As we have discussed elsewhere, communication between two devices residing on different sub-networks or VLANs must traverse a sub-network boundary router. The router makes forwarding decisions primarily based upon the IP address and subnet mask.
Firewall – a tool, not a solution
A line of defence
When the topic of security comes up, many think of the firewall as the solution. In fact, the firewall is a product – security is a state of mind. Security means different things to different peopl,e and much depends upon an individual or an organisational ‘appetite for risk’. Security is as much down to the individual’s attitude towards good practice as it is to the features of a highly specified intrusion detection system (IDS). Secure systems will consider all threats and employ practices, products and monitoring systems to evidence effectiveness. Firewalls are deployed to secure the perimeter of a network or sub-network. The perimeter may be to an untrusted public network such as the Internet, an internally segmented process network that requires data from a remote system or a remote maintainer gaining access from home or a hotel. An un-monitored and un-patched firewall may provide certain individuals with a sense of security. Much like the ‘Emporer’s Clothes’ https://www.phrases.org.uk/meanings/the-emperors-new-clothes.html this sence of security wiill not keep the crown jewels safe from prying eyes. In cyber terms, a targeted attack will compromise a vulnerability and, with no monitoring in place, the breach of security will likely go unnoticed. A correctly deployed firewall is an extremely effective and therefore important tool in a network security system. The ability to look into the data transmission header information and filter out (drop) unauthorised traffic flows, then report on the drop, is the primary firewall role. Following good practice, where two independent firewalls protect a process-critical network from any untrusted network, a network perimeter can be robust and the benefits of using ‘open’ transmission technologies realised.
Awareness is the key
Operational ‘OT’ Technology networks (e.g. SCADA) tend to be predictable when it comes down to the devices in the system and the communication that they need. Determining what normal connectivity and activity look like is relatively straightforward. Understanding what normal looks like and setting various thresholds based on normal allows the abnormal to be detected. Detection of abnormal network activity can be an indicator of failure, degraded operation or compromise. IT4A have developed a network security operations centre service for OT environments that uses a combination of polling and generic device log data to visualise abnormal activity for further investigation. If you would like to talk to IT4A, discuss and potentially review your security position, please contact us here.
GET IN TOUCH FOR ALL YOUR AUTOMATION NETWORKING, CYBER-SECURITY, & PROTECTIVE MONITORING REQUIREMENTS
Automation networks rely upon five key technology areas:
“I can honestly say that with IT4A working alongside us we assembled the right team and managed to achieve all our goals successfully”
Nuclear Sector, Project Manager