01 August 2003
The nodes know
Security issues dominate distributed web applications.
By Marcos Taccolini
The number of connected nodes on the Internet and over intranets grows exponentially.
Besides adding computers, we are entering a new phase where intelligent devices, I/Os, and factory-floor devices also are joining the PC networks.
New architectures now allow customers, suppliers, and end users to integrate and share real-time information. This brings the nagging issue of security back into question.
Security is always the biggest concern regarding distributed applications. As the number of connected devices increases, the number of external users increases.
With added users, the need for security only increases. Security is not only important for corporate data, it is also extremely important for control and manufacturing processes.
With the advent of the virtual supply chain, in which manufacturers can share real-time data with their customers and their suppliers, security becomes even more important.
DEVICE CONNECTIVITY LEADS
How can the enterprise manage security in this new paradigm? First we'll review the goals we must realize and the technologies available.
We are entering the era of device connectivity, which is the fourth wave of evolution for Internet-enabled applications. The first wave was e-mail connectivity, in which the key applications were e-mail, file transfer protocol, and gopher, and the goal was file and message sharing.
The second wave was Web publication, where the key technology was hypertext markup language, and the goal was presentation of information. The third wave resulted from the adoption of XML and the change in paradigm toward the Web as a programming interface and data-flow enabler.
Combining various technologies under the .NET framework, such as Windows CE, simple object access protocol (SOAP), and universal description, discovery, and integration (UDDI), achieves device connectivity.
The goal is seamless access and integration of devices from the production floor to the boardroom to suppliers and customers and, ultimately, the individual end users.
To accurately predict the increase in the number of distributed devices on the network in the near future, we need to review three technology laws. These laws are geometric and exponential. They will eventually need modification as further advances in technology occur. However, they are still valid today.
- Moore's Law—formulated by Gordon Moore, co-founder of Intel, the law states that the density of transistors and integrated circuits will double every eighteen months. The corollary of Moore's Law is that computers are rapidly getting faster and cheaper.
- Gilder's Law—put forth by George Gilder, author and prophet of the new technology age, it says that bandwidth grows at least three times faster than computer power. This means that if computer power doubles every eighteen months (per Moore's Law), then communications power doubles every six months. Ongoing developments seem to confirm that bandwidth availability will continue to expand at a rate supporting Gilder's Law.
- Metcalfe's Law—devised by Robert Metcalfe, originator of Ethernet and founder of 3COM, the law states that the value of a network grows with the square of the number of participants. In other words, each additional member of a network adds an incremental amount of value to every other member, thus increasing the aggregate value of the network in a quadratic fashion while the cost per user remains the same or even decreases.
Although markets are extremely efficient and accurate in the long run, they are completely incapable of keeping up with the pace of technological and business innovations that we currently are experiencing.
As more and more users are connected, the need to increase information sharing between internal and external audiences continues to increase. As devices become smaller, the user becomes more mobile and the need to change the network paradigm to address transient users becomes more important.
Ultimately, all these issues revolve around the need to ensure that your model of security addresses these various audiences.
Finally, in this new integrated environment the number of connected devices is much larger. Previously there was only a client, a direct communication link, and the server to consider.
Now, there may be multiple clients, multiple servers, and a communication network consisting of many routers, switches, firewalls, and proxies. Each of these nodes contributes their own security risks.
DISTRIBUTING SECURE NETWORK
In the past, when one accessed a remote system using a dial-up connection, security measures such as firewalls were not as important. These connections were short and circuit switched, and the main threat came from war dialers. War dialing (also called scanning or demon dialing) is the practice of dialing all the phone numbers in a range to find those that answer with a modem.
As network technology evolved, devices began to connect directly and permanently to the Internet. Also, with a higher prevalence of standardized software, an increasing software monoculture, greater connectivity, and more interface points, there are more places for things to go wrong.
In turn, the significant threats are now from script kiddies and worms. Script kiddies are the lowest forms of crackers, and they run packaged exploit programs against a large number of random targets. Worms are self-propagating security exploits.
With regard to industrial and commercial applications, security concerns are not limited to crackers. These applications must ensure that corporate and manufacturing data remains confidential and safe from unauthorized access and manipulation by both internal and external sources.
Security properties include integrity, authenticity, confidentiality, and availability.
- Integrity relates to avoiding unauthorized modification of data.
- Authenticity relates to ensuring that the identities of communicating partners are genuine. Security requirements such as data integrity, access control, or masquerade prevention work only if one can rely on the authenticity of communicating partners.
- Confidentiality means protecting information from unintended disclosure. Measures such as end-to-end encryption between the connected communicating partners, file protection, and avoiding the publication of proprietary data on the Web are techniques that ensure confidentiality.
- Availability means that systems, data, and other resources are available when needed.
BASED ON SECURITY THREATS
In addition to all the requirements of a distributed network, Web applications have further security risks. For example, remote procedure call–like SOAP messaging is less secure because communication does not occur over an existing secured channel.
A further security issue is the number of untrained users involved with Web content. Although even relatively inexperienced users can set up a Web server and create Web pages, the underlying technologies that enable those tasks are quite complex. These users usually know little about potential security risks nor do they have the tools or training to manage those risks.
Despite these concerns, Web applications are essentially client-server TCP/IP applications running over the Internet. We can map Web applications' vulnerability based on the security threats and address them with the following set of technologies:
- Virtual private networks address confidentiality and authenticity.
- Dial-in and dial-out systems create temporary Internet protocol (IP) addresses and require a valid return phone number. Dial-in and dial-out connections are more secure because when the connection is not in use, the device is not on the network. Authenticity becomes even better when the server uses a callback procedure.
- Digital signatures and cryptography satisfy the requirement for authentication and confidentiality.
- Firewalls enforce security at many levels.
- Remote nodes, ports, and protocols that can to accept connections can be restricted.
- Packet filtering accepts packets only from an established connection.
- Packets with impossible flag combinations or that do not match established connections can be dropped.
- The firewall can be set up to prevent IP spoofing.
- Secure sockets layer (SSL) ensures the secure transmission of information. SSL establishes the authenticity of the client or server, and can encrypt data to ensure confidentiality. All Web browsers (such as Netscape Navigator and Internet Explorer) support SSL, and many Web sites use SSL to obtain confidential information.
SNOOPING, SPOOFING SCADA
Recently, during an Internet forum discussion, a user stated that security was not a major concern to him because his application monitors the system only and remote Web users cannot change or otherwise modify the programmable logic controller registers.
He said, "Who would invest time and money to break in and see a bunch of limits on switches?" There is ample motivation for this type of snooping.
Competitors—or anyone else—who want to know the capacity of your company, your recipes, the details of your plant floor layout, the details of making your company's product, and any other information might attempt such a break-in.
Even unauthorized access by suppliers or other users can compromise security.
If your Web application is in use and it's an important front-door application to your processes, the system is vulnerable to external attack. These are attacks to interrupt service and ultimately cause a complete shutdown of your manufacturing plant.
Not only is snooping an issue, but spoofing is as well. How do you know you're not receiving spoofed data? This issue is particularly critical when we are talking about process control and monitoring.
Above and beyond the mentioned technologies for securing your environment and Web-based applications, many SCADA and human-machine interface (HMI) packages embed security tools that operate during runtime and at the application level. Those tools include:
- IP remote connection filters: Independent of the firewall protection, the filter can verify the IP address of a remote client requesting data and enable or disable access.
- Dial-in and dial-out: One can manage the dial-in and dial-out at the application level. The communication channels (including phone numbers, authorized users, and types of information exchanged on those channels) can be defined at the project level.
- View only: The runtime can be configured such that a station does not accept any remote variable modification or configuration, allowing it to provide only replies to data requests.
- View only, according to user or status: One can also configure the same protection in the application layer to disable remote modification of variables and commands or to provide information based on the user's priority.
- User authentication: User name and password can apply at the application, screen, or data level.
- Object protection: Some HMI/SCADA packages allow object-property definitions based on process status, remote user IP, and remote user IP address. These properties can restrict the editing and viewing of the object.
These are the technologies available to address security concerns. First, though, one must be aware that there are concerns. Second, one must know which security issues apply to one's own network environment.
Do not assume that snoops and crackers are not interested in your applications and network. It could be a costly assumption. IT
Behind the byline
Marcos Taccolini is chief technology officer at InduSoft, Ltd. in Austin, Texas.
Return to Previous Page