As far as I can see Red Tiger Security is Jonathan Pollet; and even though they list Houston, Dubai, Milan, and Sydney as offices it looks like Houston is the only one. Is that right? Seems a little misleading. It actually reminds me of a 16 year old kid I know who runs a web hosting "company" that you'd think was a Fortune 500 by the way the website reads, and he's more than happy to take your credit card information and store it without being PCI compliant. Credibility of the company aside, At first I wanted to cut Jonathan some slack. If he was going to point to the use of public IPs as evidence that a firewall may not be in use and then went on to discuss the potential risks of not having any security, then that would have been appropriate. But instead he goes on about explaining what a public vs. private address is (poorly) and proceeds to associate the security of the system with the use of private IPs. I just don't see him as credible in the security field after reading it. Then again, he does have that interview on Fox News posted on his website where he talks about terrorist plots to compromise the integrity of nuclear power plants... Honestly, people post stuff like this time and time again. It's been debunked so many times that a quick Google will probably give you what you need to figure it out on your own. On Sun, Nov 13, 2011 at 10:36 AM, Jason Lewis <jlewis@packetnexus.com> wrote:
I don't want to start a flame war, but this article seems flawed to me. It seems an IP is an IP.
http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-u...
I think I could announce private IP space, so doesn't that make this argument invalid? I've always looked at private IP space as more of a resource and management choice and not a security feature.
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/