Remote access to SCADA system

I am looking for a secure way to gain remote access to a SCADA system. Right now the system is completely stand alone with no Internet access. I researched several programs including pcAnywhere.

Has anyone had good or bad luck with pcAnywhere?

Any comments or suggestions will be greatly appreciated.

I am very new to this site so I hope this is not a poorly phrased question.

Thanks for any responses.

It depends. Do you just want desktop control or do you need to connect to the same network the scada system is on?

Is it a server and thick clients or thin clients.

For easy and cheap I like logmein https://secure.logmein.com/

There is a free and paid version that will give you desktop control or you can use Hamachi by logmein which is also free and you can vpn to the scada network and have desktop control with windows built in RDP which IMHO is faster and smoother desktop control than a 3rd party client running on the OS or you may want both for redundancy nad different purposes.

The paid hamachi runs over faster servers and is worth the money IMO. https://secure.logmein.com/products/hamachi/

Or get logmein central and you can do many more things and makes it all easy to manage. The paid version of hamachi is bundled with central https://secure.logmein.com/products/central/

There is even a ipad and ipod app https://secure.logmein.com/products/ios/

And if your not cool and have android you can use ignition LOL https://secure.logmein.com/products/Ignition/android/

Or go the hardware route with **** http://www.****.biz/en/home.html

Or Tofino http://www.tofinosecurity.com/products/Tofino-VPN-Server-and-Client-LSMs

Or a small SonicWall http://www.sonicwall.com/us/products/TZ_Series.html

Or comodo free VPN http://www.comodo.com/home/email-security/vpn-access.php

Or LAN Bridger free VPN http://www.lanbridger.com/

Or Neo Router Free VPN http://www.neorouter.com/

Or Team Viewer for Desktop control http://www.teamviewer.com/en/index.aspx


I have tested all these at one time or another and all have good and bad points but all are good solutions.

I like hamaci and logmein best for management of many of them though.

We use teamviewer a lot where i work. It allows you to take control of a desktop from almost anywhere (there is a client for android, iphones, windows, mac, and linux) and works really well.

For a more native solution that doesn't rely on leaving a PC turned on, you'll have to set up some kindof Virtual Private Network (VPN) so that you can connect to your LAN remotely. After a VPN connection is established, you would go about things just like you where connected locally.

Thanks

Thanks guys I really appreciate the response, I will look into the possibilities. I had no idea there were so many choices.

Found a great solution

Our company has numerous sites all over the world where I need to view or program CPU's HMI etc. The product I recently found works great. The client side gets a program that I email and they need to have an internet connection. The CPU has to be on the same LAN or WiFi as the computer they want to use. You don't have to worry about a router or gateway address which is where a lot or IT people become resistant. The communications are encrypted as well. You have to get a product from *********.net (About $150.00) This box goes at your site and again just has to be plugged into the LAN. The client has has to make sure they have a copy of Java on their PC and the emailed program. You point your plc programming software at ********* with the supplied IP address of the box. This box communicates to *********'s server which bridges the connection for the client side PC which then allows the CPU to connect. This is all done over a standard internet connection. If the customer wants high security they can then just delete the emailed program until the next need for programming or monitoring. I have used this on GE Proficy and Allen Bradley and it works great and makes my job a lot easier.

PCAnywhere became obsolete several years ago. There was a significant security breach and their entire source code was stolen and several vulnerabilities exposed. Symantec dropped it like a hot potato.

Teamviewer is good but gets very expensive if you have multiple users.

We use a VPN solution and RDP into a jump server that sits in a DMZ. Firewall allows granular control of what can go in and out of jump server. No control traffic can traverse directly from VPN to control network.

However if you're just accessing one PLC then moxa / ********** / several other vendors do simple VPN options that can just be turned on by your client when they need you to access their systems.

Just make sure you do employ some form of security when devices are connected to external networks. The number of connection attempts I see in my firewall logs to modbus / DF1 ports on my external IP interface is a little scary. Comes and goes, but people out there are trying to get in!

We always use VPN and Remote Desktop.