out of the box, OS X has an active firewall
/var/temp and their home folder.
based on the standard unix IPFW with all ports
defaulting to closed. Also all of the standard
daemons and services are inactive by default.
The user must explicitly enable each service
and open the associated port in the firewall
to allow a service to be visible from outside
otherwise nothing will be listening to the
ports used by PC worms.
OS X also does not enable the root userid and
instead displays a dialog prompting for the
administrator password for each function that
wants to update a system option.
Non Administrator users cannot install a virus
even if they want to because they cannot update
any folder except