3. Zero trust networks

Zero trust networks

So I have to be lean on details for this answer because NDAs.

But in some of my manufacturing centers, we're deploying internal firewalls to protect the greater industrial controls network from the manufacturing hardware systems that are routinely serviced by vendors. Some of our vendors have been less than stringent on their sterile security procedures, and that has led to viruses and malware spreading like wildfire on systems that are by design single purpose, and usually naked. Meaning no firewalls, and little to no antivirus.

We already have the full blown infrastructure build out from the ancient Purdue model. Shoring that up has been our mission.

So on every system that can host an accessible operating system, we've been deploying internal firewalls, that block all traffic from the source device with the exception of a returns from single remote access or monitoring tool. Dumb schmuck maintenance guy comes out and does his firmware update, and the infected USB drive he uses for the purpose (he's also used to carry porn from his home pc to his office or whatever) no longer infects any system on our industrial systems save the vendor system...

Ideally we want to move to full trustless architecture.

/r/sysadmin Thread
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

My [26m] girlfriend [24f] is 'hurt' because I won't go to her parents this weekend Am I in over my head? $2000 CAD Beast Gaming Pc Do you believe in the validity of non-binary identities? Are non-binary identities inherently sexist? Why or why not? node-fetch or browser-request? My [25F] boyfriend [29M] follows his exes on instagram and it bothers me. What do? The cost of California’s public pensions is breaking the bank Weekly podcast post (submit your links here!) (2017-04-10) United Airlines stock down over 5% premarket trading Had my whole team rage quit on me within the first few minutes... [Help] I want a dog, and I can't figure out how to get one Do you Hate single mothers? 30/M/US I want a friend to chat with for the night! What is the craziest teacher freak out you have ever witnessed?