[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Jason]

On Fri, 17 Jun 2011 10:46:11 +1000, Alex Satrapa <grail at goldweb.com.au> wrote:

> On 17/06/2011, at 09:59 , Hugh Fisher wrote:
>
>> Al-Qaeda aren't sitting around plotting "tomorrow, brethren,
>> we will strike a deadly blow to the Western infidels by shutting
>> down their email!"
>
> No, they're probably planning to shut down our electricity grid and water supply instead.
>
> Or even worse, our TV channels.
>
> Alex
>

I think you are being unrealistic that every device on the internet should be hardened while at the same time fully forgiving that these critical systems are on the internet. Don't put your electricity grid on the internet! Secure those networks, have physical overrides, dont design these systems to fail at the press of a giant button put in a public place with a don't press me sticker on it.

I was shocked to hear a computer virus managed to anything at all to a nuclear reactor, why wouldn't you have an air gap a mile wide between the reactor and any computer that had ever been on the internet? Does it really need to be able to tweet its current load? There are many levels to designing a system to not be dangerous and the first is the physical layer, if you have built up your system and got to putting a firewall on it or something before you start thinking about security you have already failed.

Banking and stock markets are vulnerable I can see that because they need interaction with humans all over the world but really why is anything to do with water or electricity supply on the internet?

Jason