manualshive.com logo in svg

GarrettCom Ethernet Networks and Web Management, Brochure, Page: 4 / 12

Share
Download
GarrettCom Ethernet Networks and Web Management Brochure Download Page 4

As Ethernet has expanded into outlying industrial facilities, two types of network structures emerge:  

Local and Remote.  The Local Ethernet structure is within the walls of a single facility which can be 

closely watched, with the only serious security risk being from disgruntled employees or persons who 

have penetrated the physical security of the plant.  Access to data running across this type of Local 

Ethernet network can be protected by segregating it with VLANs (Virtual Local Area Networks). 

VLANs can be configured to restrict points of access from the outside world and can employ password 

protection to provide authorization, authentication, and access control tethered to the Ethernet network 

itself.  Telnet managed by the switch can be used for remote login to the switch manager software.  

 

However, Ethernet’s benefits to industrial applications run far beyond such restricted local 

applications.  Much Ethernet connectivity is deployed beyond a single plant and local-only networks 

would limit the ability to manage, monitor and collect data from remote operations. Ethernet, using 

fiber cabling for distance, noise-immunity and security, is deployed throughout widely distributed 

industrial applications. Interconnecting multiple water treatment plants or power substations within a 

metropolitan area are typical examples  

 

Remote industrial Ethernet implementations are very popular applications for monitoring (the Data 

Acquisition (DA) part of SCADA).  They are typically closed systems, which require in-facility access 

points for information review, as opposed to casual Internet access from the home or from the remote 

laptop of a maintenance supervisor.  Within the closed system, remote monitoring may be possible, 

eliminating many routine maintenance visits to unmanned outlying operations, with concomitant 

reduction in costs.  It is also easier to identify potential problems and dispatch maintenance or repair 

teams promptly – often avoiding down time or managing outages.  

 

The only security risk in a closed system is a physical breach of the network, and even in the case of 

such an event, password protection goes a long way to providing data security.  The downside is the 

lost opportunity for efficiencies and savings because of the limits placed on management and control 

of industrial operations from afar. 

 

Management Supervision and Control – the SC part of SCADA - of remote sites over Ethernet has 

traditionally been used less often simply because of concerns regarding security.  If these concerns can 

 3

Summary of Contents for Ethernet Networks and Web Management

Page 1: ...Secure Industrial Control Utilizing High Speed Ethernet Networks and Web Management GarrettCom Inc 47823 Westinghouse Drive Fremont CA 94539 PH 510 438 9071 FAX 510 438 9072 www GarrettCom com ...

Page 2: ...ital to ongoing success as has the widespread use of the computer systems which make such attacks so easy and so painful It is no longer enough to catch the perpetrator during or after the commission of a malicious act considerable time and expense is being consumed to address how to secure systems to prevent intrusion Repercussions from the 2003 power blackout in the Northeastern US were felt thr...

Page 3: ...nities and challenges specific to industrial applications At the broadest level the Instrumentation Systems and Automation Society ISA and the National Institute of Standards and Technology NIST are looking at overall security practices for industry See APPENDIX A On a more specific industrial level there are groups such as the North American Electric Reliability Council which has been named by th...

Page 4: ... throughout widely distributed industrial applications Interconnecting multiple water treatment plants or power substations within a metropolitan area are typical examples Remote industrial Ethernet implementations are very popular applications for monitoring the Data Acquisition DA part of SCADA They are typically closed systems which require in facility access points for information review as op...

Page 5: ... in the areas of concern documented by the ISA SP99 committee assuring that a user is who he she claims to be authentication and access authorization for that user encryption and validation as data crosses the Internet so that it cannot be easily accessed and stolen filtering and blocking access control providing audit measurement monitoring and detection tools While Ethernet switch management sof...

Page 6: ... begin to reap the benefits of remote access care must be taken to avoid security breaches Commerce has led the way with highly secure financial medical and retail applications however the complexities of industrial security require careful thought and planning and in many cases a different take on a security strategy User authentication for controlling access and encryption are not only desirable...

Page 7: ...n Virginia December 2002 Herbert Dan Process Control Security ControlGlobal com The Online Resource of Control Magazine October 23 2004 http www controlglobal com articles 2004 292 html Melton Ron Fletcher Terry Earley Matt System Protection Profile Industrial Control Systems Version 1 0 National Institute of Standards and Technology Gaithersburg Maryland April 2004 Merritt Rich What s in Your Ser...

Page 8: ...ultants and cyber security vendors The first two reports from the committee which were published in 2004 are Security Technologies for Manufacturing and Control Systems ISA TR99 00 01 2004 or TR1 and Integrating Electronic Security into the Manufacturing and Control Systems Environment ISA TR99 00 02 2004 or TR2 TR1 provides guidance for using currently available electronic security technologies w...

Page 9: ...he NIST PCSRF s System Protection Profile for Industrial Control Systems SPP ICS released in 2004 is a baseline document that states necessary industrial security requirements at an implementation independent level It will be used to create security specifications for specific systems and components such as a water treatment system or a power substation The NIST PCSRF includes a number of members ...

Page 10: ...3 assures that a received message was transmitted by the entity whose identifier appears as the source in the message header it assures that the message was not altered in transit and that there was not artificial delay or replay It also provides for the ability to update configuration parameters in SNMP agents thus enabling complete remote management of SNMP devices which is an added convenience ...

Page 11: ...l is done by group where a group may be a set of multiple users While SNMPv3 provides secure communications between human managers and the various managed elements in a network it is not enough for security of web based applications For this Secure Socket Layer SSL protocol and its extension the Transport Layer Security TSL protocol extend SNMP features to web based applications SSL Secure Socket ...

Page 12: ...e used to block computers from accessing the network by requiring the port to validate the Media Access Control MAC address against a known list of approved MAC addresses If there is an insecure access on a secondary device connected to a switch these levels of control allow authorized users to continue to access the network while unauthorized packets are dropped Remote Security The further afield...

Reviews:

No comments