manualshive.com logo in svg

GarrettCom Ethernet Networks and Web Management, Брошюра, Страница: 6 / 12

Поделиться
Скачать
GarrettCom Ethernet Networks and Web Management Скачать руководство пользователя страница 6

(TLS).  These features allow an Ethernet switch to handle HyperText Transfer Protocol Secure 

(HTTPS), the highest level of Web access security available. 

 

Other security strategies available to Ethernet equipment include port security, remote Telnet access 

security, password protection and remote unit cut-off protection.  Appendix B offers a brief primer on 

the components of some of the most well-known security standards. 

 

BEYOND THE SWITCH 

Broader system security policies, physical and functional models, risk analysis, asset management and 

critical aspects of running and maintaining a security program are addressed in detail by bodies such 

as SP99 and PCSRF.  The open approach of inviting industry wide input and comment will greatly 

improve security at all levels . . .  national, business and personal. 

 

Thanks to the forerunners in the commercial environment, there is a strong base from which industrial 

users can begin the work of adapting and customizing current security standards and protocols to 

support industrial applications. But, as they begin to reap the benefits of remote access, care must be 

taken to avoid security breaches.  Commerce has led the way with highly secure financial, medical, 

and retail applications, however, the complexities of industrial security require careful thought and 

planning – and in many cases, a different take on a security strategy.   

 

User authentication for controlling access and encryption are not only desirable but essential for secure 

industrial applications. Ethernet switches with web management can offer a powerful point of control. 

Additionally, remote web management is desirable 

and

 feasible with currently available hardware and 

software, including GUIs for simplicity and ease-of-use.  However, complete end-to-end design for 

security is necessary, and it is incumbent on everyone to work toward highly secure network systems 

that enable the industry to take advantage of the tremendous time- and cost-savings of web-based 

networking.   

 

A single white paper cannot possibly provide the specific guidelines that multiple prestigious industry 

working committees are laboring to describe.  At the same time, this white paper is intended to be 

helpful by providing a basic understanding of the security levels that can currently be achieved at the 

 5

Содержание Ethernet Networks and Web Management

Страница 1: ...Secure Industrial Control Utilizing High Speed Ethernet Networks and Web Management GarrettCom Inc 47823 Westinghouse Drive Fremont CA 94539 PH 510 438 9071 FAX 510 438 9072 www GarrettCom com ...

Страница 2: ...ital to ongoing success as has the widespread use of the computer systems which make such attacks so easy and so painful It is no longer enough to catch the perpetrator during or after the commission of a malicious act considerable time and expense is being consumed to address how to secure systems to prevent intrusion Repercussions from the 2003 power blackout in the Northeastern US were felt thr...

Страница 3: ...nities and challenges specific to industrial applications At the broadest level the Instrumentation Systems and Automation Society ISA and the National Institute of Standards and Technology NIST are looking at overall security practices for industry See APPENDIX A On a more specific industrial level there are groups such as the North American Electric Reliability Council which has been named by th...

Страница 4: ... throughout widely distributed industrial applications Interconnecting multiple water treatment plants or power substations within a metropolitan area are typical examples Remote industrial Ethernet implementations are very popular applications for monitoring the Data Acquisition DA part of SCADA They are typically closed systems which require in facility access points for information review as op...

Страница 5: ... in the areas of concern documented by the ISA SP99 committee assuring that a user is who he she claims to be authentication and access authorization for that user encryption and validation as data crosses the Internet so that it cannot be easily accessed and stolen filtering and blocking access control providing audit measurement monitoring and detection tools While Ethernet switch management sof...

Страница 6: ... begin to reap the benefits of remote access care must be taken to avoid security breaches Commerce has led the way with highly secure financial medical and retail applications however the complexities of industrial security require careful thought and planning and in many cases a different take on a security strategy User authentication for controlling access and encryption are not only desirable...

Страница 7: ...n Virginia December 2002 Herbert Dan Process Control Security ControlGlobal com The Online Resource of Control Magazine October 23 2004 http www controlglobal com articles 2004 292 html Melton Ron Fletcher Terry Earley Matt System Protection Profile Industrial Control Systems Version 1 0 National Institute of Standards and Technology Gaithersburg Maryland April 2004 Merritt Rich What s in Your Ser...

Страница 8: ...ultants and cyber security vendors The first two reports from the committee which were published in 2004 are Security Technologies for Manufacturing and Control Systems ISA TR99 00 01 2004 or TR1 and Integrating Electronic Security into the Manufacturing and Control Systems Environment ISA TR99 00 02 2004 or TR2 TR1 provides guidance for using currently available electronic security technologies w...

Страница 9: ...he NIST PCSRF s System Protection Profile for Industrial Control Systems SPP ICS released in 2004 is a baseline document that states necessary industrial security requirements at an implementation independent level It will be used to create security specifications for specific systems and components such as a water treatment system or a power substation The NIST PCSRF includes a number of members ...

Страница 10: ...3 assures that a received message was transmitted by the entity whose identifier appears as the source in the message header it assures that the message was not altered in transit and that there was not artificial delay or replay It also provides for the ability to update configuration parameters in SNMP agents thus enabling complete remote management of SNMP devices which is an added convenience ...

Страница 11: ...l is done by group where a group may be a set of multiple users While SNMPv3 provides secure communications between human managers and the various managed elements in a network it is not enough for security of web based applications For this Secure Socket Layer SSL protocol and its extension the Transport Layer Security TSL protocol extend SNMP features to web based applications SSL Secure Socket ...

Страница 12: ...e used to block computers from accessing the network by requiring the port to validate the Media Access Control MAC address against a known list of approved MAC addresses If there is an insecure access on a secondary device connected to a switch these levels of control allow authorized users to continue to access the network while unauthorized packets are dropped Remote Security The further afield...

Отзывы:

Нет отзывов