Ten Rules Industrial Ethernet
Page 1
The Ten Rules of Industrial Ethernet
I. Thou shalt place high priority on security, for hackers lurketh, thieves stealeth and employees bungleth A Wi-Fi-enabled computer can connect to multiple networks at the same time. Your employees can give a hacker a pathway into your internal network simply by powering up a laptop. Imagine the mess an eco-terrorist could make if he didn’t like the look of your smokestack. Even your well-intentioned employees can bring a network down, simply by blundering around in areas they shouldn’t. Don’t take chances with network security. Most wireless systems employ industry-standard WEP (Wired Equivalent Privacy). A hacker can get around it within a few hours. Look into more powerful standards like Extensible Authentication Protocol and Tunneled Extensible Authentication Protocol. Never assume that your industrial Ethernet products have built-in security features. At the very least, you should use inspection-type firewalls (such as packet filters) to control any access that is based on IP source address, destination address, and port number. Don’t just talk about changing your passwords a regular basis. Do it. And don’t make them easy to guess. Consumer plug and play devices can flood your network with traffic in a "broadcast storm" as they try to selfconfigure or advertise their presence to every other node on the network. Faulty devices can vomit zillions of “runts”, or abnormally short Ethernet frames. Using switches instead of hubs will take care of those problems. Duplicate IP addresses can deactivate devices that otherwise appear to be perfectly functional. II. Thou shalt document thine installation, so that even Homer Simpson mayest discern the system whither thou goest; for to write the IP address on your hand or your forehead shall not be deemed sufficient Document your installation. When devices need to be replaced it needs to happen quickly. Things you need to know and document for every device: - Replacement
The Ten Rules of Industrial Ethernet
I. Thou shalt place high priority on security, for hackers lurketh, thieves stealeth and employees bungleth A Wi-Fi-enabled computer can connect to multiple networks at the same time. Your employees can give a hacker a pathway into your internal network simply by powering up a laptop. Imagine the mess an eco-terrorist could make if he didn’t like the look of your smokestack. Even your well-intentioned employees can bring a network down, simply by blundering around in areas they shouldn’t. Don’t take chances with network security. Most wireless systems employ industry-standard WEP (Wired Equivalent Privacy). A hacker can get around it within a few hours. Look into more powerful standards like Extensible Authentication Protocol and Tunneled Extensible Authentication Protocol. Never assume that your industrial Ethernet products have built-in security features. At the very least, you should use inspection-type firewalls (such as packet filters) to control any access that is based on IP source address, destination address, and port number. Don’t just talk about changing your passwords a regular basis. Do it. And don’t make them easy to guess. Consumer plug and play devices can flood your network with traffic in a "broadcast storm" as they try to selfconfigure or advertise their presence to every other node on the network. Faulty devices can vomit zillions of “runts”, or abnormally short Ethernet frames. Using switches instead of hubs will take care of those problems. Duplicate IP addresses can deactivate devices that otherwise appear to be perfectly functional. II. Thou shalt document thine installation, so that even Homer Simpson mayest discern the system whither thou goest; for to write the IP address on your hand or your forehead shall not be deemed sufficient Document your installation. When devices need to be replaced it needs to happen quickly. Things you need to know and document for every device: - Replacement