![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0035.png)
33
industrial communications handbook 2016
cause IDSes look for symptoms rather than just causes,
they can help identify problems that have not previously
been encountered.
5.8 Monitoring
Now for the final point that is always critical and not only
from a security standpoint: monitoring of a network and
attached devices. Networks are becoming highly com-
plex entities and they need to be properly maintained.
The first step to properly maintaining a network and its
attached security features is by having a full view of the
network. Large security breaches are often preceded by
smaller breaches as attackers test different components
of the system. If the smaller breaches are identified early,
they can be addressed—and the larger breach deferred
or prevented completely. The IDS mentioned in 5.7 is
one type of monitoring system; however, a host more
are available and should be considered. On a simpler
level users could implement a syslog collector—a cen-
tral server that collects the system and event logs from
devices on the network and consolidates them. Some of
these systems can help flag concerning events, allowing
an engineer to quickly identify possible problems.
There exists a protocol in Ethernet devices called
SNMP (Simple Network Management Protocol), which
is an open standard and should be supported by all
Ethernet hardware, especially industrial grade hard-
ware. The SNMP standard works off dictionaries of
OIDs (Object Identifiers) known as MIBs (Management
Information Bases). These OIDs are simply numeri-
cal codes which translate to a certain query, i.e., the
OID 1.3.6.1.2.1.2.2.1.8 is for the query Interface Opera-
tional Status, or
ifOperStatus().
Further codes
appended to this identify which interface is being que-
ried. This OID is then sent to a switch, for instance, that
responds with an OID stating whether the interface is
up or down. A central NMS (Network Management Sys-
tem) receives all the responses from different queries
to devices around the network. These are consolidated
and presented to a network engineer, normally in a
quick to understand visual format. The engineer is able
to assess the status of the entire network, and identify
problematic areas and devices instantly. While these
systems are more important from an operational stand-
point, they are another example of a monitoring system
that should always be implemented.
Since the OIDs and MIBs are part of an Open Stan-
dard, they are unfortunately sometimes carelessly put
together by manufacturers, meaning that a LARGE data-
base of such identifiers is necessary. Manufacturers do
not always publish these (for various reasons) and, as a
result, swapping out a network component for a differ-
ent one with exactly the same functionality, but from a
different manufacturer, may degrade the SNMP reports.
On a wider front this is true for most mission-critical
networks, which start off well planned and document-
ed, but later start to suffer from small changes here and
there that are not documented (people forget to docu-
ment the changes, or think they are so insignificant that
they need not to be documented). After a period of time,
this lack of updating of documents and maintenance of
the network means that what remains is an unsecure
mess of a network that has
vulnerabilities
and
flaws
throughout.
Remember that one single security breach is all it
takes …
It is clear that security on a modern communications
network is extremely important and cannot be under-
estimated. Industrial Ethernet brings a host of benefits
and improvements; however, if not secured properly it
is more hindrance than help. In the best case scenario,
unauthorised individuals will be in the network and able
to view confidential data; in the worst case, individuals
could cause damage to company buildings and them-
selves. Securing a network properly leads to increased
peace of mind whilst utilising the benefits that Ethernet
networks provide.