Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development.

Published byJasmine Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development."— Presentation transcript:

1 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development Leader, Network and Security Services

2 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Strategic Assessment

3 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION COMMON SECURE NETWORK INFRASTRUCTURE OT IT... Standards, Academia, Industry Initiatives Collaboration Is Key To Realizing The Connected Enterprise 3 Convergence

4 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 4 The Connected Enterprise EXECUTION MODEL Analytics Secure, Upgrade Working Data Capital Optimize & Collaborate Assessment

5 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Stage 1: Assessment 5 Evaluates all facets of the OT/IT Network  Information infrastructure (hardware and software)  Controls and devices (sensors, actuators, motor controls, switches, etc.)  Networks that move all of this information  Security policies (understanding, organization, enforcement)

6 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Customer Testimonials 6

7 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 7 Physical Media  Extremely critical to have a sound cable installation  70% of all issues are physical media-related Network Design  Extremely critical to have a well thought out network design Does this look familiar?

8 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 8 Does your “Design” look like this?

9 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 9 Proper design and installation is critical for maintaining, managing, troubleshooting. What your installation should look like

10 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 10 Networking Design Considerations Network Technology Convergence  Recommendations and guidance to help reduce Latency and Jitter, to help increase data Availability, Integrity and Confidentiality, and to help design and deploy a Scalable, Robust, Secure and Future-Ready EtherNet/IP network infrastructure  Single Industrial Network Technology  Robust Physical Layer  Segmentation  Resiliency Protocols and Redundant Topologies  Time Synchronization  Prioritization - Quality of Service (QoS)  Multicast Management  Convergence-Ready Solutions  Security - Defense-in-Depth  Scalable Secure Remote Access

11 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Application Requirements Network Technology Convergence - Performance 11 Source: ARC Advisory Group  What is real-time?  Application dependent ….. only you can define what this means for your application. Function Information Integration, Slower Process Automation Time-critical Discrete Automation Motion Control Communication Technology.Net, DCOM, TCP/IPIndustrial Protocols - CIP Hardware and Software solutions, e.g. CIP Motion, PTP Period 10 ms to 1000 ms1 ms to 100 ms100 µs to 10 ms Industries Oil & gas, chemicals, energy, water Auto, food & beverage, semiconductor, metals, pharmaceutical Subset of discrete automation Applications Pumps, compressors, mixers, instrumentation Material handling, filling, labeling, palletizing, packaging Printing presses, wire drawing, web making, pick & place

12 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Segmentation Network Technology Convergence 12 Structured and Hardened IACS Network Infrastructure Flat and Open IACS Network Infrastructure Flat and Open IACS Network Infrastructure

13 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Structure and Hierarchy CPwE - Logical Model 13 Logical Model Industrial Automation and Control System (IACS) Converged Multi-discipline Industrial Network

14 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Why Rockwell Automation Network and Security Services (NSS) Differentiation  Converged skill set of operational technology (OT) and information technology (IT)  Experience across industrial control applications and networks  Breadth of industry standard committee (ISA, NIST, INL, DHS…) participation  Ability to address security risks without sacrificing productivity  Full life cycle service offering with global delivery capability Because Infrastructure Matters… For plant personnel, who need secure industrial infrastructure, NSS is a team of industrial automation and IT experts that assess, implement and support plant-wide network infrastructure. Unlike large IT vendors and resellers, we offer a comprehensive and tailored solution that balances both IT requirements and production goals of your company. Network & Security Services

15 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Partner Relationships Strategic Alliances and Technologies Global systems technology integrator (STI) and service sub contract Global service sub contract and contract manufacturing agreement Global solution provider Global solution provider and OEM agreement Global reseller agreement Key technology partner of team tools 15 Several Security Service Relationships and Regional Partners

16 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 16 Network & Security Services: Life Cycle Approach to Services and Solutions ASSESS DESIGN IMPLEMENT VALIDATE MANAGE

17 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Assessment Service Assessment Process: – On site customer collaboration – Assess all layers of OSI model Physical layer Logical layer Application layer – Defense in Depth security evaluation – Assess against industry and company standards – Deliverables Detailed report of findings Prioritized critical issues Remediation's/suggestions Standard: on site observational and interview based Comprehensive: on site technically determined via tools

18 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 18 Example Deliverable

19 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 19 Drilling Technology Company Multi-phased project to assess availability and security issues and standardize and replicate network architectures with segregation RESULTS Simplified technology migration. Decreased labor and service call costs due to implementation of Secure Remote Access capability. Ability to identify and track user access and activities. Centralized service to distribute virus signatures. Evolution of collaborative team to quickly and productively resolve emerging challenges and issues. Multiple manufacturing and production facilities with different network architectures and platforms. No standardization for device lifecycle refresh or asset management. Network availability issues. Concerns regarding recent industry security breaches. Land and sea-based facilities. Lack of secure access capability to permit external communications to the production networks by employees and vendors. Absence of current physical and logical network drawings. CHALLENGES SOLUTION Document and categorize all assets in all facilities and document the “As-Is”. Identify stakeholders and operations personnel from IT and production critical to project success and obtain buy- in. Perform security and network assessments to establish baselines. Develop and deploy a proof of concept “To-Be” security architecture inclusive of a DMZ, Secure Remote Access Capability and centralized virus signature endpoint solution. Roll-out proof of concept as a Full Operating Capability.

20 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Design Service  Network Design Deliverable Package  Functional Requirements  Bill of Material  Cable Selection  Physical Hardware Connectivity  Access and Distribution Layer Topology  Physical Layer Drawings  VLANs  Addressing schema  Switch and Network Configuration  Redundancy  Remote Access  Security Standard: logical and physical conceptual design Comprehensive: detailed logical, physical with ports and protocols design

21 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 21 Leading Industrial Minerals Producer Provide comprehensive design of the manufacturing network inclusive of a security DMZ to isolate the enterprise and production networks RESULTS Ability to identify and resolve incidents and anomalies while limiting downtime issues. Extensible architecture allows for future expansion. Improved production efficiency. Documented policies and procedures for operators and administrators with privileged access rights. Remote location. Limited skilled labor force. Highly available architecture required to maintain production. HMI systems cannot interfere with real time I/O subsystems. CHALLENGES SOLUTION Separate business networks from production networks to minimize business network anomalies from the production network. Maximum hardware separation between Automation Information systems (i.e., HMI computer servers) to minimize risks to devices that are more likely to be targeted and susceptible to security vulnerabilities from the Real Time Processors and I/O subsystems.

22 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Security Services Applying Defense in Depth to Industrial Control Systems  No single product, technology or methodology can fully secure Industrial Control System (ICS) applications  Protecting assets requires a defense-in-depth security approach to address internal and external security threats  Rockwell partners & collaborates with market leading experts to deliver comprehensive solutions for our customers

23 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 23 Network Security Service Offerings Converged Plant-wide Ethernet (CPwE) Reference Architectures  Structured and Hardened IACS Network Infrastructure  Industrial security policy  Pervasive security, not a bolt-on component  Security framework utilizing defense-in-depth approach  Industrial DMZ implementation  Remote partner access policy, with robust & secure implementation  Structured and Hardened IACS Network Infrastructure  Industrial security policy  Pervasive security, not a bolt-on component  Security framework utilizing defense-in-depth approach  Industrial DMZ implementation  Remote partner access policy, with robust & secure implementation Enterprise WAN Catalyst 3750 StackWise Switch Stack Firewall (Active) Firewall (Standby) MCC HMI Industrial Demilitarized Zone (IDMZ) Enterprise Zone Levels 4-5 Cisco ASA 5500 Controllers, I/O, Drives Catalyst 6500/4500 Soft Starter I/O Physical or Virtualized Servers Patch Management Remote Gateway Services Application Mirror AV Server Network Device Resiliency VLANs Standard DMZ Design Best Practices Network Infrastructure Access Control and Hardening Physical Port Security Level 0 - Process Level 1 - Controller Plant Firewall:  Inter-zone traffic segmentation Inter-zone traffic segmentation  ACLs, IPS and IDS ACLs, IPS and IDS  VPN Services VPN Services  Portal and Terminal Server proxy Portal and Terminal Server proxy VLANs, Segmenting Domains of Trust AAA - Application Authentication Server, Active Directory (AD), Remote Access Server Client Hardening Level 3 – Site Operations Controller Network Status and Monitoring Drive Level 2 – Area Supervisory Control Controller Hardening, Physical Security FactoryTalk Client Unified Threat Management (UTM) Controller Hardening, Encrypted Communications Controller AAA - Network

24 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 24 Additional Material Rockwell Automation  Networks Website: http://www.ab.com/networks/http://www.ab.com/networks/  EtherNet/IP Website: http://ab.rockwellautomation.com/Networks-and- Communications/Ethernet-IP-Networkhttp://ab.rockwellautomation.com/Networks-and- Communications/Ethernet-IP-Network  Network and Security Services Website:  http://www.rockwellautomation.com/services/networks/ http://www.rockwellautomation.com/services/networks/  http://www.rockwellautomation.com/services/security/ http://www.rockwellautomation.com/services/security/  KnowledgeBase Security Table of Contents KnowledgeBase Security Table of Contents  TCP/UDP Ports used by Rockwell Automation products TCP/UDP Ports used by Rockwell Automation products  Network and Security Services Brochure Network and Security Services Brochure  Whitepapers  Patch Management and Computer System Security Updates Patch Management and Computer System Security Updates  Scalable Secure Remote Access Solutions for OEMs Scalable Secure Remote Access Solutions for OEMs

25 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 25 Additional Material  Education Series Webcasts  What every IT professional should know about Plant-Floor Networking  What every Plant-Floor Engineer should know about working with IT  Industrial Ethernet: Introduction to Resiliency  Fundamentals of Secure Remote Access for Plant-Floor Applications and Data  Securing Architectures and Applications for Network Convergence  IT-Ready EtherNet/IP Solutions  Available Online  http://www.rockwellautomation.com/rockwellautomation /products-technologies/network-technology/architectures.page? http://www.rockwellautomation.com/rockwellautomation /products-technologies/network-technology/architectures.page?

26 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION 26 Additional Material  Websites  Reference Architectures Reference Architectures  Design Guides  Converged Plant-wide Ethernet (CPwE) Converged Plant-wide Ethernet (CPwE)  Application Guides  Fiber Optic Infrastructure Application Guide Fiber Optic Infrastructure Application Guide  Education Series Webcasts Education Series Webcasts  Whitepapers  Top 10 Recommendations for Plant-wide EtherNet/IP Deployments Top 10 Recommendations for Plant-wide EtherNet/IP Deployments  Securing Manufacturing Computer and Controller Assets Securing Manufacturing Computer and Controller Assets  Production Software within Manufacturing Reference Architectures Production Software within Manufacturing Reference Architectures  Achieving Secure Remote Access to plant-floor Applications and Data Achieving Secure Remote Access to plant-floor Applications and Data  Design Considerations for Securing Industrial Automation and Control System Networks - ENET-WP031A-EN-E Design Considerations for Securing Industrial Automation and Control System Networks - ENET-WP031A-EN-E

27 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rockwellautomation.com Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn. Rev 5058-CO900F PUBLIC INFORMATION

Download ppt "Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E PUBLIC INFORMATION T3 - Network Assessment James Taylor, Business Development."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Network Systems Sales LLC

Network Systems Sales LLC
Introducing Campus Networks

Introducing Campus Networks
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical.

© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Clinic Security and Policy Enforcement in Windows Server 2008.

Clinic Security and Policy Enforcement in Windows Server 2008.
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Jeffrey A. Shearer, PMP Principal Security Consultant Network and Security.

© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Jeffrey A. Shearer, PMP Principal Security Consultant Network and Security.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google