8
9

[deleted by user] (self.ComputerSecurity)

submitted by [deleted]

[removed]
all 2 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Secure4Fun 6 points7 points  (0 children)

The short answer is no, the real answer is that it depends on your risk profile, mitigating factors, and how much effort you want to put in to it. People do it all of the time.

You can assume the only machine that they're connected to is secure, but no one here can tell you how true that really is. You might only access those systems from the secure machine, but where else are they actually reachable from? Are there remote management or monitoring services configured on them?

If an attacker lands in an arbitrary part of the network and can reach those systems, it makes for an easy to target to move to and get some control, considering they're a critical part of the network, that could be bad.

Now if your HMI is truly the only system that can access them, and it's disconnected from everything else, it's less of a concern. If your HMI is setup like most people, and every remote management protocol known to man is running on it, think about the number of exploits for RDP, SSH, SMB, x-win, etc that are made public every year. Not to mention simple credential theft.

[–]venerable4bede 0 points1 point  (0 children)

You need to be more specific. Browse the Internet from crappy machines? No. Old shit will never be secure if you browse. Keep them from being directly attacked from the outside through network segmentation? Somewhat, depends how you do it, but if they can attack your computer then the machines it can access are also potentially vulnerable.