Do you have a visual map of your Ethernet communications infrastructure? Can you quickly tell which links are up and which are down on your network? Are you notified when a rogue device is added? Do you know which devices and protocols are locked down from a security perspective?
If not, it’s time to find out about network management software (NMS). Not only can it save you time with tasks like configuring multiple devices, it is a very important cybersecurity tool.In many industrial facilities Ethernet networks are growing and changing quickly and it is increasingly difficult to manage and secure them. A NMS designed for automation environments will likely make your engineering team more efficient. It will also improve the security of your network. What’s not to like about that?
Network management software designed for automation environments provides a visual map of your network and quickly identifies potential performance and security issues.
Some of the core capabilities of NMS are that it provides:
Leading industrial NMS products, such as Industrial HiVision, are able to detect and diagram all SNMP-enabled devices, including those from Hirschmann and GarrettCom. The network topology is automatically recognized and accurately visualized, including unmanaged switches and hubs. Furthermore, whenever a new device is added, alerts can be generated.
Knowing what you have on your network and knowing when something changes is a basic security control. However, with networks that have grown quickly or where people are used to using local workstations to manage production cells, this capability is often missing.NMS also provides the ability to configure many devices simultaneously across a network, even when they’re in operation. This not only saves time but ensures consistency. A large industrial network of greater than 1,000 nodes was able to dramatically reduce configuration time and network audit time by using NMS.
To prevent unauthorized or inappropriate access to devices and their settings, good NMS should have user roles and individual user logins. This improves overall network security.
Having the logins work with single sign-on technology, such as Active Directory or RADIUS adds to ease-of-use and is administratively efficient.
Once users are identifiable, the next step is to track what they do on the network. The resulting audit trail can be written to third party programs such as the Windows event log or the Linux syslog for overall logging cohesiveness.
Industrial networks are often poor at detecting cyber incidents. Stabilizing configurations and generating alerts when configurations change or when rogue devices are added to the network improves both security and availability.NMS directly improves security if they include security lockdown features. For example, making it easy to “lockdown” settings such as disabling unused slots and restricting management access to multiple devices at a time.
Multiple network infrastructure devices can be secured with a few clicks using NMS.
A security status screen that provides a quick and clear overview of areas of “security concern” helps you be proactive about possible security issues. This includes things such as default passwords, unsecure protocols available, open and unused active ports etc.
The Security Status screen in Industrial HiVision gives a clear overview of the status of network devices. Configuration errors are highlighted and it is easy to see and take action on areas of security concern. Click here to enlarge.
Another area of hardening is to monitor MAC/IP address pairs. In TCP/IP communications, each device must have a unique source MAC address and source IP address. Many firewall rules are based on a source IP address.
A typical technique used to circumvent firewall rules is to use the source IP address of a permitted device to communicate with other devices (“address spoofing”). This can be detected by the NMS regularly checkingMAC/IP address pairs. If a source IP address is seen together with a different source MAC address, an alarm is generated.
Nowadays everyone wants the flexibility to check in on key aspects of work while moving around a facility or offsite. Thus, when evaluating NMS products, be sure to find one that includes mobile access. Being able to refer to a graphical map of the network on your smartphone or tablet is handy.
It’s also useful to be able to check the connection status of links, including speed, duplex, medium and VLANs. If you are in the pipeline industry or part of a SCADA operation you might also want to see the GPS coordinates of devices.Keep in mind security features for mobile. Access should be password protected and the status of devices should be viewable but not changeable from the mobile application.
Network management software improves network availability and engineering productivity plus it enhances system security. As your network continues to expand and become more complex I urge you to review your cyber security risk assessment and think about how a NMS could improve your defenses.
Industrial HiVision, designed for use in factory and process control settings, does not require you to be an IT expert to use it. Plus, it is easy to try out. A 30-day evaluation of the latest full version can be downloaded free of charge. There is also a free version that can be used indefinitely but with a reduced feature set. (The differences between the full and the free versions can be seen here.)
What role does NMS play or could it play in your cybersecurity program? I look forward to hearing from you.
Editor’s Note: This article was created with expertise from Mark Cooksley, a product manager with Hirschmann Automation and Control and an expert on industrial cyber security.
Industrial HiVision Network Management Software