Industrial Communications Handbook August 2016

Since the OIDs and MIBs are part of an Open Stan- dard, they are unfortunately sometimes carelessly put together by manufacturers, meaning that a LARGE data- base of such identifiers is necessary. Manufacturers do not always publish these (for various reasons) and, as a result, swapping out a network component for a differ- ent one with exactly the same functionality, but from a different manufacturer, may degrade the SNMP reports. On a wider front this is true for most mission-critical networks, which start off well planned and document- ed, but later start to suffer from small changes here and there that are not documented (people forget to docu- ment the changes, or think they are so insignificant that they need not to be documented). After a period of time, this lack of updating of documents and maintenance of the network means that what remains is an unsecure mess of a network that has vulnerabilities and flaws throughout. Remember that one single security breach is all it takes … It is clear that security on a modern communications network is extremely important and cannot be under- estimated. Industrial Ethernet brings a host of benefits and improvements; however, if not secured properly it is more hindrance than help. In the best case scenario, unauthorised individuals will be in the network and able to view confidential data; in the worst case, individuals could cause damage to company buildings and them- selves. Securing a network properly leads to increased peace of mind whilst utilising the benefits that Ethernet networks provide.

cause IDSes look for symptoms rather than just causes, they can help identify problems that have not previously been encountered. 5.8 Monitoring Now for the final point that is always critical and not only from a security standpoint: monitoring of a network and attached devices. Networks are becoming highly com- plex entities and they need to be properly maintained. The first step to properly maintaining a network and its attached security features is by having a full view of the network. Large security breaches are often preceded by smaller breaches as attackers test different components of the system. If the smaller breaches are identified early, they can be addressed—and the larger breach deferred or prevented completely. The IDS mentioned in 5.7 is one type of monitoring system; however, a host more are available and should be considered. On a simpler level users could implement a syslog collector—a cen- tral server that collects the system and event logs from devices on the network and consolidates them. Some of these systems can help flag concerning events, allowing an engineer to quickly identify possible problems. There exists a protocol in Ethernet devices called SNMP (Simple Network Management Protocol), which is an open standard and should be supported by all Ethernet hardware, especially industrial grade hard- ware. The SNMP standard works off dictionaries of OIDs (Object Identifiers) known as MIBs (Management Information Bases). These OIDs are simply numeri- cal codes which translate to a certain query, i.e., the OID 1.3.6.1.2.1.2.2.1.8 is for the query Interface Opera- tional Status, or ifOperStatus(). Further codes appended to this identify which interface is being que- ried. This OID is then sent to a switch, for instance, that responds with an OID stating whether the interface is up or down. A central NMS (Network Management Sys- tem) receives all the responses from different queries to devices around the network. These are consolidated and presented to a network engineer, normally in a quick to understand visual format. The engineer is able to assess the status of the entire network, and identify problematic areas and devices instantly. While these systems are more important from an operational stand- point, they are another example of a monitoring system that should always be implemented.

33

industrial communications handbook 2016