Terri Lahey Control System Cyber-Security Workshop October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple.

Slides:



Advertisements
Similar presentations
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Advertisements

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
How topology decisions affect speed/availability/security/cost/etc. Network Topology.
ITE PC v4.0 Chapter 1 1 Operating Systems Computer Networks– 2.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Chapter 12 Network Security.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey.
Basic Networking Components
Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.
Networking Components
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Common Devices Used In Computer Networks
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.
1 Prepared by: Les Cottrell SLAC, for SLAC Network & Telecommunications groups Presented to Kimberley Clarke March 8 th 2011 SLAC’s Networks.
Module 4: Planning, Optimizing, and Troubleshooting DHCP
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.
1/28/2010 Network Plus Unit 4 WAP Configuration WAP Configuration In this section we will discuss basic Wireless Access configuration using a Linksys.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Networking Components
Networking Components Daniel Rosser LTEC Network Hub It is very difficult to find Hubs anymore Hubs sends data from one computer to all other computers.
Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.
Components of wireless LAN & Its connection to the Internet
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Network Components Basics!. Network HUB  Used to connect multiple Ethernet devices together  Layer 1 of the OSI model  Not used much today.
1 Syllabus at a glance – CMCN 6103 Introduction Introduction to Networking Network Fundamentals Number Systems Ethernet IP Addressing Subnetting ARP DNS.
Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,
Networking Components
R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
Critical Security Controls
CONNECTING TO THE INTERNET
Securing the Network Perimeter with ISA 2004
Network Management Checking Performance + Traffic & Configuration
Introducing To Networking
Security of a Local Area Network
Networking for Home and Small Businesses – Chapter 2
My 7-Point Plan for Windows Security
Virtual LAN VLAN Trunking Protocol and Inter-VLAN Routing
Networking for Home and Small Businesses – Chapter 2
Network hardening Chapter 14.
Global One Communications
IP Addresses & Ports IP Addresses – identify a device on a network
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple disciplines: Photon Science, Astrophysics, HEP Controls for LCLS, PEP, ILC EPICS and Legacy SLC Controls Use Central and Local Resources Design with Security in mind Implement security practices throughout project

Terri Lahey Control System Cyber-Security Workshop October 14, Centralized Resources: Security Central Security Team at SLAC Experts in security issues Interface with DOE Track issues Report to DOE Understands DOE-cyber procedures, which change Coordinate Security Reviews Help us implement and maintain secure control system remove clear text passwords (ftp,xdm) Block windows ports Tunnel into SLAC Coordination of site so other SLAC programs don’t impact us.

Terri Lahey Control System Cyber-Security Workshop October 14, Centralized Resources: Networks Central Management of SLAC Networks and Firewalls improves security Network address space defined by central network team Central management of switches & routers Central Physical Layer support Central and local Response to problems Controls network managers work with Central Network to meet our needs

Terri Lahey Control System Cyber-Security Workshop October 14, Design with Security in mind Isolate Control System networks control access to accelerator Some accelerator components require insecure protocols for control equipment, eg. Telnetd, and would be hard to run on main networks Keep non-control traffic off accelerator networks and vice versa Use configuration profiles when creating servers Standard implementation reduces chance for security problem (and potential operational problems) Use Good Account practices Individual accounts for individuals; disable and delete Common accounts locked down in control rooms for 24x7 operations Many more…

Terri Lahey Control System Cyber-Security Workshop October 14, Security Practices Upgrade/patch servers according to accelerator schedule Channel Access security by user Scan networks for security issues: Daily scheduled quarterly/downtime scan node on demand wireless on visitornet outside SLAC networks IFZ – IP range on every subnet disconnect point – test and user buyin if using Central Services Special laptops for accelerator physical connection & wireless

Terri Lahey Control System Cyber-Security Workshop October 14, Security Practices (2) Network management Register and track network nodes Enter control devices in DNS, with fixed IP addresses DHCP static addresses Router block unregistered nodes Track where nodes have been connected Upgrade: Enhance current network monitoring by integrating with EPICS

Terri Lahey Control System Cyber-Security Workshop October 14, Central Experts for Services Central experts for services that require a lot of attention to security web servers application servers Central Services Account Management Desktop management (build & patching)

Terri Lahey Control System Cyber-Security Workshop October 14, Conclusion Security of the worst node can cause problems for all – real or perceived Implement secure computers, networks and practices using local experts that work with central experts. Build secure architecture - know what is happening on your systems/network Create good procedures, and revise as needed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.