Picture. Scott Ziegenfus CEM, CLEP, CDSM, GGP, GPCP, LEED AP Manager, Government and Industry Relations Hubbell Lighting, Inc.

Similar documents
CompTIA Network+ Study Guide Table of Contents

MTA_98-366_Vindicator930

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Networking. Networking and Communication Trends Convergence (Accessibility) Speed Stability Simplicity* Embeddedness

Assignment - 1 Chap. 1 Wired LAN s

Lesson 10. Circuit Boards and Devices Ethernet and Wi-Wi Connectivity with the Internet

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Lecture 3 Protocol Stacks and Layering

Defining Networks with the OSI Model. Module 2

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Network Defenses KAMI VANIEA 1

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals

Packet Switching, Layer Models and Protocol Suites

Learn How to Configure EnGenius Wi-Fi Products for Popular Applications

Chapter 4 Advanced Settings and Features

How to set up your wireless network

Number: Passing Score: 750 Time Limit: 120 min File Version: 1.0. Microsoft Exam Name: Identity with Windows Server 2016 (beta)

Enabling Apple AirPrint with Your Xerox AltaLink Multifunction Printer. White Paper

LSI Industries AirLink Network Security. Best Practices. System Information 01/31/18. Physical Access. Software Updates. Network Encryption

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

Read addressing table and network map

Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 1. Slide 2. Slide 3

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Chapter 14: Introduction to Networking

Number: Passing Score: 750 Time Limit: 120 min File Version: Microsoft

Port Forwarding & Case Study

NETWORK DESIGN: MEDICAL FACILITY J.P. MARSHALL THOMAS ASHEY ROHAN GOTHWAL JENNIFER COLMAN SAMUEL CHERRY

Internet, Education, and Collaboration of USP. Kazunori Sugiura Sept 9 th 2002

Hands-On Network Security: Practical Tools & Methods

Number: Passing Score: 750 Time Limit: 120 min File Version: Microsoft

(Network Programming) Basic Networking Hardware

Network Defenses 21 JANUARY KAMI VANIEA 1

LANs do not normally operate in isolation. They are connected to one another or to the Internet. To connect LANs, connecting devices are needed.

CIT 380: Securing Computer Systems. Network Security Concepts

Chapter 2 Communicating Over the Network

Essential Elements of Medical Networks. D. J. McMahon rev cewood

SYLLABUS. Departmental Syllabus. Applied Networking I. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus

SYSTEMS ADMINISTRATION USING CISCO (315)

Computer Communication & Networks / Data Communication & Computer Networks Week # 03

Cisco 1: Networking Fundamentals

Wireless Client Isolation. Overview. Bridge Mode Client Isolation. Configuration

Network Defenses 21 JANUARY KAMI VANIEA 1

Networking By: Vince

Configuring your VLAN. Presented by Gregory Laffoon

AT&T SD-WAN Network Based service quick start guide

Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS)

CCRI Networking Technology I CSCO-1850 Spring 2014

Industrial Network Trends & Technologies

Announcements Computer Networking. What is the Objective of the Internet? Today s Lecture

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Introduction to ICS Security

Port Forwarding & Case Study

Business Guest WiFi Access the Easy Way

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

WiPG Presentation Gateway

Thursday, May 29,

Wireless-G Router User s Guide

User Manual DIR-850L. Wireless AC1200 Dual Band Gigabit Router.

Networking Jamie Tees

User Manual. OT-1044ns

EMPOWER YOUR WORKFORCE FOR A SUCCESSFUL TRANSITION TO IP

Introduction to Networks

Networking interview questions

Study Guide. Module Two

access link basic service set (BSS) broadband cable ad hoc wireless network Address Resolution Protocol (ARP) broadcast broadcast domain

Technical Document. What You Need to Know About Ethernet Audio

High School Graduation Years 2016, 2017 and 2018

Communications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage

Quick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003

How many controllers can I manage on a single AirLink network? One or more site controllers can manage up to 1,000 devices per AirLink system.

CCNA Exploration Network Fundamentals

CCNA 1 v5.0 R&S ITN Final Exam 2014

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Internetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview

(Refer Slide Time: 00:31)

Firewalls (IDS and IPS) MIS 5214 Week 6

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Enabling Apple AirPrint with Your Xerox ConnectKey Device

Computer Communications and Network Basics p. 1 Overview of Computer Communications and Networking p. 2 What Does Computer Communications and

Switched Ethernet Virtual LANs

ก ก Information Technology II

WaveLinx. This document is intended for Lighting Control Systems and IT professionals. Network and IT Guidance Technical Guide

RouterCheck Installation and Usage

Chapter 7. Telecommunications, the Internet, and Wireless Technology

Installing and Configuring

Network Deployment Guide

Security+ SY0-501 Study Guide Table of Contents

CS 268: Internet Architecture & E2E Arguments. Today s Agenda. Scott Shenker and Ion Stoica (Fall, 2010) Design goals.

5 Tips to Fortify your Wireless Network

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

Wireless Printing Updated 10/30/2008 POLICY. The use of Wireless Networking is not permitted at any site for full client/server networking of Taxwise.

Mobile Digital Video Recorder Installation Tips

COS 140: Foundations of Computer Science

PMS 138 C Moto Black spine width spine width 100% 100%

IEEE-SA Standardization Activities for Smart Grid in Communications & Networking. Max Riegel Nokia Siemens Networks Chair IEEE 802 OmniRAN EC SG

Computer Networking Fundamentals

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Wireless. Networkin. cpue. Indianapolis, 800 East 96th Street, Indiana 46240

Transcription:

Picture Scott Ziegenfus CEM, CLEP, CDSM, GGP, GPCP, LEED AP Manager, Government and Industry Relations Hubbell Lighting, Inc.

It is easy to understand you are under corporate IT management when the Building owner/developer talks about the vision of putting all the environmental and building systems on the same IT Backbone so all Environmental Systems can share the data. Needs IT coordination and Buy-in Design phase Construction phase Startup ACCESS TELEPHONE HVAC ELEVATOR Documentation IT specifications Network Diagrams SECURITY LIFE SAFETY Ethernet Backbone LIGHTING WATER INTERNET

Corporate IT Department / Institutional IT Department / Property Management IT Department / etc. What I have seen The bigger the networked lighting project the more involved IT becomes. IT does not get praised for keeping the network running. Great job, we all were able to logon today Never happens IT gets in trouble for it not running so anything that is unfamiliar or can t control is BAD

Home Wi-Fi wireless router is not corporate IT. How Corporate IT thinks about this device The term Wi-Fi router kind-of a misnomer, actually its : 1. Wireless access point (WAP) 2. Layer 2 bridge between IEEE 802.3(Ethernet) and IEEE 802.11(Wi-Fi) 3. Layer 2 unmanaged switch 4. Layer 3 router between your ISP and Home LAN 5. DHCP server Corporate IT handles each part individually South Park Studios

OSI Model Networking is made-up of 7 operating layers which work together and at the same time Hardware and software are separate Mix and match Layers The OSI model is the basis for every IT department 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data 1 Physical = = Software and Software Addresses Connections and Hardware Addresses = = HTTP FTP Telnet TCP/UDP IP Wi-Fi Ethernet 7 < Layers > 1 Like a dinner menu where you can select Appetizer from column A Entree from column B Desert from column C 5

Layers 1 to 4 network communications Medium sending the message Packaging of the message Identifying the message 4 Transport 3 Network 2 Data 1 Physical Ports IP Address MAC Address = TCP/UDP IP Wi-Fi Ethernet = Ports Router switch Cables Layers 5 to 7 application layers Message format Message structure 7 Application 6 Presentation 5 Session = FTP Telnet HTTP JUST FOR FUN The True Story Of Network layering https://www.cs.purdue.edu/homes/dec/essay.network.layers.html 6

Triggers that CAN put A system under corporate IT management when you did not think it was Ø The obvious is when using the existing corporate IT equipment like network switches, routers, servers, fiber or copper runs BUT using ANY part of the existing IT infrastructure may put you under IT like: Using the fiber between buildings Don t think you will be digging your own trench Needing Remote Access Unless y our are setting up your own cellular hotspot Don t assume you can bring in a separate line with your own ISP WiFi for app Don t assume you can put in your own wireless as a competing network Interconnecting different building systems Connecting to the BMS or ProAV network already on the corporate intranet puts you on the corporate intranet. Cloud access over the internet SEE REMOTE ACCESS, IT S THE SAME THING

Do not assume network lighting is not under the corporate IT policies? Example: You were told by the manufacturer to use a server with two Network Interface Cards (NICs) to isolate the Lighting network from the corporate intranet. The only thing corporate IT needs to worry about is the server. What equipment will be on the Corporate network? What are the 2 NICs for? NO THEY DON T! YOU We only need a windows server with 2 NICs. They separate the lighting network from your network. That would basically bridge the networks! Lets start at the beginning and tell me all about your lighting network!!! IT They Don t???? Oh? HUMM?????

Do not assume network lighting that is not IP is not under the corporate IT policies? Example: You were told it since it is Zigbee or Bluetooth wireless or something else that is not IP so it is not under IT policy. I hear you are using wireless at 2.4 GHz? Yes but it is and not Wi-Fi. What type of wireless protocol is it? Is it connected to our intranet? Now I am more worried then ever!!!! IT YOU Its follows IEEE 802.15.4 and is AES 128 encrypted. Yes, but through a gateway so you don't have to worry about it. JUST FOR FUN A Stick Figure Guide to the Advanced Encryption Standard (AES) http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Who are you talking to in the IT department? Never the same org chart, Not all IT departments are created equal. Do you need to talk to multiple people? Is it the right people? Security? IT departments are like snow flakes everyone is different Server needs Cloud and remote access Buying the equipmen Physical Network

Do you need to use the corporate Ethernet or Wi- Fi? Who provides standard network Hardware/cables? Meet with IT management if possible for any special policies should be put in spec security/equipment? The design group might have a charrette and invite IT ARCHITECH ELECTRICAL ENGINEER LIGHTING DESIGNER

What Environmental Systems will be operating on the shared network, Lighting, BMS, A/V, etc? Placed in Division 23 or 26 or 27 or 25 or all? Is Internet access required? System Dependent on the Network or distributed intelligence? ARCHITECH ELECTRICAL ENGINEER LIGHTING DESIGNER

Does the network have to be in place prior to system commission? Is the IT authority on site yet? Is the System network infrastructure staying separate until the end? Any Network pre-testing requirement?

Does system startup need secure room access? Installers should meet with IT groups Pre installations Services/Applications/Network Services/ Security? Active Directory? Admin access for installation of software?

Startup meet with IT groups during installations Services/Applications/Network Services/ Security? Remote access for maintenance procedure? Sever setup, cloud or local?

A Network Diagram Is not a reflected ceiling plan, or one-line Only showing Items relevant to the Corporate network If it has an IP address Should show at least: What devices in the lighting system are on the network Physical wired or wireless structure (Ethernet, Cable type, etc.) Hardware types and placement (switch, router, ) Network addressing schema (IPv4, IPv6, Class A, etc ) Server types and placement (webserver, data, cloud, edge..) Basic methodology (unicast, multicast, broadcast) Protocols used (Ethernet, UDP, PIM, IGMP, CoAP, etc.) UI connectivity and placement Any additional notes

IT Specification or Guide Not installation instructions or product specs You are not telling IT what you need but seeing if your requirements is allowed by the corporate IT guidelines. Only referencing Items on the network and how requirements of the connection. They don t care that you have an open or close loop daylight sensor. Johnson Controls LIT-1201578

IT Specification or Guide to hand to IT Basic network information such as: Network Architecture overview (multicast, VLAN, etc. ) Hardware and wiring configuration (physical and datalink layer) Address Configuration (network layer) Ports (Transport layer) PC and/or server requirements Protocols used (HTTPS, PIM, Ethernet, etc.) Server Architecture (N-Tier, Remote, OS, etc ) Access Requirements

Security by Obscurity is gone for our industry. Products with a microcontroller are not thought to be immune anymore! Department of Homeland Security puts out weekly found vulnerabilities on software and operating systems https://www.us-cert.gov. Products from our industry including PLCs have made the cut!

All Layers are vulnerable Tell me about your security? And? That tells me about layer 1 and 2 but what about the other layers or your application. Like are the passwords, just txt, Hashed, Salted? IT YOU We use AES 128! And What? Applications? HUMM???? https://www.us-cert.gov/securitypublications/ddos-quick-guide

Ports are the Gateway between Applications and transport of Data. Basic mechanism firewalls rely on for allowing or denying network traffic. Telnet HTTPS HTTP Make sure ports are on your documentation Port 23 Port 443 Port 80 For your web server what port do you need open? We don t allow HTTP only HTTPS on our network requiring TLS at least Version 1.1 security OK! IT YOU 443 and 80. 443 it is! TCP/UDP IP Wi-Fi Ethernet

More about IT security procedures then protocols and specifics Meaning difficult to add to specifications https://www.nist.gov/cyberframework NIST 800 Computer Security Publications computer/cyber/information, security guidelines, recommendations and reference materials http://csrc.nist.gov/publications/pubssps.html NIST 1800 NIST Cybersecurity Practice Guides practical, user-friendly guides for SP 800s http://csrc.nist.gov/publications/pubssps.html Defacto IT security policy for many sensitive installations Example C137.2 proposed Cybersecurity Requirements for Lighting Systems for Parking Facilities references NIST Cybersecurity extensively

You might be required to have Items like: Venerability Assessment A non intrusive search for weaknesses/exposures in order to apply a patch or fix to prevent a compromise GSA requires a venerability test for devices connecting /using their network Penetration Testing (pen testing) An authorized simulated attack on a hardware connected to a network and reporting results Hardening Document Document on removing all non-essential programs and utilities and closing all non-essential ports from the device

UL Cybersecurity Assistance Program (CAP) Using UL 2900 standards Initial standard just published summer of 2017 2900-1 General standard (out) 2900-2-1 Industrial (coming) 3900-2-2 Healthcare (coming) 2900-2-3life Safety (coming) Has the potential for easier specification

1. The earlier you talk to the IT department the better 2. Don t assume since you talked to one IT admin you talked to the correct person in IT. 3. Don t dictate, collaborate. 4. The IT department does not care about items not on their network. 5. Don t assume because you have been told the system or a part of your system is separate from the network IT will agree with you. 6. If they understand system architecture they can fill the security gaps, 7. Keep the IT department informed along the way.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback