IETF Logo Mail Archive

Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks

Keith Moore <moore@network-heretics.com> Sun, 05 January 2020 04:03 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A56120024 for <ietf-smtp@ietfa.amsl.com>; Sat, 4 Jan 2020 20:03:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTnlcLwYXoKG for <ietf-smtp@ietfa.amsl.com>; Sat, 4 Jan 2020 20:03:04 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D71E112006F for <ietf-smtp@ietf.org>; Sat, 4 Jan 2020 20:03:04 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 28B604DA; Sat, 4 Jan 2020 23:03:04 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sat, 04 Jan 2020 23:03:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=DzSEeh lmFKKV6zlnyQ/cevae8k2StMQgnXUdqNwJ8rY=; b=aTdrx/S5JbGCgpME1B6Xnd 1PUDVW1/jBEejJNY3/72nsyI1Q2mEJ8qFIipdoeHJ2RPD1CDoTHl/fZs0td2ADRO f3wRlQyJ5FTMcVc5KvKeYsEiBGZLkqVDm1lLaAbG45PmVh+wY/kPky3XUfs8iSji Ant1WqqfR0KYI13ySMSdrzSedN9qAOQPHBPkHOlm4qlsdBfJq1yLKsDMYC7tKgQC 0CFWmW4PClN2+RHg6ke9CliIsQ3jWBM2fwhoIIZ2DuEr5vx67uBZR5bOshG69Qq8 WXQ6yaKOO2cymxCsp+rCrbMNlfVnJ8V1brAYZjunry2pgiydMTIT8hQeL/THONhA ==
X-ME-Sender: <xms:918RXjWMBY4NlCgFzgTtUV7Gh8g7SPM9JuSqOsIHGFrvELgajF8QGw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdegiedgieeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepuffvfhfhkffffgggjggtsegrtderredtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucfkphepuddtkedrvddvuddrudektddrudehnecurfgrrhgrmhepmhgrihhlfhhrohhm pehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomhenucevlhhushhtvg hrufhiiigvpedt
X-ME-Proxy: <xmx:918RXrswOBnMUQtOtvZroAe51VfF7899ycqte2k11bnfJELnbjL4tA> <xmx:918RXtMf70n6qGWf2WQRYwnuByypqShqevdxTZfeIKE906PuNu-gvA> <xmx:918RXile4TV2teJYCDi0PqzZ13oNK_9ZU8hbOBoz_uc-Y6-onCAZ8w> <xmx:918RXg6z-cgH4ODoWx5XMvd6pw7h8hpgcf0gu-VRYtF5lXEfRLN9jg>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 003523060783; Sat, 4 Jan 2020 23:03:02 -0500 (EST)
To: John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20200105021840.51DEA11FA155@ary.qy>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <e222998e-374f-07aa-024e-2b6fb9d39003@network-heretics.com>
Date: Sat, 04 Jan 2020 23:03:02 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20200105021840.51DEA11FA155@ary.qy>
Content-Type: multipart/alternative; boundary="------------03D28803ACB045B1217AA73F"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/ER2I8YkwfghSqMAGEiNhAM8gm6w>
Subject: Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 04:03:07 -0000

On 1/4/20 9:18 PM, John Levine wrote:

> In article<92D1347D-9993-41F8-902B-0C9EDC79AD7D@network-heretics.com>  you write:
>> -=-=-=-=-=-
>> This is an attempt to summarize my observations about (mostly-)isolated networks, and also about some dubious assumptions
>> that I've seen some equipment developers make about security requirements on such networks.
> Thanks, this is very helpful.
Thanks.
> It looks like, insofar as we're thinking about mail, a reasonable
> design is to put a reasonably capable submission server on a network
> (e.g., Raspberry Pi running linux) and point the IPs of the IoT mail
> senders at it.  We could give some more thought about what the
> submission server could reasonably do to avoid relaying hostile
> messages.

At first glance it might seem like good sense to use a Raspberry Pi or 
similar devices in some such scenarios. Though it's trickier that it 
might seem at first.

Any device that uses an SD card as its primary storage medium is likely 
to be flaky.   At a minimum, it really needs a good power supply and 
ideally a UPS to minimize the risk that the SD card will be trashed.  (I 
think newer Pis can boot from USB devices, so the SD card might not be 
an insurmountable problem.)

In some environments there are other issues associated with such 
devices, e.g. environmental (temperature, humidity, etc.).   And a Pi is 
not approved for use in an environment where explosive gases are 
present, etc.

(It's probably possible to build an device which is basically a sealed 
IP-rated enclosure containing a Pi with a 24v or lower voltage power 
supply, and pay a testing lab to certify that such a device meets 
relevant standards.   Someone might even have done that already, but 
such certification costs many thousands of dollars, so the certified 
devices won't be cheap.   A wall wart power supply would never be 
acceptable.)

And to the person in charge of such a facility, a Raspberry Pi doesn't 
look like industrial equipment.   It might look more like a security 
threat, which it coincidentally is.   They're extremely easy to hack via 
multiple paths, and it's difficult to protect them from being hacked.   
They were, after all, basically designed to be easy to hack, not to 
protect their code and data from attack.

-------

Rather than try to define what such a site's hardware configuration 
should be, I suspect ietf-smtp would do better to define the behavior of 
a submission service that is designed to accept inbound email from 
devices in such an environment and forward such email to a "smarthost" 
(or whatever you want to call it) that can get it to the appropriate 
destinations.

Such a service might be provided by hardware located within that 
environment, or external to that environment via a 
NAT/proxy/firewall/whatever.   Different enterprises will require 
different hardware solutions.   But the "IIoT submission service" may 
still need to be able to operate in the same environment as the devices 
it serves, which  may still mean no DNS, etc.    Or maybe two service 
profiles are needed - one for on-site and one for upstream?

Keith

v2.23.0 | Report a Bug | By Email