Click to download Ethernet Basics manual - Grant Industrial Controls

More documents

Recommendations

Info

Automation networks & Security 107 Decision The classic firewall protects against hackers, worm viruses and spyware. The software programmes protect the network or the specific computer against the outside world and allow only trusted messages to pass. One of the objectives is to block all suspect programmes that look for a connection with the Internet from the own location. In addition, there are programmes in the office IT such as anti-virus programmes, anti-spyware and anti- adware programmes that block every inbound file, check for threats hidden within the database and then declare the file clean or place it in quarantine. They also screen all called up files for the presence of viruses, spyware and adware that are included in the database. The principle of this IT protection is that the firewall views and analyses all inbound and outbound data traffic, data files, programmes,... Such firewalls slow down the system and can even prevent the programme from functioning, if necessary. In order to realise a more industry-compatible firewall, techniques will have to be used that guarantee in the first place that there will be no delays and still guarantee security and reliability. One can use safe communication channels between, e.g., PLC and the master computer or data servers. In order to ensure real-time functioning, no delay should occur when checking the data that pass that firewall. Other technologies will have to be applied. An option is to check the applied protocols instead of the actual data. 9.3.5 Standardisation with regard to security in automation networks Introduction ANSI/ISA 99 gives directives for the carrying out of risk assessment, the setting up of a socalled cyber security management and carrying out that management. The standard is set up in collaboration with end users, system integrators and suppliers. The ANSI/ISA 99 norm is currently under development. Currently, 2 parts are available. Figure 9.4: The ANSI/ISA 99 standard Figure 9.4 shows an overview of the ISA 99 standard. Part 1 is meant to be a framework around all the other parts. At the moment, only part 1 and part 2.01 are available.
Automation networks & Security 108 Part 1 (ANSI/ISA report TR99.00.01- 2007) The title of the first part is: ’Security for Industrial Automation and Control Systems’, the last version dates from 29 October 2007. It describes security technologies that are currently available for industrial production and control systems. In this part, technologies such as authentication and authorisation, firewalls, VPN,... are discussed. Authentication is the process to be able to positively recognise users, devices, applications, resources. Authentication can take place by means of sometimes that has to be remembered (pin code, password,...) , something that is possessed (key, intelligent card, dongle,...) or something physical (finger print,...). A distinction must also be made between 2 different authentications: user authentication and network service authentication. Part 2 (ANSI/ISA report TR99.00.02- 2004) Originally, the second part had the title: Integrating Electronic Security into the Manufacturing and Control Systems Environment. The original part 2 and part 3 are now finally merged together as part 2. Part 2 will consist of two elements. The first part ISA 99 part 2.01 is ready and has the title ’Establishing an Industrial Automation and Control Systems Security Program’. It is meant to provide support to companies setting up a security management plan. The basis of such a plan is to map out all possible risks and then to formulate a number of solutions. ISA 99 part 2.02 will describe how such a security plan has to be executed. Part 4 The requirements that are set for equipment and systems are described in part 4 so that these would comply with the ISA 99 standard. 9.3.6 A security programme The elaboration of a security plan is more than just thinking of technical solutions such as firewalls and encryption of data. Various human factors can contribute to a successful implementation of a CSMS (Cyber Security Management System). Various points of attention that can result in a successful integration: • Security management has to completely fit in the company policy • The security programme has to fit in the corporate culture • Support and commitment from the company management • Clear budgeting of security management actions • Separating functionalities: if a production in charge is also responsible for security, then security often comes second. • Organise activities and training for all employees • Distribute guidelines among all employees •
Page 1 and 2:
Ethernet Basics Rev. 02
Page 3 and 4:
Contents ii 2.8.7 Parallel Redundan
Page 5 and 6:
Contents iv 8 VPN 97 8.1 Introducti
Page 7 and 8:
Introduction 2 The OSI model consis
Page 9 and 10:
Introduction 4 • IEEE802.2 Logica
Page 11 and 12:
Ethernet 6 • 1999: IEEE802.3ab; G
Page 13 and 14:
Ethernet 8 Figure 2.1: The MAU for
Page 15 and 16:
Ethernet 10 • Data transmission a
Page 17 and 18:
Ethernet 12 Figure 2.4: Physical im
Page 19 and 20:
Ethernet 14 Figure 2.6: The 5GHz ba
Page 21 and 22:
Ethernet 16 2.3 The data link layer
Page 23 and 24:
Ethernet 18 • TYPE: for the field
Page 25 and 26:
Ethernet 20 a complete data frame s
Page 27 and 28:
Ethernet 22 glass cabling are alway
Page 29 and 30:
Ethernet 24 2.5 IEEE802.1Q tagged f
Page 31 and 32:
Ethernet 26 According to the norm,
Page 33 and 34:
Ethernet 28 2.7 VLAN A VLAN or Virt
Page 35 and 36:
Ethernet 30 2.8 Network redundancy
Page 37 and 38:
Ethernet 32 To create a network wit
Page 39 and 40:
Ethernet 34 2.9.3 Link Aggregation
Page 41 and 42:
Ethernet 36 Table 2.5: Environmenta
Page 43 and 44:
TCP/IP 38 The second part of the an
Page 45 and 46:
TCP/IP 40 Figure 3.4: Building of t
Page 47 and 48:
TCP/IP 42 Table 3.2: IP addresses f
Page 49 and 50:
TCP/IP 44 Table 3.4: Subnetting and
Page 51 and 52:
TCP/IP 46 3.2.7 The IP packet The d
Page 53 and 54:
TCP/IP 48 3.2.8 IPv6 General The mo
Page 55 and 56:
TCP/IP 50 3.3.3 How reliability is
Page 57 and 58:
TCP/IP 52 - the FIN bit that is use
Page 59 and 60:
TCP/IP 54 Figure 3.14: Real time au
Page 61 and 62: TCP/IP 56 3.6 Communication over TC
Page 63 and 64: TCP/IP 58 number. This combination
Page 65 and 66: TCP/IP 60 3.6.5 Status of a socket
Page 67 and 68: Extension protocols and network app
Page 85 and 86: Chapter 5 The switch 5.1 General Th
Page 87 and 88: The switch 82 • mounted on DIN ra
Page 89 and 90: The switch 84 is indicated in the V
Page 91 and 92: Chapter 6 The router 6.1 Introducti
Page 93 and 94: The router 88 6.3 Types of routers
Page 95 and 96: The router 90 Figure 6.4: Adaptatio
Page 97 and 98: The router 92 Figure 6.6: Port forw
Page 99 and 100: The router 94 Figure 6.8: Principle
Page 101 and 102: The firewall 96 Packet filters are
Page 103 and 104: VPN 98 • Confidentiality: the pro
Page 105 and 106: VPN 100 Figure 8.4: Host to host ga
Page 107 and 108: Automation networks & Security 102
Page 109 and 110: Automation networks & Security 104
Page 111: Automation networks & Security 106
Page 115: Automation networks & Security 110
show all

Click to download Ethernet Basics manual - Grant Industrial Controls

Create successful ePaper yourself

Delete template?

Save as template?