IAONA Security Survey
This is an attempt to find out what kind of networking devices, infrastructures and services are existing today in the production environment.
Target Persons
Customers, Users - Line Builders, Machine Builders - Service Providers
We assume you are using an Ethernet network for your 'office world' and you are also networking your production units and devices.
Please help us to find better solutions for your factory network and enhanced security.
|
Infrastructure
|
|
|
|
| Is your 'production network' separated from your 'office network' ? (no link at all) |
|
Yes |
No |
|
| If 'No', what devices are coupling the networks ? |
|
|
Router |
|
|
Firewall |
|
|
other |
|
| |
|
Are you using any hard- or software to restrict raffic between factory and office network ? |
|
|
No |
|
|
planned for future |
|
|
Yes |
|
| |
|
What kind of mechanisms will control your data flow between factory and
office network? |
|
|
Router, Packet Filter |
|
|
dedicated firewall |
|
|
other |
|
| |
| What are your infrastructure components ? |
|
Hubs |
|
|
Switches |
|
|
Routers |
| |
|
Do you have Internet access from within your production network ? |
|
Yes |
No |
| |
| What are the devices in your production network ? |
|
PC's |
|
% |
|
|
Sensors, Actuators |
|
% |
| |
|
HMI |
|
% |
| |
|
PLCs |
|
% |
| |
|
Field IOs |
|
% |
| |
|
Industrial Controls |
|
% |
| |
|
Machines |
|
% |
| |
| What operating systems are you using in your network ? |
|
DOS |
|
% |
|
|
Linux |
|
% |
| |
|
Win 3.11 |
|
% |
| |
|
Win 95/98/ME |
|
% |
| |
|
Win NT |
|
% |
| |
|
Win 2000 |
|
% |
| |
|
Win XP |
|
% |
| |
|
OS/2 |
|
% |
| |
|
VxWorks |
|
% |
| |
|
WinCE |
|
% |
| |
|
embed. Linux |
|
% |
| |
|
other |
|
% |
| |
| Communication |
|
| |
|
Do you require traffic between your office network and your production network ? |
|
Yes |
No |
| |
| If 'Yes' ,which services are required ? |
|
production planning data |
| |
|
CAD data |
| |
|
logfiles and statistics |
| |
|
other |
|
| |
| Remote Access |
|
| |
|
Do you have a single remote access point or multiple (eg. modems) |
|
Single |
Multiple |
| |
| How is your remote access used ? |
|
only internet users |
| |
|
rarely, only few external access |
|
|
|
services and support |
|
|
|
intense use (service, maintenance) |
| |
|
Are you using a firewall for RAS users |
|
Yes |
No |
|
| Which kind of encryption are you using ? |
|
none |
| |
|
SSL |
|
|
|
SSH1 |
|
|
|
SSH2 |
|
|
|
ipsec (VPN) |
| |
| What kind of authentication do you use ? |
|
none |
| |
|
User / Password |
|
|
|
RSA Token, Secure-IDs |
|
|
|
Certificates (X.509) |
| |
|
other |
|
|
|
Are you using any remote Software ? |
|
Yes |
No |
|
| Which Software are you using ? |
|
PC-Anywhere |
| |
|
VNC |
|
|
|
PC-Duo |
|
|
|
Telnet |
|
|
|
SSH |
| |
|
other |
|
|
| How often do you need or provide remote services ? |
|
|
| (per day or week etc.) |
|
| |
| Network Traffic |
|
|
| Are you using any fieldbus like protocol ? on your production ethernet |
|
NDDS |
|
|
Profinet |
|
|
|
Ethernet/IP,CIP |
| |
|
Modbus / TCP |
| |
|
PowerLink |
| |
|
EtherCat |
|
|
other |
|
|
| Types of network communication in your production network ? |
|
File transfer |
|
|
Web based Services |
|
|
|
PPS production planning systems |
|
|
|
any SAP service |
|
|
|
HMI |
|
|
|
OPC |
|
|
|
installing software updates |
|
|
|
SCADA (control software) |
|
|
|
SNMP |
| |
| Which of the standard services are used in your network ? |
|
HTTP |
|
|
SNMP |
|
|
|
Telnet |
|
|
|
SSH |
|
|
|
FTP |
|
|
|
SMTP |
|
|
|
POP3 |
|
|
|
NetBios |
|
|
|
DHCP |
|
|
|
DNS |
| |
|
other |
|
| |
|
Does your software uses custom ports for standard services (eg. HTTP over port 4711) ? |
|
Yes |
No |
| |
| Can you rate the use of standard ports and custom ports ? |
|
% standard ports |
|
|
% custom ports |
|
| Administration |
|
|
|
On the RAS client side, are your customer datas (phone number, user, password etc) in any way protected or encrypted ? |
|
Yes |
No |
|
|
Do you have security policy ? That is a set of rules for certain cases (when a laptop gets lost or stolen, when an employee is laid off etc) ? |
|
Yes |
No |
| |
| Are you using any administration tools or network managemant systems ? |
|
CA Computer associates |
|
|
HP openView |
|
|
|
IBM NetView |
|
|
|
IBM Tivoli Manager |
| |
|
other |
|
| |
|
