Skip this Video
Download Presentation
Security, Access and Control of an Industrial Wireless Network Mike Malone Microwave Data Systems

Loading in 2 Seconds...

play fullscreen
1 / 20

Security - PowerPoint PPT Presentation

  • Uploaded on

Security, Access and Control of an Industrial Wireless Network Mike Malone Microwave Data Systems. Agenda. Industry Trends Network Security Analysis Security and Wireless Serial Networks Wireless LAN Risk Management Summary. Industry/Market Trends.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Security' - DoraAna

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Security, Access and Control

of an Industrial Wireless Network

Mike Malone

Microwave Data Systems

  • Industry Trends
  • Network Security Analysis
  • Security and Wireless Serial Networks
  • Wireless LAN Risk Management
  • Summary

Industry/Market Trends

  • Security needs are growing on a daily basis - Dispersed networks and multiply access points can leave a network vulnerable to hackers and terrorists

Corporate WAN


Leased line





holds corporate


industry market trends
Industry/Market Trends
  • Heightened awareness and sensitivity has led to increased security efforts in all aspects of our lives
  • Security of critical infrastructure/assets is one of our nation’s most important objectives.
network security analysis
Network Security Analysis
  • Wired networks are also vulnerable
    • Telephone, fiber optic, coaxial cable have higher risk for breakage or damage due to storms, motor vehicle accidents, construction work, sabotage, and tapping
    • Repairs may take days or weeks during a widespread crisis
    • Wireless has potentially less failure points
  • Network Access Priority
    • During heavy periods of telephone use, such as an emergency situation, voice traffic is the priority, not data
    • Private networks have a more predictable traffic composition

Network Security Analysis

  • Two types of networks
    • Multiple service IP networks
    • Dedicated service serial networks
  • Several types of risks
    • Free access to internet
    • Databases: company records, password files, account numbers, network diagrams, manuals, location of instruments, etc.
    • Applications: controlling behavior of remote devices and resources
scada polling systems
SCADA Polling Systems
  • Single Service Oriented
    • A host sends commands or requests, and expects an action/report from the RTU/PLC
  • Gaining access to a host through a serial channel nearly impossible
    • No access to console prompt and/or host operating system commands
scada polling systems9
SCADA Polling Systems
  • Proprietary protocols provide protection
    • Information is stored in custom specific registers are programmed into the devices
    • Passwords are used at the application layer
    • Hacker must “replace” the host computer to control RTU/PLC and/or have a copy of the host application as configured for the particular host
    • Know and understand the exact radio and RTU/PLC models
    • Know the protocol or have knowledge of specific site logic configuration
    • Be close enough to override the Master signal
network security analysis10
Network Security Analysis
  • Current security issues with 802.11b wireless LAN solutions
    • Available protection not enabled by users
    • Off the shelf solutions provide relatively easy access to physical layer
    • WEP weaknesses published on Internet
    • Free software available to help break WEP encryption
risk management
Risk Management
  • Nothing is perfect
  • Network security is about layering
  • You can not completely eliminate risk, but you can reduce it to a manageable level
risks and mitigation
Risks and Mitigation
  • Eavesdropping
    • RC4 128 bit encryption
  • Key cracking
    • Dynamic key rotation
  • War driving and “sniffing”
    • No promiscuous mode of operation
    • Proprietary physical layer
    • Not readily available to commodity market
risks and mitigation13
Risks and Mitigation
  • Unauthorized Network Access
  • Foreign remote radios
    • Authorized access list of remotes at Access
  • Rogue Access Points
    • Authorized Access Point list at every remote
risks and mitigation14
Risks and Mitigation
  • Denial of Service attacks
  • Network overload
    • Bandwidth limiting
    • Traffic Prioritization (QoS)
      • Per remote radio
      • Per interface
  • Radio Frequency jamming
    • Frequency Hopping more resilient than Direct Sequence
risks and mitigation15
Risks and Mitigation
  • Denial of Service attacks
  • Network Availability
  • Remote configuration
    • All Logins with password protection
    • Directory attacks
    • Limited login retries with temporary lockdown
    • HTTP with MD5 protection
    • Remote access lockdown
      • HTTP (web browser)
      • Telnet
    • SNMP v3 (encryption)
risks and mitigation16
Risks and Mitigation
  • Denial of Service
  • Network availability
    • Industrial rated devices: Class 1 Div 2
    • Industrial MTBF (35 years)
    • Redundancy (device and system level)
risks and mitigation17
Risks and Mitigation
  • Intrusion Detection
    • Early warning notification
      • SNMP alarms
        • Login attempts
        • Successful Login/logout
        • Configuration changes executed
        • Unauthorized remote MAC detected
        • Unauthorized AP MAC detected
      • Network Wide Device Polling
security beyond wireless
Security Beyond Wireless
  • Secure communications end-to-end
  • Firewalls and Virtual Private Networks are essential to maintaining a secure network
  • Security policies include physical access
  • Security is not something you buy, it’s something you practice 24x7
  • Wireless communications provides security benefits that a wired environment cannot, but issues still exist
  • Internal precautions--firewalls and Virtual Private Networks--will help prevent attacks on wireless and wired networks
  • Industrial wireless networks can be secure despite bad press of commercial products