IT Security for Meteorological Measuring Networks

Slides:



Advertisements
Similar presentations
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Advertisements

Internet Protocol Security (IP Sec)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
NETWORK SECURITY.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Presentation by Future Trends & Applications for Remote Surveillance.
Firewall Slides by John Rouda
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
 2013, Infotecs ViPNet Technology Advantages.  2013, Infotecs GmbH In today’s market, along with the ViPNet technology, there are many other technologies.
Intranet, Extranet, Firewall. Intranet and Extranet.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
1. SERIAL CONNECTION TO A PC Direct connection to the PC via a serial cable. Suitable for dataloggers with a serial RS-232 port. Communication via a serial.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Client/Server Model: A Business View The different Client/server implementations differ according to: 1.Where the processing for the presentation of information.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
VPN: Virtual Private Network Presented By: Wesam Shuldhum ID:
VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.
SECURITY IN VIRTUAL PRIVATE NETWORKS PRESENTED BY : NISHANT SURESH.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Virtual Private Networks
Virtual Private Networks
Mobile equipment for vacuum control
Virtual Private Networks and IPSec
Palo Alto Networks Certified Network Security Engineer
Case Study: Real Life Unified Architecture Value
Providing Teleworker Services
Virtual Private Networks (VPN)
Virtual Private Networks
Top 5 Open Source Firewall Software for Linux User
Virtual Private Network
WLAN(stands for wireless LANs)
Version B.00 H7076S Module 3 Slides
Network Security Analysis Name : Waleed Al-Rumaih ID :
Chapter 18 IP Security  IP Security (IPSec)
Computer Data Security & Privacy
IPSec IPSec is communication security provided at the network layer.
Virtual Private Networks (VPN)
Understand Networking Services
Virtual Private Networks
Computer Technology Notes #4
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Guide to Computer Network Security
Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations.
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
Virtual Private Network
Firewalls Routers, Switches, Hubs VPNs
VPN: Virtual Private Network
Introduction to Network Security
Cengage Learning: Computer Networking from LANs to WANs
By Seferash B Asfa Wossen Strayer University 3rd December 2003
Designing IIS Security (IIS – Internet Information Service)
Topic 12: Virtual Private Networks
AT&T Firewall Battlecard
Providing Teleworker Services
Principles of Information Technology
Presentation transcript:

IT Security for Meteorological Measuring Networks Dipl.-Ing. Gerhard Pevny Logotronic GmbH Vienna, Austria gerhard.pevny@logotronic.co.at Mag. Roland Potzmann ZAMG - Zentralanstalt für Meteorologie und Geodynamik Vienna, Austria roland.potzmann@zamg.ac.at I

Overview Motivation for the project Basic technical requirements Basics of IT-Security TAWES technical solution Conclusion and actual state of the project I

Motivation for the Project TAWES - The Austrian public meteorological measuring network operated by ZAMG Since 2005 about 300 AWS In the beginning data transfer via modem over telephone lines (TUS), GSM In the last years change to Internet technologies on all levels (communication, datalogger, video cameras, ...) Increasing risk of hacker attacks I

Motivation for the Project Project targets Best possible IT security for AWS, central servers and maintenance workplaces Prepared for the Internet of Things - IoT Long system lifetime although using latest technological standards Independence of propriatory security solutions offered by service providers Update of the existing, well working measuring network, no complete replacement I

LAN at Measuring Station Level - TAWES V2.0 Network Center ZAMG Vienna LAN at Station Level TAWES Network LAN at Station Level LAN at Station Level I

Basic Technical Requirements Application of only well proven Internet standards No propriatory software nor propriatory protocols on network level Long system lifetime by using well established open source software and standard hardware from the shelf, for the network components, no „black boxes“ in the system Modular extension of the existing TAWES stations. Should be applicable also for other station-types. I

Basics of IT-Security The technical solution has to guarantee all of the following 4 IT-security requirements: Authenticy -> You can be shure, that you communicate with the right partner Confidentiality -> Only you can see yor data Data integrity -> What´s sent is also received Protection against malware I

TAWES V2.0 AWS Structure wireless GPRS Modem Datalogger LAN, ADSL Sensor 1 Sensor Datalogger GPRS Modem wireless Sensor 2 LAN, ADSL Sensor Bus TUS Sensor n Original TAWES Station Layout I

TAWES V2.0 AWS Structure Datalogger SAT Sensor Bus Internet Gateway ^ Sensor 1 Sensor Datalogger SAT Sensor 2 Sensor Bus Internet Gateway Datalogger Wireless IP Camera LAN, ADSL Sensor n IP Sensors (IoT) TAWES V2.0 - Ethernet LAN at Station Level I

Technical Solution TAWES V2.0

Tunnels through Internet VPN Tools for creating tunnels: IPsec (Internet Protocol Security) Old Internet standard, works on Internet Layer -> completely transparent for applications perfect for point to point applications OpenVPN Open-source application perfect for remote-access applications I

IPsec - OpenVPN Both systems are applied in TAWES V2.0 IPsec Routine data transfer - point to point - AWS to server OpenVPN Maintenance network - remote access to all network modules Logically completely separated VPNs I

Authentication Authentification by digital certificates (X.509 standard) = ID-cards for all network members Advantages: One certificate per user Central administration of certificates by TAWES CA (Certification Authority) Easy installation of certificates at AWS and maintenance PCs Flexibility: Certificates with limited validity period, TAWES certificate revocation list I

Confidentiality, Data Integrity, Malware Both IPsec and OpenVPN offer highest security level by flexible and scalable encription methodes Same security level as for i.e. money transfers Tunnelling offers the possibility to close stations and servers completely against all access from outside the TAWES network by simple firewall rules. Only data traffic inside tunnels is allowed. I

Additional Benefits Additional benefits coming with nearly no additional effort by using this technology: AWS are establishing the VPN --> two-way communication without fixed station IP-addresses, the VPN, not the network provider is creating fixed addresses Hierachical TAWES NTP-time synchronization TAWES DNS server, access to AWS by symbolic station name (url) Easy integration of satellite services (Internet via Sat) Actually in test operation: Inmarsat, Thuraya, Eutelsat TooWay Complete network communication monitoring by use of „Packet Capture“ functionality on all system levels. I

Conclusion, actual State of Project Laboratory tests ongoing since some months Field test operation just starting with a small number of AWS, but with complete network functionality including sat- and video- systems. Field test planned for about 6 months. Field-Testbox I

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.