CONTROL SYSTEMS + AUTOMATION
Tim Craven joined H3iSquared in 2008 in a technical
support role, and has been with the company since then,
providing technical support, network auditing and train-
ing to leaders in the industrial, utility and ITS industries.
Enquiries: Tel. 011 454 6025 or email info@h3isquared.
com.
allowed into the device, the system will not only inform them of
this, but can also be set to send an informing the administrator of
the unauthorised access attempt. With networks and the corpora-
tions using them becoming much larger (which translates into more
management required, both for users and devices), these systems
can be invaluable and save both time and money, as well as greatly
increasing the security and the reaction time to a required change in
security (eg if a user is fired from the company, their password can
simply be revoked on the main system server, rather than having to
change the password of every end device.
Finally, an often overlooked or underestimated form of security is
having the correct practices and procedures in play. Allowing users
to only access devices that are relevant to them, and having them log
each access for instance. Limiting configuration of networking devices
to only those for whom it is relevant is another example. Another
policy that is critical yet often overlooked is how external storage
devices are treated. Plugging a USB directly into a control network
server could potentially infect the entire network if a virus exists on
that USB. Any form of external storage should either be completely
banned from being connected to the critical portion of the network,
or if they have to be used occasionally a virus scanning server should
be kept separate from the main network to allow checking of these
storage devices. If using an anti-virus/anti-malware package it is
important to allow this device to have internet access and to update
its relevant databases frequently.
Conclusion
When planning for or designing a modern mission critical network
there are many points that must be considered. Ethernet is a complex
technology, and while this complexity brings a lot of control and au-
tomation to the systems, is can also lead to an inefficient, unreliable
and unsecured network if not planned, designed and implemented
correctly. Time and effort should be put into the planning stage so
as to cater for all current and future requirements of the application.
Monitoring the network correctly is essential, otherwise all the redun-
dancy planning and implementation will become useless over time.
Security is another key point that must always be kept in mind, espe-
cially in application where the protected/secure network connects to
an unsecured network such as the internet. Security should always
be approached from the point of ‘deny all communications, and then
allowwhat is required for network operation only’. When designing a
network it is essential to have someone with in depth knowledge of
Ethernet and IP involved, and if someone from your company is not
available the best option is to work with a third party company to help
plan and design the network for reliable, secure and timely operation.
take note
• Plan, plan, plan!
• Ethernet offers many advantages, but, like all systems,
the planning and design stages are crucial.
• Security must be designed into the system.
9
July ‘14
Electricity+Control
