SEL-3620 ETHERNET SECURITY GATEWAY

Similar documents
Merge physical security and cybersecurity for field operations.

Real-Time Automation Controller (RTAC) Powerful, reliable, and secure multifunction controller

COMMUNICATIONS AND NETWORKING SECURE AND DEPENDABLE COMMUNICATIONS FOR CRITICAL INFRASTRUCTURE

Authenticate and encrypt all serial data communications to protect critical assets

NERC PRC-002 Recording Solutions

Real-Time Automation Controllers (RTACs) Economical, multifunctional, compact real-time automation control

SEL-3610 Port Server

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Automation Services and Solutions

RTAC. SEL Real-Time Automation Controller. Integrate station control, a web-based HMI, and logging through one reliable system.

N-Dimension n-platform 340S Unified Threat Management System

Standard Req # Requirement D20MX Security Mechanisms D20ME II and Predecessors Security Mechanisms

SEL Real-Time Automation Controller (RTAC)

A low-cost, economical solution for distribution feeder protection

Electronic Access Controls June 27, Kevin B. Perry Director, Critical Infrastructure Protection

Fundamentals of Network Security v1.1 Scope and Sequence

CIS Controls Measures and Metrics for Version 7

Designed, built, and tested for troublefree operation in extreme conditions

HikCentral V.1.1.x for Windows Hardening Guide

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

CIS Controls Measures and Metrics for Version 7

Human-Machine Interface (HMI) for SEL Real-Time Automation Controllers (RTACs)

IT Services IT LOGGING POLICY

IC32E - Pre-Instructional Survey

HikCentral V1.3 for Windows Hardening Guide

Modular Real-Time Automation Controller. Dependable control for harsh environments in a fully integrated, flexible platform

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Paloalto Networks PCNSA EXAM

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Connectivity 101 for Remote Monitoring Systems

vshield Administration Guide

Document Number: rev D Intuitive Surgical, Inc. OnSite Overview. for the da Vinci Xi and da Vinci Si Surgical System.

Quick Start Guide LES1308A, LES1316A LES1332A, LES1348A. Securely manage data center and network equipment from anywhere in the world.

Application Note. Protecting Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

NERC-CIP CAN-0024: Securing Critical Cyber Assets with Data Diodes

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Getting Started With SEL-3555 RTAC

Understanding Cisco Cybersecurity Fundamentals

CCNA Security 1.0 Student Packet Tracer Manual

Standard CIP Cyber Security Systems Security Management

IPM Secure Hardening Guidelines

ICSJWG 2010 Spring Conference

SEL-3332 Intelligent Server

CyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory

SEL-2730M. Reliably Control and Monitor Your Substation and Plant Networks. Managed 24-Port Ethernet Switch

CyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory

What Protection Engineers Need to Know About Networking. ANCA CIORACA, ILIA VOLOH, MARK ADAMIAK Markham, ON, CA King of Prussia, PA GE Digital Energy

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

Firewalls, Tunnels, and Network Intrusion Detection

Advanced distribution feeder solution with integrated protection, monitoring, and control

Secure Access & SWIFT Customer Security Controls Framework

Rev.1 Solution Brief

Orion. An Overview of the Orion Automation Platform

Stonesoft Management Center. Release Notes Revision A

Standard CIP 007 4a Cyber Security Systems Security Management

Seceon s Open Threat Management software

jk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

OrionLX. An Overview of the OrionLX Product Line

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Network Configuration Example

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ASA/PIX Security Appliance

Table of Contents Table of Contents Disclaimer...4 Executive Summary...5 Background...6 Scope... 6 Audience... 6 Intent... 6 Other Materials... 6 Crit

Chapter 9. Firewalls

Standard CIP 007 3a Cyber Security Systems Security Management

Gigabit SSL VPN Security Router

Using Smart Cards to Protect Against Advanced Persistent Threat

Bus Differential and Breaker Failure Relay. Advanced bus protection with built-in breaker failure detection

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

HP Instant Support Enterprise Edition (ISEE) Security overview

Standard CIP Cyber Security Systems Security Management

RUGGEDCOM CROSSBOW. Secure Access Management Solution. Brochure 10/2017. siemens.com/ruggedcom

COMPUTER NETWORK SECURITY

Bus Differential and Breaker Failure Relay. Advanced bus protection with built-in breaker failure detection

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

Real-time visualization for detecting and solving power system challenges

RSA Authentication Manager 8.0 Security Configuration Guide

SEL Time-Domain Link (TiDL ) Technology

TABLE OF CONTENTS. Section Description Page

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Standard CIP Cyber Security Electronic Security Perimeter(s)

Data Server for PC5200 as Remote Terminal V1.00 9/22/05

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

Security Fundamentals for your Privileged Account Security Deployment

Virtual Private Networks (VPN)

PA-DSS Implementation Guide For

Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Evolution Of The Need For IAM. Securing connections between people, applications, and networks

Who s Protecting Your Keys? August 2018

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Transcription:

ETHERNET SECURITY GATEWAY

STRONG ACCESS CONTROL FOR YOUR ELECTRONIC SECURITY PERIMETER Firewall Ethernet WAN SEL-421 SEL Relays Serial Ethernet Security Gateway Real-Time Automation Controller (RTAC) SEL-3530 Ethernet LAN SEL-2730M Managed Switch Ethernet LAN SEL-3610 Port Server OTHER IED SEL- 7XX SEL-421 SEL Relays SEL-351S SEL Relays 2

KEY FEATURES Centralized Access to Relays and Intelligent Electronic Devices (IEDs) Use the Ethernet Security Gateway to provide a central point of entry to critical cyber assets with user-based access controls and detailed activity logs. Log onto the, not individual IEDs. Manage user accounts and group memberships centrally using Lightweight Directory Access Protocol (LDAP)- accessible systems, such as Microsoft Active Directory. Additional Remote Authentication Dial-In User Service (RADIUS) functionality enables the use of multifactor authentication technology, such as RSA tokens. Embedded Whitelist Antimalware Resist known and unknown malware attacks against SEL Security Gateways with exe-guard embedded antivirus. Powerful rootkit resistance technology, embedded Linux mandatory access controls, and process whitelisting help mitigate attacks against the gateway itself and eliminate costly patch management and antivirus signature updates. Substation Firewall and IPsec VPN Endpoint Secure your substation network from malicious traffic with a powerful denyby-default firewall. Manage status and configuration with an intuitive, menudriven interface. Securely connect critical networks to the control center using Internet Protocol Security (IPsec) virtual private networks (VPNs). Use X.509 certificates with Online Certificate Status Protocol (OCSP) to centrally manage trust. The is interoperable with Lemnos -compliant devices. Strong Auditability and User Activity Reports Log and time-stamp user access and every command entered on critical IEDs. Integrate event records into existing log management systems using Syslog. Protect IEDs with strong passwords, and block shared or default accounts. Granular access controls limit users access to their assigned roles on individual IEDs. IED Password Management Enforce strong passwords on IEDs, and have them automatically changed on a configurable schedule. Satisfy regulatory password requirements, and ensure that no weak or default passwords are in use. Manage passwords on IEDs that use command-line interfaces and on devices that use Modbus protocol, such as GE UR series relays. NERC CIP Requirement Support Implement strong user-based access control to the electronic security perimeter (ESP) while protecting IEDs with strong passwords and blocking shared or default accounts. Granular access control limits a user s access to assigned roles on individual IEDs. Log all user activity, and quickly alert system operators via remote Syslog destinations. Serial-to-Ethernet Transceiver Expand your protocol compatibility by converting serial DNP3 and Modbus to Ethernet DNP3 Transmission Control Protocol (TCP) and Modbus TCP on the fly. Establish an Ethernet connection using Secure Shell (SSH), Telnet, or raw TCP encapsulation to create a persistent tunnel between a logical Ethernet port and a physical serial port. Virtual Software Client Support Transform unsecure serial or legacy Ethernet communications on Windows computers to cryptographically secure channels by using SEL-5827 Virtual Connect Client or SEL-5828 Virtual Port Service Software. These applications are provided free by SEL to make remote ports available for existing software and terminal applications on your PC, including those using Modbus TCP/RTU. Data are secured using SSH with port groups, master ports, and serial ports. 3

PRODUCT OVERVIEW Ethernet Link Status LEDs Serial RX/TX LEDs Lamp Test Button IRIG-B Input/Output BNC Ports Rear Ethernet Ports 4

System Status Indication LEDs Front Ethernet Port Front USB Ports 16 DB-9 EIA-232/-422/-485 Software- Selectable Serial Ports With IRIG-B and 5 V Power on Pin 1 Isolated COM Port 17 5

APPLICATIONS SENSIBLE, MANAGEABLE, SCALEABLE CYBERSECURITY SOLUTIONS Protected Device Password Management Manage IED passwords quickly and efficiently with the. Enforce strong passwords on IEDs that automatically change on a configurable schedule, and ensure that no default or weak passwords are in use on critical networks. Users only need to know their own password, not the IED s. User Access Control Query Microsoft Active Directory using LDAP or RADIUS. System administrators can easily add and remove user-based account access and authorized access levels to specific devices from a central location. Jane: MyPassw0rdz!! Substation Perimeter I m Bob. I need to access an SEL-421 through the. EVE Is Bob an approved user? Yes, Bob is approved. Directory Server SEL-2032 SEL-3610 SEL-421 IED: @!&A#*zS^jH#SDasd OTHER IED SEL-351S 6

User Activity Reports Provide granular reports that correlate unique users to individual IED commands. Thoroughly log all user activities on protected devices to know exactly who did what and when. Users with appropriate privileges can download connection reports for detailed user activity audits and to provide maximum user accountability. Time Synchronization Provide time synchronization to all your protected substation IEDs, data concentrators, and rugged computing devices. Distribute highly accurate time over both IRIG-B and Ethernetbased Network Time Protocol (NTP). Should a satellite time source be disrupted temporarily, the will synchronize substation time using its own internal clock. Authorized Personnel Only! Login: Bob Password: G000-Bob! =>LIST Available Devices: SEL-351S SEL-2032 =>SELECT SEL-351S =ACC =>2AC =>>MET GPS Time Source SEL-2407 Substation Perimeter SEL-2032 SEL-351S ACC PW: 2&%az3! 2AC PW: $5zy8/5l MET To Corporate SEL-2730M OTHER IED SEL-3530 SEL-3355 SEL-351 Reports Database 7

MAKING ELECTRIC POWER SAFER, MORE RELIABLE, AND MORE ECONOMICAL SCHWEITZER ENGINEERING LABORATORIES, INC. Tel: +1.509.332.1890 Email: info@selinc.com Web: www.selinc.com 2009 2014 by Schweitzer Engineering Laboratories, Inc. PF00197 20140115

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback