Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Accessing Industrial Networks > The Control System - Pg. 127

Accessing Industrial Networks 127 Again, weak firewall rules and access control provide a primary entry point from the business network into the SCADA DMZ. Legitimate reasons for allow- ing communications through the firewall exist, and these can introduce entry points into industrial network enclaves, via the business network. However, there are also inbound entry paths that lead directly into the supervisory enclave(s), bypassing the business network. These entry points include the following: l l l l Inter-control center communications over ICCP Remote access connections to field stations Connections to the Control System Diagnostic access to SCADA devices via dial-up or remote access Each entry path requires security demarcation, using (at a minimum) a properly configured firewall. See Chapter 7, "Establishing Secure Enclaves," for recommen- dations on how to provide strong perimeter defenses. The Control System If the business network is "contested ground" and the SCADA DMZ is "middle ground" than the Control System is "sacred ground." Within the context of indus-