200 likes | 514 Views
Security, Access and Control of an Industrial Wireless Network Mike Malone Microwave Data Systems. Agenda. Industry Trends Network Security Analysis Security and Wireless Serial Networks Wireless LAN Risk Management Summary. Industry/Market Trends.
E N D
Security, Access and Control of an Industrial Wireless Network Mike Malone Microwave Data Systems
Agenda • Industry Trends • Network Security Analysis • Security and Wireless Serial Networks • Wireless LAN Risk Management • Summary
Industry/Market Trends • Security needs are growing on a daily basis - Dispersed networks and multiply access points can leave a network vulnerable to hackers and terrorists Corporate WAN VSAT Leased line Corporate Host Centralized database holds corporate information
Industry/Market Trends • Heightened awareness and sensitivity has led to increased security efforts in all aspects of our lives • Security of critical infrastructure/assets is one of our nation’s most important objectives.
Network Security Analysis • Wired networks are also vulnerable • Telephone, fiber optic, coaxial cable have higher risk for breakage or damage due to storms, motor vehicle accidents, construction work, sabotage, and tapping • Repairs may take days or weeks during a widespread crisis • Wireless has potentially less failure points • Network Access Priority • During heavy periods of telephone use, such as an emergency situation, voice traffic is the priority, not data • Private networks have a more predictable traffic composition
Network Security Analysis • Two types of networks • Multiple service IP networks • Dedicated service serial networks • Several types of risks • Free access to internet • Databases: company records, password files, account numbers, network diagrams, manuals, location of instruments, etc. • Applications: controlling behavior of remote devices and resources
SCADA Polling Systems • Single Service Oriented • A host sends commands or requests, and expects an action/report from the RTU/PLC • Gaining access to a host through a serial channel nearly impossible • No access to console prompt and/or host operating system commands
SCADA Polling Systems • Proprietary protocols provide protection • Information is stored in custom specific registers are programmed into the devices • Passwords are used at the application layer • Hacker must “replace” the host computer to control RTU/PLC and/or have a copy of the host application as configured for the particular host • Know and understand the exact radio and RTU/PLC models • Know the protocol or have knowledge of specific site logic configuration • Be close enough to override the Master signal
Network Security Analysis • Current security issues with 802.11b wireless LAN solutions • Available protection not enabled by users • Off the shelf solutions provide relatively easy access to physical layer • WEP weaknesses published on Internet • Free software available to help break WEP encryption
Risk Management • Nothing is perfect • Network security is about layering • You can not completely eliminate risk, but you can reduce it to a manageable level
Risks and Mitigation • Eavesdropping • RC4 128 bit encryption • Key cracking • Dynamic key rotation • War driving and “sniffing” • No promiscuous mode of operation • Proprietary physical layer • Not readily available to commodity market
Risks and Mitigation • Unauthorized Network Access • Foreign remote radios • Authorized access list of remotes at Access • Rogue Access Points • Authorized Access Point list at every remote
Risks and Mitigation • Denial of Service attacks • Network overload • Bandwidth limiting • Traffic Prioritization (QoS) • Per remote radio • Per interface • Radio Frequency jamming • Frequency Hopping more resilient than Direct Sequence
Risks and Mitigation • Denial of Service attacks • Network Availability • Remote configuration • All Logins with password protection • Directory attacks • Limited login retries with temporary lockdown • HTTP with MD5 protection • Remote access lockdown • HTTP (web browser) • Telnet • SNMP v3 (encryption)
Risks and Mitigation • Denial of Service • Network availability • Industrial rated devices: Class 1 Div 2 • Industrial MTBF (35 years) • Redundancy (device and system level)
Risks and Mitigation • Intrusion Detection • Early warning notification • SNMP alarms • Login attempts • Successful Login/logout • Configuration changes executed • Unauthorized remote MAC detected • Unauthorized AP MAC detected • Network Wide Device Polling
Security Beyond Wireless • Secure communications end-to-end • Firewalls and Virtual Private Networks are essential to maintaining a secure network • Security policies include physical access • Security is not something you buy, it’s something you practice 24x7
Summary • Wireless communications provides security benefits that a wired environment cannot, but issues still exist • Internal precautions--firewalls and Virtual Private Networks--will help prevent attacks on wireless and wired networks • Industrial wireless networks can be secure despite bad press of commercial products