1 / 20

Security - PowerPoint PPT Presentation

  • Updated On :

Security, Access and Control of an Industrial Wireless Network Mike Malone Microwave Data Systems. Agenda. Industry Trends Network Security Analysis Security and Wireless Serial Networks Wireless LAN Risk Management Summary. Industry/Market Trends.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Security' - DoraAna

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide2 l.jpg

Security, Access and Control

of an Industrial Wireless Network

Mike Malone

Microwave Data Systems

Agenda l.jpg

  • Industry Trends

  • Network Security Analysis

  • Security and Wireless Serial Networks

  • Wireless LAN Risk Management

  • Summary

Slide4 l.jpg

Industry/Market Trends

  • Security needs are growing on a daily basis - Dispersed networks and multiply access points can leave a network vulnerable to hackers and terrorists

Corporate WAN


Leased line





holds corporate


Industry market trends l.jpg
Industry/Market Trends

  • Heightened awareness and sensitivity has led to increased security efforts in all aspects of our lives

  • Security of critical infrastructure/assets is one of our nation’s most important objectives.

Network security analysis l.jpg
Network Security Analysis

  • Wired networks are also vulnerable

    • Telephone, fiber optic, coaxial cable have higher risk for breakage or damage due to storms, motor vehicle accidents, construction work, sabotage, and tapping

    • Repairs may take days or weeks during a widespread crisis

    • Wireless has potentially less failure points

  • Network Access Priority

    • During heavy periods of telephone use, such as an emergency situation, voice traffic is the priority, not data

    • Private networks have a more predictable traffic composition

Slide7 l.jpg

Network Security Analysis

  • Two types of networks

    • Multiple service IP networks

    • Dedicated service serial networks

  • Several types of risks

    • Free access to internet

    • Databases: company records, password files, account numbers, network diagrams, manuals, location of instruments, etc.

    • Applications: controlling behavior of remote devices and resources

Scada polling systems l.jpg
SCADA Polling Systems

  • Single Service Oriented

    • A host sends commands or requests, and expects an action/report from the RTU/PLC

  • Gaining access to a host through a serial channel nearly impossible

    • No access to console prompt and/or host operating system commands

Scada polling systems9 l.jpg
SCADA Polling Systems

  • Proprietary protocols provide protection

    • Information is stored in custom specific registers are programmed into the devices

    • Passwords are used at the application layer

    • Hacker must “replace” the host computer to control RTU/PLC and/or have a copy of the host application as configured for the particular host

    • Know and understand the exact radio and RTU/PLC models

    • Know the protocol or have knowledge of specific site logic configuration

    • Be close enough to override the Master signal

Network security analysis10 l.jpg
Network Security Analysis

  • Current security issues with 802.11b wireless LAN solutions

    • Available protection not enabled by users

    • Off the shelf solutions provide relatively easy access to physical layer

    • WEP weaknesses published on Internet

    • Free software available to help break WEP encryption

Risk management l.jpg
Risk Management

  • Nothing is perfect

  • Network security is about layering

  • You can not completely eliminate risk, but you can reduce it to a manageable level

Risks and mitigation l.jpg
Risks and Mitigation

  • Eavesdropping

    • RC4 128 bit encryption

  • Key cracking

    • Dynamic key rotation

  • War driving and “sniffing”

    • No promiscuous mode of operation

    • Proprietary physical layer

    • Not readily available to commodity market

Risks and mitigation13 l.jpg
Risks and Mitigation

  • Unauthorized Network Access

  • Foreign remote radios

    • Authorized access list of remotes at Access

  • Rogue Access Points

    • Authorized Access Point list at every remote

Risks and mitigation14 l.jpg
Risks and Mitigation

  • Denial of Service attacks

  • Network overload

    • Bandwidth limiting

    • Traffic Prioritization (QoS)

      • Per remote radio

      • Per interface

  • Radio Frequency jamming

    • Frequency Hopping more resilient than Direct Sequence

Risks and mitigation15 l.jpg
Risks and Mitigation

  • Denial of Service attacks

  • Network Availability

  • Remote configuration

    • All Logins with password protection

    • Directory attacks

    • Limited login retries with temporary lockdown

    • HTTP with MD5 protection

    • Remote access lockdown

      • HTTP (web browser)

      • Telnet

    • SNMP v3 (encryption)

Risks and mitigation16 l.jpg
Risks and Mitigation

  • Denial of Service

  • Network availability

    • Industrial rated devices: Class 1 Div 2

    • Industrial MTBF (35 years)

    • Redundancy (device and system level)

Risks and mitigation17 l.jpg
Risks and Mitigation

  • Intrusion Detection

    • Early warning notification

      • SNMP alarms

        • Login attempts

        • Successful Login/logout

        • Configuration changes executed

        • Unauthorized remote MAC detected

        • Unauthorized AP MAC detected

      • Network Wide Device Polling

Security beyond wireless l.jpg
Security Beyond Wireless

  • Secure communications end-to-end

  • Firewalls and Virtual Private Networks are essential to maintaining a secure network

  • Security policies include physical access

  • Security is not something you buy, it’s something you practice 24x7

Summary l.jpg

  • Wireless communications provides security benefits that a wired environment cannot, but issues still exist

  • Internal precautions--firewalls and Virtual Private Networks--will help prevent attacks on wireless and wired networks

  • Industrial wireless networks can be secure despite bad press of commercial products