undefined | Better HN

0 pointsMerrill4y ago0 comments

Any IP packet that is valid on the Internet would be invalid and dropped on the critical infrastructure network. The only packets that could pass between the Internet and the critical infrastructure network would be those that are intentionally bridged by rewriting the CRC-32. This should not be done at the IP level, but only by application level bridges.

It would prevent inadvertent connections between the Internet and the critical infrastructure network.

0 comments

detaro4y ago

The usual problem are systems that are intentionally connected to both networks, and after compromise happily serve as points to enter the inner network.

MerrillOP4y ago

‘Arm Waving’ Response to Hackers Makes Oil Industry Easy Prey

Everyone from the facility managers to the private equity owners assumed that the plant’s computer network was “air-gapped” -- a term referring to computers that aren’t connected to the internet or another unsecured network. But when Mission Secure installed monitoring devices to check, they discovered that a worker on the night shift was connecting his Roku device to the internet to watch episodes of “CSI: Miami.”

https://www.bloomberg.com/news/articles/2021-05-12/colonial-...

So stuff like this wouldn't happen.

j / k navigate · click thread line to collapse