Securing Industrial Automation Networks – Part 1: Lingo and Regulation

Tags

, , , , , , , ,

We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.

In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading

Advertisement

Plain Vanilla SEO (Search Engine Optimization)

Tags

, , , , , , , , , , , , , , , ,

A common sense explanation and realist approach to Search Engine Optimization

I was reading through some articles on my father in law’s company blog /ebscospring/ in relation to ISO certifications. I started to leave a comment that eventually turned into an article, in reference to a post requested at the behest of the individual managing SEO for them. Even though SEO is not necissarily relevant to networking, it has come up quite a bit lately. Hopefully, my experience can provide some light in a rather conveluded maze of tactic.

SEO is a tough game. Most people get wind of the concepts and they build the following punch list in their heads:

Step 1. Build a website.

Step 2. ?

Step 3. $$$

Most people even realize you need people to look at it, and you need Top Search Order to make it easily accessible to your perspective audience. About this point is where we make big mistakes or just waste our own time.
Continue reading

TCP and Port Filtering / Firewalls with WinSock

Tags

, , ,

Introduction

This is in reference to the following article:
http://www.codeproject.com/Articles/85602/PortQry-Implementation-using-TcpClient-Socket-and

It’s been a few years since I’ve looked at this and recently I had received a notification that someone had posted a response. First I would like to agree with emilio_grv’s response in that Application Programmers should be very careful about handling timeouts within the application. As with any application development, make sure you cleanup any non-used resources as soon as possible, especially with sockets, as you’ll extinguish the available source ports that can be used. In windows environments, the default is 3977.

Background

As a connection timeout is not a parameter available within the TcpClient.BeginConnect() or TcpClient.Connect() functions, an issue arises for those who have large scale processes that must be accomplished in a timely fashion.

With the use of firewalls in the network we make a compromise, trading network visibility for security. We often no longer get a response from the TCP stack at the far end or sometimes even the ICMP message back when a packet passes a firewall whether there is a problem or not. Even more frustrating, we may have no choice in the matter, as another group or organization could be managing the firewalls, and so policy change can be difficult if not impossible altogether. Continue reading