Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accelerator Network Safety at PSI

Published bySharleen Wade Modified over 6 years ago

Similar presentations

Presentation on theme: "Accelerator Network Safety at PSI"— Presentation transcript:

1 Accelerator Network Safety at PSI
Dirk Zimoch :: Controls Section :: Paul Scherrer Institut Accelerator Network Safety at PSI 6th Control System Cyber-Security Workshop at ICALEPCS 2017

2 Example: SLS External users at beamlines bring their own devices
misconfigured ? malfunctioning ? compromised ? Need access to their home institutes, mail, web, … Protect accelerator and beamlines from each other and from outside world Confine problems Where needed give controlled access

3 Network layout Beamline Network Beamline Network Beamline Network
Wireless Guest Network Goals Allow users their own equipment Allow access to outside Confine problems inside beamline Protect networks from outside Beamline Network Beamline Network Beamline Network Accelerator Network ssh http dhcp General PSI Network Separate firewalled networks No access into beamline or accelerator …except through defined channels

4 EPICS access Beamline Network Beamline Network Beamline Network
Beamline Channel Access Gateways Connect beamlines with accelerator Dual network interfaces Beamline writable from accelerator Accelerator not writable from beamline (except for selected channels) EPICS access Goals Allow safe channel Access between beamlines and from office Read-only access … except for selected channels Beamline Network Beamline Network r/o Beamline Network CA Gateway CA Gateway Accelerator Network r/o CA Gateway CA Gateway General PSI Network Accelerator Channel Access Gateway Read-only access from office Uses non-standard port through firewall r/o

5 Access Configuration Host
Remote Login Goal Allow controlled login from outside Access Configuration Host Single host with write access to user list drive Only operators can log in Operator tool modifies user list Shift Calendar Cron job checks shift calendar and clears or fills user list network drive user2 user1 Registered user list Approved user list Accelerator Network ssh Gateway sshd checks user against list Firewall blocks login Except from ssh gateway During operation Operators can control access Begin of shutdown Any registered user can log in End of shutdown No user can log in General PSI Network

Download ppt "Accelerator Network Safety at PSI"

Similar presentations

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Chapter 9: Troubleshooting and Repairing Networking.

Chapter 9: Troubleshooting and Repairing Networking.
Implementing a Secure Console Server The Cyclades Project Co-Op Summer 2003 by Robert Perriero.

Implementing a Secure Console Server The Cyclades Project Co-Op Summer 2003 by Robert Perriero.
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.

Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
DVG-N5402SP.

DVG-N5402SP.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.

Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.
Wireless Networks and the NetSentron By: Darren Critchley.

Wireless Networks and the NetSentron By: Darren Critchley.
Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway.

Dirk Zimoch, Pikett Training Channel Access Gateway.
Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.

Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.
ICT development office ICT research, planning and training dept. Network development and administration dept. System development and operation dept. President.

ICT development office ICT research, planning and training dept. Network development and administration dept. System development and operation dept. President.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.

Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

Similar presentations

Ads by Google