On Sunday 11 January 2009, Stephen Wille Padnos wrote:
>Rafael Skodlar wrote:
>>[snip]
>>
>>It's safer to use more secure methods for communicating between the
>>systems on the network from the beginning rather than trying to fix it
>>later. You newer know when next newbie will put your code on the system
>>and then bad things might happen. Just my experience. CNC machines are
>>production grade after all and one would not want to end up with broken
>>parts.
>
>While I usually agree with this, I think I disagree in this case.
>
>The most common usage for this type of connection will be a headless
>EMC2 machine connected to a machine in the same building, possibly in
>the same cabinet. Although it would be possible to use a more secure
>connection, it's unnecessary for the majority of users. Anyone who
>wants to connect their machine or their local network to the internet
>needs to use one or more of the many available tools to secure their
>machine (external firewall), or the connection (use an ssh-encrypted
>socket, or whatever). Putting the complexity of authentication and
>security into emcrsh seems like a duplication of effort, since there are
>already tools to secure machines from the single socket/port level up to
>entire networks.
>
>Again, the simplest way to eliminate this problem is just to not connect
>the EMC2 machine to the internet.
>
And that I will disagree with Steven. However would we keep them uptodate
without that net connection?
However, let me clarify the definition of network here. Everything is on an
odd subnet of 192.168.x.x here, with a dd-wrt based router doing all the
firewalling and NATing required to do this. So effectively nothing here
is 'directly' connected to the net except dd-wrt. The only incoming paths
open here are an ssh path into the dd-wrt based router, secured by a strong
passwd, and an oddish port that is open and relayed to this machine for my
web server to use. Gaining access to the rest of the machines here would
require one to ssh to one of them from the router, and knowledge of the
other, different passwds to get on in.
However, there is no way in hell I'd ever plug a cable from the dsl modem
directly into any of my machines, so in that sense, I agree with Steven.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Cold, adj.:
When the politicians walk around with their hands in their own pockets.
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users
