Greenfield
Factory Automation
Bassett
Batch Processing
Hand
Process Automation
Reynolds
Packaging Automation
Campbell
On the Edge
Download this free 94-page Continuous Process Playbook loaded with industry expert advice on topics ranging from control systems, instrumentation, and industrial networks to energy management, security, and system upgrades.
Tech Abstract
|

Resilient Wireless Data Communication for Critical Infrastructure

Print Reprint
NEW! Starting in 2012, the AW staff will provide abstracts of white papers, technical research or surveys in the automation space.
This 13-page white paper provides an introduction on wireless data communication systems, security issues and strategies to thwart breaches to devices and networks. The paper identifies security intrusions and denial of service as the main security challenge for all plant and factory environments. Baseline network and security strategies are explored in the research, along with information on a typical wireless network—Grant Gerke, Digital Managing Editor

 

A good network security strategy needs to address and implement policies that serve as safeguards, making it difficult to circumvent security measures and limit the potential impact of a security breach of the wireless network. Consider those added layers of security.

Limitation of Permitted Activities
One method to implement safeguarding is to limit permitted activities on the wireless network to only those absolutely required on the network. The basic idea is that if a wireless network were to be compromised, the impact would be limited. In other words, a wireless network primarily used for sensor data collection and remote control of devices should not allow a hacker that compromised the network to gain access to financial or other critical data.

Such a limitation of permitted activities can be achieved through the following:

1. Firewalls and packet filters: These essentially separate the limitation as needed on the wireless network from that available on the other parts of the network.

2. Virtual local area network (LAN): Separating the wireless network infrastructure and its management from the production network and devices of communication endpoints by using virtual LAN’s introduces another level of security, especially if combined with Quality of Service (QoS) mechanisms. Think of it as an emergency access to your wireless network infrastructure for remote management and control in case a Denial of Service (DoS) attack overwhelms the actual payload and production network.

3. User level access: By implementing user level access (password protected), you can provide access to your wireless infrastructure and devices to e.g. maintenance personnel, but limited to monitoring system health or performance without opening the system up to misuse or sabotage because configuration and other privileges are reserved for a different user level and password.

4. Access limitation of local ports: By controlling who is allowed access from local ports (e.g. through MAC address filtering) or even completely turning off local port access when it is not in use, you can essentially make it impossible (or at least very hard) for someone who gained physical access to your network infrastructure and devices to get connected and gain access to your network.

5/ Audit logs: Not really limiting permitted activities; activity logs do provide a trail of access and activities and can be a useful tool in auditing and tracing potential security breaches and issues.

This is by no means a complete list of options to secure a data communication network, although it does provide a good baseline. When considering wireless data communication devices and equipment for critical infrastructure applications, find out if they only provide basic connectivity, or if they support these advanced features and even Secure Shell (SSH) for their own configuration menus. 

Link to the full version of this white paper at bit.ly/awtech006

This white paper was written by Matthias H. van Doorna, FreeWave Technologies.
Publication Date: July 2010

COMPANIES IN THIS ARTICLE: FreeWave Technologies

0

Add new comment

 

  NEWSLETTERS
Don’t miss intelligence crucial to your job and business!
Click on any newsletter to view a sample. Enter your email address below to sign up!

News Insights

News & Analysis

Product Insights

Latest Automation Products

Best of Blogs

Industrial Automation Columnists

Automation Focus

Sponsored white papers, videos and products

Continuous Processing

Oil & Gas, Chemical and More

Automation Skills

Improve Industry Skills

Industrial
Ethernet Review

Network Application of IE

Factory Automation

Technology for Discrete Manufacturing

Food Bev & Pharma

Automation Applications & Trends

Global Edition

Global automation news

Each newsletter ranges in frequency from once per month to a few times per month at most.

 

The best of the essentials!
Secrets to Automation Project Success

Sign up to receive timely updates from our editors and download this FREE Automation Project Survival Guide. It’s packed with field-tested best practices from industry experts that can help make your next automation project a success.

x