The problem of deploying in the real world

1
(No Transcript)
2

• Security, Access and Control
• of an Industrial Wireless Network
• Mike Malone
• Microwave Data Systems

3
Agenda

• Industry Trends
• Network Security Analysis
• Security and Wireless Serial Networks
• Wireless LAN Risk Management
• Summary

4
Industry/Market Trends

• Security needs are growing on a daily basis -
  Dispersed networks and multiply access points can
  leave a network vulnerable to hackers and
  terrorists

Corporate WAN VSAT Leased line
Corporate Host
Centralized database holds corporate information
5
Industry/Market Trends

• Heightened awareness and sensitivity has led to
  increased security efforts in all aspects of our
  lives
• Security of critical infrastructure/assets is
  one of our nations most important objectives.

6
Network Security Analysis

• Wired networks are also vulnerable
• Telephone, fiber optic, coaxial cable have higher
  risk for breakage or damage due to storms, motor
  vehicle accidents, construction work, sabotage,
  and tapping
• Repairs may take days or weeks during a
  widespread crisis
• Wireless has potentially less failure points
• Network Access Priority
• During heavy periods of telephone use, such as an
  emergency situation, voice traffic is the
  priority, not data
• Private networks have a more predictable traffic
  composition

7
Network Security Analysis

• Two types of networks
• Multiple service IP networks
• Dedicated service serial networks
• Several types of risks
• Free access to internet
• Databases company records, password files,
  account numbers, network diagrams, manuals,
  location of instruments, etc.
• Applications controlling behavior of remote
  devices and resources

8
SCADA Polling Systems

• Single Service Oriented
• A host sends commands or requests, and expects an
  action/report from the RTU/PLC
• Gaining access to a host through a serial channel
  nearly impossible
• No access to console prompt and/or host operating
  system commands

9
SCADA Polling Systems

• Proprietary protocols provide protection
• Information is stored in custom specific
  registers are programmed into the devices
• Passwords are used at the application layer
• Hacker must replace the host computer to
  control RTU/PLC and/or have a copy of the host
  application as configured for the particular host
• Know and understand the exact radio and RTU/PLC
  models
• Know the protocol or have knowledge of specific
  site logic configuration
• Be close enough to override the Master signal

10
Network Security Analysis

• Current security issues with 802.11b wireless LAN
  solutions
• Available protection not enabled by users
• Off the shelf solutions provide relatively easy
  access to physical layer
• WEP weaknesses published on Internet
• Free software available to help break WEP
  encryption

11
Risk Management

• Nothing is perfect
• Network security is about layering
• You can not completely eliminate risk, but you
  can reduce it to a manageable level

12
Risks and Mitigation

• Eavesdropping
• RC4 128 bit encryption
• Key cracking
• Dynamic key rotation
• War driving and sniffing
• No promiscuous mode of operation
• Proprietary physical layer
• Not readily available to commodity market

13
Risks and Mitigation

• Unauthorized Network Access
• Foreign remote radios
• Authorized access list of remotes at Access
• Rogue Access Points
• Authorized Access Point list at every remote

14
Risks and Mitigation

• Denial of Service attacks
• Network overload
• Bandwidth limiting
• Traffic Prioritization (QoS)
• Per remote radio
• Per interface
• Radio Frequency jamming
• Frequency Hopping more resilient than Direct
  Sequence

15
Risks and Mitigation

• Denial of Service attacks
• Network Availability
• Remote configuration
• All Logins with password protection
• Directory attacks
• Limited login retries with temporary lockdown
• HTTP with MD5 protection
• Remote access lockdown
• HTTP (web browser)
• Telnet
• SNMP v3 (encryption)

16
Risks and Mitigation

• Denial of Service
• Network availability
• Industrial rated devices Class 1 Div 2
• Industrial MTBF (35 years)
• Redundancy (device and system level)

17
Risks and Mitigation

• Intrusion Detection
• Early warning notification
• SNMP alarms
• Login attempts
• Successful Login/logout
• Configuration changes executed
• Unauthorized remote MAC detected
• Unauthorized AP MAC detected
• Network Wide Device Polling

18
Security Beyond Wireless

• Secure communications end-to-end
• Firewalls and Virtual Private Networks are
  essential to maintaining a secure network
• Security policies include physical access
• Security is not something you buy, its something
  you practice 24x7

19
Summary

• Wireless communications provides security
  benefits that a wired environment cannot, but
  issues still exist
• Internal precautions--firewalls and Virtual
  Private Networks--will help prevent attacks on
  wireless and wired networks
• Industrial wireless networks can be secure
  despite bad press of commercial products

20
(No Transcript)