Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development.

Slides:



Advertisements
Similar presentations
Ethernet Switch Features Important to EtherNet/IP
Advertisements

Network Systems Sales LLC
Introducing Campus Networks
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Guide to Network Defense and Countermeasures Second Edition
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Federal Student Aid Technical Architecture Initiatives Sandy England
Unified Logs and Reporting for Hybrid Centralized Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Clinic Security and Policy Enforcement in Windows Server 2008.
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Jeffrey A. Shearer, PMP Principal Security Consultant Network and Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
1 IS 8950 Managing Network Infrastructure and Operations.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION Speed Integration with Ethernet-enabled CENTERLINE® MCC,
Business Data Communications, Stallings 1 Chapter 1: Introduction William Stallings Business Data Communications 6 th Edition.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
BroadbandSuite Unleashing the Power Of Broadband October 15, 2006 Lisa Garza, Member Board of Directors, DSL Forum.
The Challenge of IT-Business Alignment
MIS3300_Team8 Service Aron Allen Angela Chong Cameron Sutherland Edment Thai Nakyung Kim.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 6 of the Executive Guide manual Technology.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Campus Network Development Network Architecture, Universal Access & Security.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Copyright © 2014 Rockwell Automation, Inc. All rights reserved. PUBLIC INFORMATION Rev 5058-CO900E T12 Network Security - Proper Elements of Network design.
Copyright © 2013 Rockwell Automation, Inc. All rights reserved. PUBLIC INFORMATION Rev 5058-CO900E PUBLIC INFORMATION Welcome & Introduction Plant-wide.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Empowering Smart Machines.
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.Rev 5058-CO900C Migration Solutions Moving Toward a Competitive Tomorrow.
Copyright © 2013 Rockwell Automation, Inc. All rights reserved. PUBLIC INFORMATION Rev 5058-CO900E PUBLIC INFORMATION Network Security Trends & Fundamentals.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Plant-wide Benefits of EtherNet/IP Seminar
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
IS3220 Information Technology Infrastructure Security
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Networks Infrastructure and Security Portfolio Overview
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
IoT Edge Analytics Richa Asarawala Software Engineer 10/20/1016.
REMOTE MANAGEMENT OF SYSTEM
A M E M B E R O F T H E K E N D A L L G R O U P
IS4680 Security Auditing for Compliance
IT Management Services Infrastructure Services
Microsoft Virtual Academy
Presentation transcript:

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development Leader, Network and Security Services

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Strategic Assessment

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION COMMON SECURE NETWORK INFRASTRUCTURE OT IT... Standards, Academia, Industry Initiatives Collaboration Is Key To Realizing The Connected Enterprise 3 Convergence

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 4 The Connected Enterprise EXECUTION MODEL Analytics Secure, Upgrade Working Data Capital Optimize & Collaborate Assessment

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Stage 1: Assessment 5 Evaluates all facets of the OT/IT Network  Information infrastructure (hardware and software)  Controls and devices (sensors, actuators, motor controls, switches, etc.)  Networks that move all of this information  Security policies (understanding, organization, enforcement)

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Customer Testimonials 6

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 7 Physical Media  Extremely critical to have a sound cable installation  70% of all issues are physical media-related Network Design  Extremely critical to have a well thought out network design Does this look familiar?

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 8 Does your “Design” look like this?

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 9 Proper design and installation is critical for maintaining, managing, troubleshooting. What your installation should look like

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 10 Networking Design Considerations Network Technology Convergence  Recommendations and guidance to help reduce Latency and Jitter, to help increase data Availability, Integrity and Confidentiality, and to help design and deploy a Scalable, Robust, Secure and Future-Ready EtherNet/IP network infrastructure  Single Industrial Network Technology  Robust Physical Layer  Segmentation  Resiliency Protocols and Redundant Topologies  Time Synchronization  Prioritization - Quality of Service (QoS)  Multicast Management  Convergence-Ready Solutions  Security - Defense-in-Depth  Scalable Secure Remote Access

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Application Requirements Network Technology Convergence - Performance 11 Source: ARC Advisory Group  What is real-time?  Application dependent ….. only you can define what this means for your application. Function Information Integration, Slower Process Automation Time-critical Discrete Automation Motion Control Communication Technology.Net, DCOM, TCP/IPIndustrial Protocols - CIP Hardware and Software solutions, e.g. CIP Motion, PTP Period 10 ms to 1000 ms1 ms to 100 ms100 µs to 10 ms Industries Oil & gas, chemicals, energy, water Auto, food & beverage, semiconductor, metals, pharmaceutical Subset of discrete automation Applications Pumps, compressors, mixers, instrumentation Material handling, filling, labeling, palletizing, packaging Printing presses, wire drawing, web making, pick & place

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Segmentation Network Technology Convergence 12 Structured and Hardened IACS Network Infrastructure Flat and Open IACS Network Infrastructure Flat and Open IACS Network Infrastructure

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Structure and Hierarchy CPwE - Logical Model 13 Logical Model Industrial Automation and Control System (IACS) Converged Multi-discipline Industrial Network

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Why Rockwell Automation Network and Security Services (NSS) Differentiation  Converged skill set of operational technology (OT) and information technology (IT)  Experience across industrial control applications and networks  Breadth of industry standard committee (ISA, NIST, INL, DHS…) participation  Ability to address security risks without sacrificing productivity  Full life cycle service offering with global delivery capability Because Infrastructure Matters… For plant personnel, who need secure industrial infrastructure, NSS is a team of industrial automation and IT experts that assess, implement and support plant-wide network infrastructure. Unlike large IT vendors and resellers, we offer a comprehensive and tailored solution that balances both IT requirements and production goals of your company. Network & Security Services

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Partner Relationships Strategic Alliances and Technologies Global systems technology integrator (STI) and service sub contract Global service sub contract and contract manufacturing agreement Global solution provider Global solution provider and OEM agreement Global reseller agreement Key technology partner of team tools 15 Several Security Service Relationships and Regional Partners

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 16 Network & Security Services: Life Cycle Approach to Services and Solutions ASSESS DESIGN IMPLEMENT VALIDATE MANAGE

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Assessment Service Assessment Process: – On site customer collaboration – Assess all layers of OSI model Physical layer Logical layer Application layer – Defense in Depth security evaluation – Assess against industry and company standards – Deliverables Detailed report of findings Prioritized critical issues Remediation's/suggestions Standard: on site observational and interview based Comprehensive: on site technically determined via tools

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 18 Example Deliverable

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 19 Drilling Technology Company Multi-phased project to assess availability and security issues and standardize and replicate network architectures with segregation RESULTS Simplified technology migration. Decreased labor and service call costs due to implementation of Secure Remote Access capability. Ability to identify and track user access and activities. Centralized service to distribute virus signatures. Evolution of collaborative team to quickly and productively resolve emerging challenges and issues. Multiple manufacturing and production facilities with different network architectures and platforms. No standardization for device lifecycle refresh or asset management. Network availability issues. Concerns regarding recent industry security breaches. Land and sea-based facilities. Lack of secure access capability to permit external communications to the production networks by employees and vendors. Absence of current physical and logical network drawings. CHALLENGES SOLUTION Document and categorize all assets in all facilities and document the “As-Is”. Identify stakeholders and operations personnel from IT and production critical to project success and obtain buy- in. Perform security and network assessments to establish baselines. Develop and deploy a proof of concept “To-Be” security architecture inclusive of a DMZ, Secure Remote Access Capability and centralized virus signature endpoint solution. Roll-out proof of concept as a Full Operating Capability.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Design Service  Network Design Deliverable Package  Functional Requirements  Bill of Material  Cable Selection  Physical Hardware Connectivity  Access and Distribution Layer Topology  Physical Layer Drawings  VLANs  Addressing schema  Switch and Network Configuration  Redundancy  Remote Access  Security Standard: logical and physical conceptual design Comprehensive: detailed logical, physical with ports and protocols design

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 21 Leading Industrial Minerals Producer Provide comprehensive design of the manufacturing network inclusive of a security DMZ to isolate the enterprise and production networks RESULTS Ability to identify and resolve incidents and anomalies while limiting downtime issues. Extensible architecture allows for future expansion. Improved production efficiency. Documented policies and procedures for operators and administrators with privileged access rights. Remote location. Limited skilled labor force. Highly available architecture required to maintain production. HMI systems cannot interfere with real time I/O subsystems. CHALLENGES SOLUTION Separate business networks from production networks to minimize business network anomalies from the production network. Maximum hardware separation between Automation Information systems (i.e., HMI computer servers) to minimize risks to devices that are more likely to be targeted and susceptible to security vulnerabilities from the Real Time Processors and I/O subsystems.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Security Services Applying Defense in Depth to Industrial Control Systems  No single product, technology or methodology can fully secure Industrial Control System (ICS) applications  Protecting assets requires a defense-in-depth security approach to address internal and external security threats  Rockwell partners & collaborates with market leading experts to deliver comprehensive solutions for our customers

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 23 Network Security Service Offerings Converged Plant-wide Ethernet (CPwE) Reference Architectures  Structured and Hardened IACS Network Infrastructure  Industrial security policy  Pervasive security, not a bolt-on component  Security framework utilizing defense-in-depth approach  Industrial DMZ implementation  Remote partner access policy, with robust & secure implementation  Structured and Hardened IACS Network Infrastructure  Industrial security policy  Pervasive security, not a bolt-on component  Security framework utilizing defense-in-depth approach  Industrial DMZ implementation  Remote partner access policy, with robust & secure implementation Enterprise WAN Catalyst 3750 StackWise Switch Stack Firewall (Active) Firewall (Standby) MCC HMI Industrial Demilitarized Zone (IDMZ) Enterprise Zone Levels 4-5 Cisco ASA 5500 Controllers, I/O, Drives Catalyst 6500/4500 Soft Starter I/O Physical or Virtualized Servers Patch Management Remote Gateway Services Application Mirror AV Server Network Device Resiliency VLANs Standard DMZ Design Best Practices Network Infrastructure Access Control and Hardening Physical Port Security Level 0 - Process Level 1 - Controller Plant Firewall:  Inter-zone traffic segmentation Inter-zone traffic segmentation  ACLs, IPS and IDS ACLs, IPS and IDS  VPN Services VPN Services  Portal and Terminal Server proxy Portal and Terminal Server proxy VLANs, Segmenting Domains of Trust AAA - Application Authentication Server, Active Directory (AD), Remote Access Server Client Hardening Level 3 – Site Operations Controller Network Status and Monitoring Drive Level 2 – Area Supervisory Control Controller Hardening, Physical Security FactoryTalk Client Unified Threat Management (UTM) Controller Hardening, Encrypted Communications Controller AAA - Network

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 24 Additional Material Rockwell Automation  Networks Website:  EtherNet/IP Website: Communications/Ethernet-IP-Networkhttp://ab.rockwellautomation.com/Networks-and- Communications/Ethernet-IP-Network  Network and Security Services Website:    KnowledgeBase Security Table of Contents KnowledgeBase Security Table of Contents  TCP/UDP Ports used by Rockwell Automation products TCP/UDP Ports used by Rockwell Automation products  Network and Security Services Brochure Network and Security Services Brochure  Whitepapers  Patch Management and Computer System Security Updates Patch Management and Computer System Security Updates  Scalable Secure Remote Access Solutions for OEMs Scalable Secure Remote Access Solutions for OEMs

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 25 Additional Material  Education Series Webcasts  What every IT professional should know about Plant-Floor Networking  What every Plant-Floor Engineer should know about working with IT  Industrial Ethernet: Introduction to Resiliency  Fundamentals of Secure Remote Access for Plant-Floor Applications and Data  Securing Architectures and Applications for Network Convergence  IT-Ready EtherNet/IP Solutions  Available Online  /products-technologies/network-technology/architectures.page? /products-technologies/network-technology/architectures.page?

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 26 Additional Material  Websites  Reference Architectures Reference Architectures  Design Guides  Converged Plant-wide Ethernet (CPwE) Converged Plant-wide Ethernet (CPwE)  Application Guides  Fiber Optic Infrastructure Application Guide Fiber Optic Infrastructure Application Guide  Education Series Webcasts Education Series Webcasts  Whitepapers  Top 10 Recommendations for Plant-wide EtherNet/IP Deployments Top 10 Recommendations for Plant-wide EtherNet/IP Deployments  Securing Manufacturing Computer and Controller Assets Securing Manufacturing Computer and Controller Assets  Production Software within Manufacturing Reference Architectures Production Software within Manufacturing Reference Architectures  Achieving Secure Remote Access to plant-floor Applications and Data Achieving Secure Remote Access to plant-floor Applications and Data  Design Considerations for Securing Industrial Automation and Control System Networks - ENET-WP031A-EN-E Design Considerations for Securing Industrial Automation and Control System Networks - ENET-WP031A-EN-E

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn. Rev 5058-CO900F PUBLIC INFORMATION

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.