1 / 16

IT Security for Meteorological Measuring Networks

IT Security for Meteorological Measuring Networks. Dipl.-Ing. Gerhard Pevny Logotronic GmbH Vienna, Austria gerhard.pevny@logotronic.co.at Mag. Roland Potzmann ZAMG - Zentralanstalt für Meteorologie und Geodynamik Vienna, Austria roland.potzmann@zamg.ac.at. Overview.

tkaitlin
Download Presentation

IT Security for Meteorological Measuring Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Security for Meteorological Measuring Networks • Dipl.-Ing. Gerhard Pevny • Logotronic GmbH Vienna, Austria • gerhard.pevny@logotronic.co.at • Mag. Roland Potzmann • ZAMG - Zentralanstalt für Meteorologie und Geodynamik • Vienna, Austria • roland.potzmann@zamg.ac.at

  2. Overview • Motivation for the project • Basic technical requirements • Basics of IT-Security • TAWES technical solution • Conclusion and actual state of the project

  3. Motivation for the Project • TAWES - The Austrian public meteorological measuring networkoperated by ZAMG • Since 2005 about 300 AWS • In the beginning data transfer via modem over telephone lines (TUS), GSM • In the last years change to Internet technologies on all levels(communication, datalogger, video cameras, ...) Increasing risk of hacker attacks

  4. Motivation for the Project • Project targets • Best possible IT security for AWS, central servers and maintenance workplaces • Prepared for the Internet of Things - IoT • Long system lifetime although using latest technological standards • Independence of propriatory security solutions offered by service providers • Update of the existing, well working measuring network, no complete replacement

  5. LAN at Measuring Station Level - TAWES V2.0 Network Center ZAMG Vienna LAN at Station Level TAWES Network LAN at Station Level LAN at Station Level

  6. Basic Technical Requirements • Application of only well proven Internet standards • No propriatory software nor propriatory protocols on network level • Long system lifetime by using well established open source software and standard hardware from the shelf, for the network components, no „black boxes“ in the system • Modular extension of the existing TAWES stations. Should be applicable also for other station-types.

  7. Basics of IT-Security • The technical solution has to guarantee all of the following 4 IT-security requirements: • Authenticy -> You can be shure, that you communicate with the right partner • Confidentiality -> Only you can see yor data • Data integrity -> What´s sent is also received • Protection against malware

  8. TAWES V2.0 AWS Structure Sensor 1 Sensor Datalogger GPRS Modem wireless Sensor 2 LAN, ADSL Sensor Bus TUS Sensor n Original TAWES Station Layout

  9. TAWES V2.0 AWS Structure ^ Sensor 1 Sensor Datalogger SAT Sensor 2 Sensor Bus Datalogger Internet Gateway Wireless IP Camera LAN, ADSL Sensor n IP Sensors(IoT) TAWES V2.0 - Ethernet LAN at Station Level

  10. Technical Solution TAWES V2.0

  11. Tunnels through Internet • VPN Tools for creating tunnels: • IPsec (Internet Protocol Security) • Old Internet standard, works on Internet Layer -> completely transparent for applications • perfect for point to point applications • OpenVPN • Open-source application • perfect for remote-access applications

  12. IPsec - OpenVPN • Both systems are applied in TAWES V2.0 • IPsecRoutine data transfer - point to point - AWS to server • OpenVPNMaintenance network - remote access to all network modules • Logically completely separated VPNs

  13. Authentication • Authentification by digital certificates (X.509 standard) = ID-cards for all network members • Advantages: • One certificate per user • Central administration of certificates by TAWES CA(Certification Authority) • Easy installation of certificates at AWS and maintenance PCs • Flexibility: Certificates with limited validity period, TAWES certificate revocation list

  14. Confidentiality,Data Integrity, Malware • Both IPsec and OpenVPN offer highest security level by flexible and scalable encription methodes • Same security level as for i.e. money transfers • Tunnelling offers the possibility to close stations and servers completely against all access from outside the TAWES network by simple firewall rules. Only data traffic inside tunnels is allowed.

  15. Additional Benefits • Additional benefits coming with nearly no additional effort by using this technology: • AWS are establishing the VPN --> two-way communication without fixed station IP-addresses, the VPN, not the network provider is creating fixed addresses • Hierachical TAWES NTP-time synchronization • TAWES DNS server, access to AWS by symbolic station name (url) • Easy integration of satellite services (Internet via Sat)Actually in test operation: Inmarsat, Thuraya, Eutelsat TooWay • Complete network communication monitoring by use of „Packet Capture“ functionality on all system levels.

  16. Conclusion, actual State of Project • Laboratory tests ongoing since some months • Field test operation just starting with a small number of AWS, but with complete network functionality including sat- and video- systems. • Field test planned for about 6 months. Field-Testbox

More Related