Hacker News new | ask | show | jobs
by EvanAnderson 703 days ago
I am aware of a municipality local to me that, as part of a franchise agreement for a new ISP entering the community, had the ISP run fiber to every traffic cabinet. They're connected back to the city network in a VLAN that's "behind the firewall". >sigh<
2 comments
SoftTalker 703 days ago
Because of course a controller for a traffic light needs gigabit fiber internet connectivity....
link
ddulaney 703 days ago
That’s not the scary thing here. Better to future-proof it.

Running presumably unencrypted SNMP over shared lines is sketchy.

link
SoftTalker 703 days ago
Well to be fair a number of traffic lights now have cameras to monitor the intersection as well. Didn't consider that.
link
EvanAnderson 703 days ago
It was only 100Mbps service, per the agreement, but yeah... >smile<

They do have cameras at each intersection, as well as networked audio at many (for all the speakers hanging from light poles that blare annoying instrumental covers of old popular songs).

link
kevin_thibedeau 703 days ago
The issue is that legacy copper plant has a finite lifetime. Paper insulated lines are already mostly useless today. If you have to replace infrastructure you may as well select a more robust modern alternative.
link
mschuster91 703 days ago
Cameras are cheap these days, and with a decent fiber link, just install one for each crossing, feed the live streams back to the pig sty and whoops you suddenly have all you need for a comprehensive monitoring solution to track people. No matter if they're suspects or not.

The shit you saw on NCIS a decade ago and dismissed as "science fiction" is getting ever more to reality.

link
hunter2_ 703 days ago
Interesting, but I think the VLAN in your explanation is equivalent to the "network" I'm asking about. The V is mostly immaterial, I think.
link
oasisbob 703 days ago
The VLAN part is important.

"LAN" doesn't imply the same use of VLAN trunking or flat network architecture.

Traffic infra being on a VLAN behind the firewall implies a lot of trust in the traffic infra physical plant. You can harden against layer 2 vulnerabilities, but they're a whole 'nother can of worms and possible failure point.

It also implies the possibility of VLAN trunking being used inappropriately.

All the CCIEs I've learned from and trusted were very suspicious about extending the size and scope of LANs offsite through VLANs.

link