Wireless Ethernet: Technologies and Security for the Water Industries

Similar documents
Wireless Network Security

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

5 Tips to Fortify your Wireless Network

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless technology Principles of Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Introduction to Information Security Dr. Rick Jerz

Chapter 24 Wireless Network Security

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Wireless Attacks and Countermeasures

What is Eavedropping?

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Chapter 1 Describing Regulatory Compliance

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Welcome to PHOENIX CONTACT Routing

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Wireless MAXg Technology

Building a Secure Wireless Network. Use i and WPA to Protect the Channel and Authenticate Users. May, 2007

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Wireless Network Security Fundamentals and Technologies

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

Basic Wireless Settings on the CVR100W VPN Router

4 Information Security

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Wireless# Guide to Wireless Communications. Objectives

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Wednesday, May 16, 2018

ICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

BYOD: BRING YOUR OWN DEVICE.

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Wireless Security Algorithms

Wireless LAN, WLAN Security, and VPN

NETWORK THREATS DEMAN

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Configuring your Home Wireless Network

Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Personal Cybersecurity

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Technology Security Failures Common security parameters neglected. Presented by: Tod Ferran

Application Note: WLAN Troubleshooting Using AirCheck G2 Wireless Tester

If you have multiple computers in the same place, you may find it convenient

Wireless LAN Security. Gabriel Clothier

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

Digital Entertainment. Networking Made Easy

Securing Information Systems

How Breaches Really Happen

Mobile Security Fall 2013

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Cyber Attacks & Breaches It s not if, it s When

Wireless LAN Security (RM12/2002)

Layer by Layer: Protecting from Attack in Office 365

Configuring a Wireless LAN Connection

Practical SCADA Cyber Security Lifecycle Steps

TopGlobal MB8000 Hotspots Solution

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

How to Build a Culture of Security

Children s Health System. Remote User Policy

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

PCI Compliance. What is it? Who uses it? Why is it important?

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Chapter 3 Wireless Configuration

An introduction to wireless security at home, on the road and on campus. Sherry Callahan and Kyle Crane

Comprehensive Networking Solutions

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

THE 123 OF WIRELESS SECURITY AT HOME 家居 WIFI 保安 123

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Securing Industrial Control Systems

Protecting from Attack in Office 365

Application Note: WLAN Troubleshooting Using AirCheck G2 Wireless Tester

Application Note: WLAN Troubleshooting Using AirCheck G2 Wireless Tester

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

LESSON 12: WI FI NETWORKS SECURITY

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Keys to a more secure data environment

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

BEST PRACTICES FOR PERSONAL Security

Layered Access Control-Six Defenses That Work. Joel M Snyder Senior Partner Opus One, Inc.

Data Communication. Chapter # 5: Networking Threats. By: William Stalling


Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

SCADA Security at. City of Guelph Water Services

MIS Class 2. The Threat Environment

Teradata and Protegrity High-Value Protection for High-Value Data

WIRELESS N USB ADAPTER USER MANUAL

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Chapter 12. Information Security Management

COMPLETING THE PAYMENT SECURITY PUZZLE

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

On the Internet, nobody knows you re a dog.

Transcription:

Wireless Ethernet: Technologies and Security for the Water Industries John Lavoie, Mike Nager Phoenix Contact, Inc. 5 th ISA Water/Wastewater Automatic Controls Division Symposium (WWAC) 3-5, Orlando, Florida 1

Agenda Why Wireless Wireless Ethernet Technologies Differences and how to chose Securing Wired/Wireless Communications Applications

Using Wireless in Industrial Applications Wireless has become a standard in everyday life Commercially, for convenience Industrially, to solve problems Developments in industrial wireless are accelerating very rapidly New technologies are in development Standards are being created specifically for industry

Benefits of Wireless in Industrial Applications Lower installation costs (than wired solutions) Labor savings Permits and delays Material cost Faster installation vs. traditional cabling More application flexibility Offer an alternative to wiring harnesses and slip rings that could wear out on moving devices Provide monitoring and control of stranded devices in remote locations

Phoenix Contact Industrial Wireless Communication Solutions (Application Space Matrix) Kbps Data Rate Mbps Miles Distance 100 s of ft transmitters 802.11 (a, b, g etc) 802.11 (a, b, g etc) Remote UHF Proprietary wireless Wi-Fi standards 802.11 (a, b, g etc) UHF UHF Wireless

Wireless Ethernet Technologies Bluetooth Short distances (Typical <300 ) Fastest update times Data rates up to 3Mbps Ethernet, Serial, or Wire-in Wire-Out I/O WLAN (Wi-fi / 802.11) Medium distances (Typical 1000-3000 ) Fast update times Data rates up to 54Mbps Ethernet, Serial, or I/O

Wireless Ethernet Technologies Proprietary Wireless (Trusted Wireless) Long distances (Typical 1-3 Miles) Slower update times Data rates up to 500Kbps Ethernet, Serial, or I/O Cellular (GSM/CDMA/2G/3G) Very Long distances (Around the world) Slowest update times Data rates up to 14.4Mbps Ethernet, Serial, or I/O

Different Layers of Wireless Security Encryption takes plane text and makes it unreadable while flowing over a network Authentication ensures the devices on a network are suppose to be there Attacks can be preformed at various levels of a network. To combat attacks a network must contain high levels of both encryption and authentication

Wi-Fi (802.11a/b/g/n) Security Encryption WEP (Wired Equivalent Privacy) Publicly known to be unsecured and hackable. Not a suitable form of Encryption Hack time 1-2 minutes (or less) http://news.techworld.com/security/8456/researchers-crack-wep-wifi-security-in-record-time/

Wi-Fi (802.11a/b/g/n) Security Encryption WPA (Wi-Fi Protected Access) PSK (Pre-Shared Key) with TKIP Susceptible to attack PSK (Pre-Shared Key) with AES Considered fairly secure http://www.zdnet.com/blog/btl/researchers-crack-wpa-wi-fi-encryption-in-60-seconds/23384

Wi-Fi (802.11a/b/g/n) Security WPA2 (Wi-Fi Protected Access 2) PSK (Pre-Shared Key) with AES Considered secure Enterprise mode offers the greatest level of security although this requires additional hardware Now required for a device to be considered Wi-Fi Certified http://www.wi-fi.org/news_articles.php?f=media_news&news_id=16

Wi-Fi (802.11a/b/g/n) Security Enterprise Level Client tries to join the network Using specific port defined by 802.1x the EAP is used to talk to the Authentication Server Because of the 802.1x port protocol nothing can see the authentication process and the client can see nothing on the network Handshaking occurs and the Authentication server either authorized or denied access to the client User Name: Password: Access Point Authentication server Network Client Switch

Wireless Security is only half the battle Wireless security is important however the same principles used for a physical networks should also be applied to wireless networks. This will further enhance the security of the overall network.

Why Networks Need Security Threats Network overload by technical defects, broadcast storms Automation gear is optimized to handle certain traffic Easily disrupted by floods or other attacks Unauthorized or accidental access or equipment Engineer connects to wrong PLC IP address. Malware (Worms) Unintended introduction and dissemination of malware Intended, targeted attacks from inside and outside: sabotage, espionage, white-collar crime, cyber terrorism

Why Networks Need Security - Risks Potential Damages (Risks) Loss of production Time and $$$ Damage caused to health and environment Loss of intellectual property (process knowledge and data) Loss of compliance NERC FDA Water/WasteWater coming soon Damage to corporate image

The Need for Security Control Network Not nearly the visibility or urgency as in IT world 3 main reasons Many plant folk consider their equipment impervious to attacks or an unlikely target for a hacker or that hacking their stuff is difficult to do. Many neglect the fact they are now connected to other networks Many rely on IT to handle that sort of thing Many challenges in securing control networks vs IT network E.g. longer life-cycles, harsh environmental requirements NTARS Never Touch A Running System Tools and know-how to hack control systems becoming easier to obtain

Cyber Security problem is growing Hacks, attacks, broadcast storms, etc. happen every day. Not just an IT problem anymore Inter-connectedness has a lot of plusses, but security must be addressed. Sophistication of attacks are rising while Expertise needed to pull of an attack is dropping October 2009

Attacks are happening including in W/WW Industry Disgruntled employee and Dirty water Recently fired employee at an Australian Waste Water facility connects into unsecured Access Point Using knowledge of the SCADA system he helped design, releases 264,000 gallons of sewage into rivers Does this over 3 weeks. First 2.5 weeks, nobody knew Took advantage of poor security (Wireless Access point) and his knowledge of the application to Gain System Control BTW 264,000 gallons is more than 35000 cubic feet, i.e. a football field covered in 9 inches http://www.gao.gov/new.items/d04140t.pdf

So what can you do??? Take control of the situation Yes It is IT s job to protect the network but Everyone has a role to play Anyone can do their part Somebody needs to take the initiative Or Nobody will be able to work? In many situations IT has a *bad* relationship with the plant guys Don t cut off your nose to spite your face

So what can you do??? Defend your network: Firewall to limit traffic both into and out of your network Segment your control network from IT networks and other control networks Protect against common attacks such as Broadcast Storms, Spoofing and Denial of Service If customer still insists IT takes care of this ask when was the last audit? Make sure Remote Access is Secure Access

So what can you do??? Control Who Has Access Technicians, vendors, etc. may have a valid need for access to some equipment That access should not be eternal and all powerful! When they leave (voluntary or otherwise) revoke their accounts Change shared passwords they may know Use common sense: Change passwords from default values Be cautious what you download from the Net (and on what PC you download it)

So what can you do??? Defense in Depth Multiple diverse layers of protection are better than a single monolithic one. Easier to be granular and specific when in control over your own access rules This means one big firewall isn t good enough! Great Wall of China model doesn t work for network security. One breach destroys a dynasty.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback