Chemical Technology October 2015

PLANT MAINTENANCE & QUALITY

Cell zone WLA example

Single VLAN SSID topology

be connected, some with the ability to prevent the connection of unauthor- ized devices. Firewalls can restrict traffic flows between cer- tain devices but have no understanding of 'who' may be using those devices. The addition of modern secu- rity technologies such as Identity Services, enables connected devices, the user of the device and their associated traffic to be pro- filed.  This in turn allows the creation of company-wide policies that determine

is happening on that site and then provide the appropriate response limiting the spread of any problems. Remote assets don’t seem so remote anymore More and more process and automation managers are looking for the infrastructure and technologies that will help thembetter monitor and operate their satellite assets. Many of thesemanagers have already begun themigration toward IP tools, devices and services that can help them create a single, streamlined communications platform. This move is driving down the cost and complexity of monitoring remote assets, while increasing critical data flows and improving cyber security. As a result, remote assets are becoming nearly as easy to manage as local assets. This article was originally published on the website to be found at http://www.industrial-ip.org/knowledge-center/solutions/ remote-assets-and-services/simplifying-remote-asset-manage- ment-with-ip, and is reprinted with kind permission

who should have what level of network access, regardless of where they physically connect to the network. This could be wirelessly connected in the company headquarters or physically plugged in with a cable while out maintaining a remote asset. In another example, if a company employee logs onto a company laptop and accesses the network, he/ she could be given unrestricted access. However, if a con- tractor is logged onto the very same laptop, he/she could be restricted to accessing just the automation devices and servers they support. Other technologies like Intrusion Prevention and Detec- tion can continuously scan and monitor the traffic crossing a network. These can delve deep into network packets, providing a view into how the network and automation pro- tocols are behaving. If something abnormal occurs within the automation protocol, whether intentional or malicious, alerts can be generated allowing operators early visibility of potential issues. If the alerts relate to remote assets, opera- tors can bring up closed-circuit video cameras, see what

32

Chemical Technology • October 2015