On August 21, 2007 2:57:47 pm Dave Hall wrote:
> On Tue, Aug 21, 2007 at 02:28:56PM -0600, Chris Friesen wrote:
> > Dave Hall wrote:
> > >It sounds like you just want to isolate the instrument's computer from
> > > the big band network since it can not be properly managed.
> > >
> > >Why not just add a second network card to the machine that you will be
> > >using to fetch the data and connect the two with a cross-over cable.
> >
> > This leaves the system at risk to a compromised "data fetching" machine.
> > If that's an acceptable risk, then fine. My earlier suggestion was to
> > add a filtering bridge in addition to this proxy machine.
>
> How is the risk to the data any different? Are the additional layers of
> security worth the cost and effort relative to the risk?
>
> What Gordon described sounds like a situation which is quite common in many
> of the research labs around here. Various instrumentation is controlled by
> older Windows boxes which have a high risk of breaking due to vary narrow
> compatibility requirements. The desktop guys tell me there are quite a few
> Windows 98 boxes controlling instrumentation that are not networked. The
> downside is there are no virus scanner updates so they get hit by viruses
> on memory sticks used to collect data. Gordon, is this the case?
Dave us correct - the instrument demands that the operating system be
configured in a very specific way that can not be changed. This means no
system patches can be applied to it, leaving it very vulernerable. It can't
be safely networked easily.
While this makes the instument work very well it poses many compromises on how
the data created on the computer by this instrument can be accessed. The
only safe way data can be moved off the system is by burning the data to CD
DVD. The users end up creating enourmous numbers of disks. Many want to use
usb memory keys - but I think that poses a risk.
I am looking for a way of safely and easily getting the data from the
vulnerable system to a system that can be networked and have up to date
anti-virus information. This system could then be used to support a wide
range of data transfer technologies - networking, memory keys, memory cards,
CD's DVD's etc etc ...
Gord
Received on Thu Aug 23 12:21:56 2007
This archive was generated by hypermail 2.1.8 : Thu Aug 23 2007 - 12:21:59 CST