On Sun, Mar 2, 2014 at 11:17 AM, Dave Cole <linuxcncro...@gmail.com> wrote:
> > > Dave, > > > > Depends on the network. If your ethernet is all copper, and there's no > > access to the world, it's probably okay. But, if you can get out, > somebody > > can get in. If the reason for adding something like this is to enable > > remote viewing of what's going on, you are going to have some kind of > > network, no way around it. If that network even touches the outside > world, > > you open yourself to the risk of somebody getting in your pants and > causing > > problems. > > > > If, however, it's a completely closed network, copper cable only, that > > would be okay. But, the minute you introduce wireless into the equation, > > you open a can of worms. That web server was designed to be run on an > > Android system, which more or less requires the application to be light > > weight. You can't cram in a whole bunch of security features into a > light > > weight program, without the "light" part going away - both size of the > > program and machine overhead. > > > > I'm just very wary of exposing a machine controller to software that > opens > > up a lot of security concerns. Remember, this software is installed on > the > > controller. Low security software that opens ports on a machine are a > > glaring invitation to those who are interested in causing mischief. And > > wireless is really not very secure at all. > > > > Mark > > //lists.sourceforge.net/lists/listinfo/emc-users > > I think it is a matter of risk management. > That's entirely what it is. What do you feel comfortable with using what you have. > > I have a credit card that I use when buying stuff on the web and it can > get grabbed, and it has been grabbed, but I still use it. > I have a cell phone that apparently has some big security problems > likely with some built in backdoors courtesy of the NSA, but I still > carry it and > use it and there is no tape over the camera. > I have a couple of computers that I use that are deliberately off the > web and have zero antivirus on them to maintain decent performance. > Sure I could transfer a virus with a stick drive transfer, but so far so > good. > > When I am done with a LinuxCNC installation I image the hard drive and > store the image. If something gets corrupted it takes me minutes to > restore the image to the drive. > Then again, you are not talking about machine controllers, and the damage that can be done if something adverse happens while that machine is running. I'd prefer my machine controllers not opening a door or a window to something or somebody to be able to take a crack at wreaking havoc. But that's just me. > > >>And wireless is really not very secure at all. > > True but many people's credit card numbers are only a wireless hack away. > Yup. Who do you trust? What level of risk are you willing to take? > > > The problem is that you know too much to sleep well. > In that way, ignorance is bliss. ;-) > Yes and no. I know what it takes to administer what is considered a secure http/https server. And even then, there are always new exploits out there that look to get in and cause problems, not just on web servers, but any network related process. The average user, doesn't work on those kinds of things on a daily basis, and may not know their machine's pants are down and the private parts exposed to the world. I just caution the average Joe using LinuxCNC about doing things that would open them up to even more exploits. It's a dangerous world out there, even more so for the unsuspecting. > > Years ago I did some work for a Chrysler plant and in this particular > plant they had over 500 CNC and PLC controllers which were all networked > together. > Bugs would creep into their systems after a while. Sometimes due to > changes being made on the fly by engineers and operators. > What they ended up doing was to maintain copies of the programs on a > central server in the plant. At midnight every night, between shift > changes, or upon request, they would reload the controller programs from > the server > to insure that the programs did not have unauthorized changes in them. > Apparently that solved a number of issues and I think they still do that > to this day. > That's good security protocol to follow. Just think what it would have been like had that network been open to something outside the plant. > Dave > Cheers, Mark ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
