manualshive.com logo in svg

GarrettCom Ethernet Networks and Web Management, Брошюра, Страница: 3 / 12

Поделиться
Скачать
GarrettCom Ethernet Networks and Web Management Скачать руководство пользователя страница 3

More and more industrial sites are taking advantage of Ethernet as a mature, end-to-end, standards-

based networking, communications and data transmission protocol because it offers convenience and 

efficiency that bring higher performance and lower cost.  In addition, the standards that are in place 

support interoperability among many competing equipment vendors as well as world-wide 

interconnectivity. At the same time, more extensive use of Ethernet/IP and other well-documented 

protocols will make hacking and disruption easier if adequate security measures are not taken.  

Password protection, encryption, access authorization and firewalls are some of the many tools 

available to protect against cyber invasion. 

 

INDUSTRIAL SECURITY INITIATIVES 

While there are similarities between security in enterprise business IT systems (which protects 

activities such as bank and stock transactions and on-line purchases), and that required by industrial 

control systems, several groups have been chartered to address the technology opportunities and 

challenges specific to industrial applications.  At the broadest level, the Instrumentation Systems and 

Automation Society (ISA) and the National Institute of Standards and Technology (NIST) are looking 

at overall security practices for industry. (See APPENDIX A) 

 

On a more specific industrial level, there are groups such as the North American Electric Reliability 

Council, which has been named by the US DoE as the electric energy sector’s coordinator for critical 

infrastructure protection.  The NAERC’s Critical Infrastructure Protection Committee addresses 

security concerns and provides guidelines and requirements for utility systems including SCADA and 

EMS.   

 

ETHERNET SECURITY – THE SWITCH VENDOR’S OPPORTUNITY 

No single vendor or single technology is going to make industry safe from intentional cyber attacks.  

Nonetheless, it is critical that vendors of industrial equipment look at ways in which to support the 

overall security effort.  Standards-based Ethernet networks, with cost effective hardware and software 

available from many competing vendors, can make a significant impact. For example, leading Ethernet 

switch vendors are adding security in the switch with IEEE and other standards support for security 

features. 

 

 2

Содержание Ethernet Networks and Web Management

Страница 1: ...Secure Industrial Control Utilizing High Speed Ethernet Networks and Web Management GarrettCom Inc 47823 Westinghouse Drive Fremont CA 94539 PH 510 438 9071 FAX 510 438 9072 www GarrettCom com ...

Страница 2: ...ital to ongoing success as has the widespread use of the computer systems which make such attacks so easy and so painful It is no longer enough to catch the perpetrator during or after the commission of a malicious act considerable time and expense is being consumed to address how to secure systems to prevent intrusion Repercussions from the 2003 power blackout in the Northeastern US were felt thr...

Страница 3: ...nities and challenges specific to industrial applications At the broadest level the Instrumentation Systems and Automation Society ISA and the National Institute of Standards and Technology NIST are looking at overall security practices for industry See APPENDIX A On a more specific industrial level there are groups such as the North American Electric Reliability Council which has been named by th...

Страница 4: ... throughout widely distributed industrial applications Interconnecting multiple water treatment plants or power substations within a metropolitan area are typical examples Remote industrial Ethernet implementations are very popular applications for monitoring the Data Acquisition DA part of SCADA They are typically closed systems which require in facility access points for information review as op...

Страница 5: ... in the areas of concern documented by the ISA SP99 committee assuring that a user is who he she claims to be authentication and access authorization for that user encryption and validation as data crosses the Internet so that it cannot be easily accessed and stolen filtering and blocking access control providing audit measurement monitoring and detection tools While Ethernet switch management sof...

Страница 6: ... begin to reap the benefits of remote access care must be taken to avoid security breaches Commerce has led the way with highly secure financial medical and retail applications however the complexities of industrial security require careful thought and planning and in many cases a different take on a security strategy User authentication for controlling access and encryption are not only desirable...

Страница 7: ...n Virginia December 2002 Herbert Dan Process Control Security ControlGlobal com The Online Resource of Control Magazine October 23 2004 http www controlglobal com articles 2004 292 html Melton Ron Fletcher Terry Earley Matt System Protection Profile Industrial Control Systems Version 1 0 National Institute of Standards and Technology Gaithersburg Maryland April 2004 Merritt Rich What s in Your Ser...

Страница 8: ...ultants and cyber security vendors The first two reports from the committee which were published in 2004 are Security Technologies for Manufacturing and Control Systems ISA TR99 00 01 2004 or TR1 and Integrating Electronic Security into the Manufacturing and Control Systems Environment ISA TR99 00 02 2004 or TR2 TR1 provides guidance for using currently available electronic security technologies w...

Страница 9: ...he NIST PCSRF s System Protection Profile for Industrial Control Systems SPP ICS released in 2004 is a baseline document that states necessary industrial security requirements at an implementation independent level It will be used to create security specifications for specific systems and components such as a water treatment system or a power substation The NIST PCSRF includes a number of members ...

Страница 10: ...3 assures that a received message was transmitted by the entity whose identifier appears as the source in the message header it assures that the message was not altered in transit and that there was not artificial delay or replay It also provides for the ability to update configuration parameters in SNMP agents thus enabling complete remote management of SNMP devices which is an added convenience ...

Страница 11: ...l is done by group where a group may be a set of multiple users While SNMPv3 provides secure communications between human managers and the various managed elements in a network it is not enough for security of web based applications For this Secure Socket Layer SSL protocol and its extension the Transport Layer Security TSL protocol extend SNMP features to web based applications SSL Secure Socket ...

Страница 12: ...e used to block computers from accessing the network by requiring the port to validate the Media Access Control MAC address against a known list of approved MAC addresses If there is an insecure access on a secondary device connected to a switch these levels of control allow authorized users to continue to access the network while unauthorized packets are dropped Remote Security The further afield...

Отзывы:

Нет отзывов