Presentation is loading. Please wait.

Presentation is loading. Please wait.

Terri Lahey Control System Cyber-Security Workshop October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple.

Published byElisabeth Page Modified over 9 years ago

Similar presentations

Presentation on theme: "Terri Lahey Control System Cyber-Security Workshop October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple."— Presentation transcript:

1 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple disciplines: Photon Science, Astrophysics, HEP Controls for LCLS, PEP, ILC EPICS and Legacy SLC Controls Use Central and Local Resources Design with Security in mind Implement security practices throughout project

2 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 2 Centralized Resources: Security Central Security Team at SLAC Experts in security issues Interface with DOE Track issues Report to DOE Understands DOE-cyber procedures, which change Coordinate Security Reviews Help us implement and maintain secure control system remove clear text passwords (ftp,xdm) Block windows ports Tunnel into SLAC Coordination of site so other SLAC programs don’t impact us.

3 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 3 Centralized Resources: Networks Central Management of SLAC Networks and Firewalls improves security Network address space defined by central network team Central management of switches & routers Central Physical Layer support Central and local Response to problems Controls network managers work with Central Network to meet our needs

4 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 4 Design with Security in mind Isolate Control System networks control access to accelerator Some accelerator components require insecure protocols for control equipment, eg. Telnetd, and would be hard to run on main networks Keep non-control traffic off accelerator networks and vice versa Use configuration profiles when creating servers Standard implementation reduces chance for security problem (and potential operational problems) Use Good Account practices Individual accounts for individuals; disable and delete Common accounts locked down in control rooms for 24x7 operations Many more…

5 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 5 Security Practices Upgrade/patch servers according to accelerator schedule Channel Access security by user Scan networks for security issues: Daily scheduled quarterly/downtime scan node on demand wireless on visitornet outside SLAC networks IFZ – IP range on every subnet disconnect point – test and user buyin if using Central Services Special laptops for accelerator physical connection & wireless

6 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 6 Security Practices (2) Network management Register and track network nodes Enter control devices in DNS, with fixed IP addresses DHCP static addresses Router block unregistered nodes Track where nodes have been connected Upgrade: Enhance current network monitoring by integrating with EPICS

7 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 7 Central Experts for Services Central experts for services that require a lot of attention to security web servers application servers Central Services Email Account Management Desktop management (build & patching)

8 Terri Lahey Control System Cyber-Security Workshop lahey@slac.stanford.edu October 14, 2007 8 Conclusion Security of the worst node can cause problems for all – real or perceived Implement secure computers, networks and practices using local experts that work with central experts. Build secure architecture - know what is happening on your systems/network Create good procedures, and revise as needed

Download ppt "Terri Lahey Control System Cyber-Security Workshop October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
How topology decisions affect speed/availability/security/cost/etc. Network Topology.

How topology decisions affect speed/availability/security/cost/etc. Network Topology.
ITE PC v4.0 Chapter 1 1 Operating Systems Computer Networks– 2.

ITE PC v4.0 Chapter 1 1 Operating Systems Computer Networks– 2.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Chapter 12 Network Security.

Chapter 12 Network Security.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Wi-Fi Structures.

Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.

Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC

Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.

Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Terri Lahey EPICS Collaboration Meeting June 2006 15 June 2006 LCLS Network & Support Planning Terri Lahey.

Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey.
Basic Networking Components

Basic Networking Components

Similar presentations

Ads by Google