Comment from Anonymous
Time: April 20, 2005, 4:39 am

This may work well, but wherever possible preventing the connection or restricting the connection through the use of filtering and/or customised management consoles is a much better solution.

I have been using 802.1x authentication for switches which are used for laptop or remote connections to further prevent unauthorised access. This coupled with user specific routing, port restrictions, IP, and application filtering provides external contractors access to what they need but greatly reduces the overall risk.

I generally do not use 802.1x on backbone devices, RTU’s, PLC’s, etc. but closely monitoring strategically placed IDS/Syslog/ARP/NetFlow collectors usually identifies the problem support staff and network points.

Traffic profiling is also great (capacity management, network health, fault finding), but I am still reluctant to recommend automated triggers from these systems as they can also be used to disrupt the environment operation. The same can be said with any IDS, etc.

I have found that the key with the prevention, detection and monitoring is to only place these devices/services where they are needed and reduce poling times so as not to disrupt the SCADA network operation.

Thanks
Dwek

Comment from MDA
Time: July 3, 2008, 9:55 am

Would’nt it be just as safe to partition the exisiting laptop harddrive into two and have an separate OS on each?