Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security for Meteorological Measuring Networks

Published byOrtensia Poggi Modified over 5 years ago

Similar presentations

Presentation on theme: "IT Security for Meteorological Measuring Networks"— Presentation transcript:

1 IT Security for Meteorological Measuring Networks
Dipl.-Ing. Gerhard Pevny Logotronic GmbH Vienna, Austria Mag. Roland Potzmann ZAMG - Zentralanstalt für Meteorologie und Geodynamik Vienna, Austria I

2 Overview Motivation for the project Basic technical requirements
Basics of IT-Security TAWES technical solution Conclusion and actual state of the project I

3 Motivation for the Project
TAWES - The Austrian public meteorological measuring network operated by ZAMG Since 2005 about 300 AWS In the beginning data transfer via modem over telephone lines (TUS), GSM In the last years change to Internet technologies on all levels (communication, datalogger, video cameras, ...) Increasing risk of hacker attacks I

4 Motivation for the Project
Project targets Best possible IT security for AWS, central servers and maintenance workplaces Prepared for the Internet of Things - IoT Long system lifetime although using latest technological standards Independence of propriatory security solutions offered by service providers Update of the existing, well working measuring network, no complete replacement I

5 LAN at Measuring Station Level - TAWES V2.0
Network Center ZAMG Vienna LAN at Station Level TAWES Network LAN at Station Level LAN at Station Level I

6 Basic Technical Requirements
Application of only well proven Internet standards No propriatory software nor propriatory protocols on network level Long system lifetime by using well established open source software and standard hardware from the shelf, for the network components, no „black boxes“ in the system Modular extension of the existing TAWES stations. Should be applicable also for other station-types. I

7 Basics of IT-Security The technical solution has to guarantee all of the following 4 IT-security requirements: Authenticy -> You can be shure, that you communicate with the right partner Confidentiality -> Only you can see yor data Data integrity -> What´s sent is also received Protection against malware I

8 TAWES V2.0 AWS Structure wireless GPRS Modem Datalogger LAN, ADSL
Sensor 1 Sensor Datalogger GPRS Modem wireless Sensor 2 LAN, ADSL Sensor Bus TUS Sensor n Original TAWES Station Layout I

9 TAWES V2.0 AWS Structure Datalogger SAT Sensor Bus Internet Gateway
^ Sensor 1 Sensor Datalogger SAT Sensor 2 Sensor Bus Internet Gateway Datalogger Wireless IP Camera LAN, ADSL Sensor n IP Sensors (IoT) TAWES V2.0 - Ethernet LAN at Station Level I

10 Technical Solution TAWES V2.0

11 Tunnels through Internet
VPN Tools for creating tunnels: IPsec (Internet Protocol Security) Old Internet standard, works on Internet Layer -> completely transparent for applications perfect for point to point applications OpenVPN Open-source application perfect for remote-access applications I

12 IPsec - OpenVPN Both systems are applied in TAWES V2.0
IPsec Routine data transfer - point to point - AWS to server OpenVPN Maintenance network - remote access to all network modules Logically completely separated VPNs I

13 Authentication Authentification by digital certificates (X.509 standard) = ID-cards for all network members Advantages: One certificate per user Central administration of certificates by TAWES CA (Certification Authority) Easy installation of certificates at AWS and maintenance PCs Flexibility: Certificates with limited validity period, TAWES certificate revocation list I

14 Confidentiality, Data Integrity, Malware
Both IPsec and OpenVPN offer highest security level by flexible and scalable encription methodes Same security level as for i.e. money transfers Tunnelling offers the possibility to close stations and servers completely against all access from outside the TAWES network by simple firewall rules. Only data traffic inside tunnels is allowed. I

15 Additional Benefits Additional benefits coming with nearly no additional effort by using this technology: AWS are establishing the VPN --> two-way communication without fixed station IP-addresses, the VPN, not the network provider is creating fixed addresses Hierachical TAWES NTP-time synchronization TAWES DNS server, access to AWS by symbolic station name (url) Easy integration of satellite services (Internet via Sat) Actually in test operation: Inmarsat, Thuraya, Eutelsat TooWay Complete network communication monitoring by use of „Packet Capture“ functionality on all system levels. I

16 Conclusion, actual State of Project
Laboratory tests ongoing since some months Field test operation just starting with a small number of AWS, but with complete network functionality including sat- and video- systems. Field test planned for about 6 months. Field-Testbox I

Download ppt "IT Security for Meteorological Measuring Networks"

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
NETWORK SECURITY.

NETWORK SECURITY.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Presentation by Future Trends & Applications for Remote Surveillance.

Presentation by Future Trends & Applications for Remote Surveillance.
Firewall Slides by John Rouda

Firewall Slides by John Rouda
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network

Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
 2013, Infotecs ViPNet Technology Advantages.  2013, Infotecs GmbH In today’s market, along with the ViPNet technology, there are many other technologies.

 2013, Infotecs ViPNet Technology Advantages.  2013, Infotecs GmbH In today’s market, along with the ViPNet technology, there are many other technologies.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.

Similar presentations

Ads by Google