Experience with Vulnerability Scans

StefanLueders

Member
S
Join Date
Jan 2005
Posts
2
Hello!

After observing several drop-outs of some of our PLCs, it turned out, that the corresponding Ethernet communcation modules were blocked after the execution of network scans / port scans (using e.g. "nmap" or "Nessus"). In the most severe cases the blockage could only be fixed by power-cycling the whole PLC.

We started some investigation on the inherent security of PLCs from three different manufacturers and came to the conlusion that manuy of them have no protection at all (e.g. running unprotected WebServers, SMTP, FTP...).

Does anybody have made similar experiences? Do I have to worry on Viruses, Worms, Hackers doing similar things?

Thanks a lot S>>L

P.S. I intentionally did not mention the PLC types.
 
One simple rule to follow, even though it seems to be completely ignored (especially by corporate IT types that think "All Ethernet Should Be Under My Control")...

KEEP PLANT FLOOR and MACHINERY NETWORKS COMPLETELY SEPERATE AND ISOLATED FROM FRONT-OFFICE and OUTSIDE WORLD LAN'S.

The only exception to that rule I will advise, is to put in dedicated routers, with port-restricted access by MAC address for the interconnect.

Especially now, that networking hardware is getting dirt cheap, I typically use a multi-layer system, with every individual machine on it's own LAN, then have a router linking up to the EQUIPMENT LAN (all machines), then another router linking EQUIPMENT LAN up to the corporate network, if needed.

Linking to the corporate network is often better done using a multi-homed dedicated computer (two or more NIC's, on two or more seperate subnets). That provides a nice, simple gateway to, say, a SQL server for data-collection, as well as serious fire-walling, and port-access control.
 
Hi !

I agree, this is the perfect world. But in the real world, the plant floor GETS interconnected with production databases, data warehouses etc. Thus, separating the networks is not easily possible anymore.

You are right, that dedicated firewalls and network segregation might reduce the danger, but still: Do the PLC providers have to improve their systems in terms of security ? Shouldn't a communication processor behave well at least when it receives malformed packages ? Security is a daisy-chain of efforts. Firewall, dedicated networks, etc. are parts of it. But the PLC system also.

So, back to my initial question: How do you protect you PLC ?

Yours S>>L
 

Similar Topics

A
Q: GenAI and PLC programming - your experience?
@ All: what is your best guess on a potential range in increase in efficiency in % (i.e. saved programming hours, greater output, etc.) when...
Replies
5
Views
349
padees
P
A
Keyence PLC Experience?
Hey guys, has anyone worked with any type of Keyence PLC and could share their experience with it? Vendor showed me camera footage reply of a work...
Replies
7
Views
1,173
alive15
A
S
Any experience with uSwitch
Hi, I have a customer inquiring about an automation product called uSwitch. I can read all the literature but working experience is always...
Replies
3
Views
605
geniusintraining
geniusintraining
A
Experience with using Codesys
Hi to all, does anyone have experience with using Codesys software for PLC programming? (https://www.codesys.us/) What I can find out is that...
Replies
4
Views
1,117
ndzied1
ndzied1
Lovell
Anyone here have Bosch experience?
Hi all, I am experienced with Rockwell by have recently encountered a Bosch PLC. It’s an IndraControls XM21 V14. I installed the software and...
Replies
2
Views
773
goghie
G
Back
Top Bottom