Click to download Ethernet Basics manual - Grant Industrial Controls

More documents

Recommendations

Info

Automation networks & Security 105 example, cables that are pulled out or wrongly plugged in. Production standstill or something even worse can result from the use of an USB stick that it is infected with a virus and is plugged to a PC that is connected to a machine. Data traffic from the office network can cause delays on the production network. On the other hand, there is a distinct possibility that the data that is hacked will be misused. The company can be blackmailed in such a case. Recent studies show an increasing trend in the area of industrial security incidents. The more accidental events are more and more supplemented with external incidents such as viruses, Trojan horses, system hacking, sabotage,... . Hackers have acquired more and more knowledge of control systems and SCADA applications. Hackers carry out their activity less and less for the fun of it and more and more with the intention to blackmail a certain company. This has become an organised crime. Security is a must. 9.3.3 Objective of security The main objectives of security are threefold: • confidentiality: security that data do not end up with a third party. • Data integrity: protection of the data against unwanted adaptations or against their destruction. • availability: resources are available and function correctly at the time that they have to do so. Security will therefore prevent an unauthorised person from entering the system, will make sure that the system functions normally at all times and that all data in the system can be handled in a confidential manner. 9.3.4 Security in the office world versus security in the automation world Introduction The integration of open systems can give the impression that the security problems within the production world can be solved by copying the approach in the office world. However, there are important differences between both domains. The office IT is not the same as production IT. It has to be checked what elements from the office IT are used and not used in the production IT. There is a standard under development (ANSI/ISA99) to completely describe the what, how and why of the security in the automation world. Main objective of security First of all, there is an important difference in the main objective of security. In the office world, the main aim for security is always the confidential handling of data. In the automation world, the main aim for security will always be the availability of the production system.
Automation networks & Security 106 Network performances Both domains have totally different performance requirements. An overview: Automation network Real-time Response is time critical Medium throughput acceptable Significant delays are a problem Office network Not real-time Response has to be reliable High throughput required Significant delay and jitter is acceptable Therefore, it is important to be able to correctly estimate the impact of security technologies on the performance of the system before this is implemented. A lot of encryption is applied, for instance, in the office world. Encryption however, does not stimulate the real-time functioning. Reliability of a network The requirements for reliability are also different for both domains. An overview: Automation network Continuous operations Power cuts are not acceptable Supposedly tested before the implementation Formal certification is mandatory for applications Office network Planned operations Power cuts are acceptable beta testing on location allowed Little paperwork for applications The installation of a new service pack is a good example for this. In the office world, this is a normal thing, whereas in the industrial world, the installation of a service pack is certainly not logical and in some industrial sectors it is not permitted. Different risk outlook Automation network Human safety Risk impact is loss of product or device Error tolerance is essential Office network Data integrity Risk impact is loss of data Restart via reboot Furthermore, there are critical response times on human interventions in the automation networks. Operating an emergency stop for example, cannot be obstructed by password securities. Different security architecture In the office IT, the central servers are the most critical devices to protect. For the production IT, the end device, such as the PLC, is the most critical device and not the central data server which contains the historical process data.
Page 1 and 2:
Ethernet Basics Rev. 02
Page 3 and 4:
Contents ii 2.8.7 Parallel Redundan
Page 5 and 6:
Contents iv 8 VPN 97 8.1 Introducti
Page 7 and 8:
Introduction 2 The OSI model consis
Page 9 and 10:
Introduction 4 • IEEE802.2 Logica
Page 11 and 12:
Ethernet 6 • 1999: IEEE802.3ab; G
Page 13 and 14:
Ethernet 8 Figure 2.1: The MAU for
Page 15 and 16:
Ethernet 10 • Data transmission a
Page 17 and 18:
Ethernet 12 Figure 2.4: Physical im
Page 19 and 20:
Ethernet 14 Figure 2.6: The 5GHz ba
Page 21 and 22:
Ethernet 16 2.3 The data link layer
Page 23 and 24:
Ethernet 18 • TYPE: for the field
Page 25 and 26:
Ethernet 20 a complete data frame s
Page 27 and 28:
Ethernet 22 glass cabling are alway
Page 29 and 30:
Ethernet 24 2.5 IEEE802.1Q tagged f
Page 31 and 32:
Ethernet 26 According to the norm,
Page 33 and 34:
Ethernet 28 2.7 VLAN A VLAN or Virt
Page 35 and 36:
Ethernet 30 2.8 Network redundancy
Page 37 and 38:
Ethernet 32 To create a network wit
Page 39 and 40:
Ethernet 34 2.9.3 Link Aggregation
Page 41 and 42:
Ethernet 36 Table 2.5: Environmenta
Page 43 and 44:
TCP/IP 38 The second part of the an
Page 45 and 46:
TCP/IP 40 Figure 3.4: Building of t
Page 47 and 48:
TCP/IP 42 Table 3.2: IP addresses f
Page 49 and 50:
TCP/IP 44 Table 3.4: Subnetting and
Page 51 and 52:
TCP/IP 46 3.2.7 The IP packet The d
Page 53 and 54:
TCP/IP 48 3.2.8 IPv6 General The mo
Page 55 and 56:
TCP/IP 50 3.3.3 How reliability is
Page 57 and 58:
TCP/IP 52 - the FIN bit that is use
Page 59 and 60: TCP/IP 54 Figure 3.14: Real time au
Page 61 and 62: TCP/IP 56 3.6 Communication over TC
Page 63 and 64: TCP/IP 58 number. This combination
Page 65 and 66: TCP/IP 60 3.6.5 Status of a socket
Page 67 and 68: Extension protocols and network app
Page 85 and 86: Chapter 5 The switch 5.1 General Th
Page 87 and 88: The switch 82 • mounted on DIN ra
Page 89 and 90: The switch 84 is indicated in the V
Page 91 and 92: Chapter 6 The router 6.1 Introducti
Page 93 and 94: The router 88 6.3 Types of routers
Page 95 and 96: The router 90 Figure 6.4: Adaptatio
Page 97 and 98: The router 92 Figure 6.6: Port forw
Page 99 and 100: The router 94 Figure 6.8: Principle
Page 101 and 102: The firewall 96 Packet filters are
Page 103 and 104: VPN 98 • Confidentiality: the pro
Page 105 and 106: VPN 100 Figure 8.4: Host to host ga
Page 107 and 108: Automation networks & Security 102
Page 109: Automation networks & Security 104
Page 113 and 114: Automation networks & Security 108
Page 115: Automation networks & Security 110
show all

Click to download Ethernet Basics manual - Grant Industrial Controls

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?