Protect control networks from office network problems

Three techniques—overlapped VLANs, rate limiting, and port security—can help safeguard control networks from problems with office networks or equipment such as Windows PCs.

 

 

     PROTECTING PLANT NETWORKS
  Virutal Local Area Network
 

Overtapped VLANs, rate limiting, and port security can help protect control networks from problems with office networks.

Bennet Levine, R&D manager at Contemporary Controls, says an overlapped VLAN is a special type of virtual local area network (VLAN) provided by managed switches, which can allow one or multiple devices to have access to more than one VLAN. “That is, one or several devices can exist in multiple VLANs,” says Levine. “All other communications between the VLANs is blocked. For example, such an arrangement can allow a SCADA system to be shared between the office network VLAN and the control network VLAN, while blocking all other access between these VLANs. This enables SCADA communication with control network devices, and allows office network devices to determine the control network status, while protecting the rest of the control network from office network problems.”

Rate limiting is a managed-switch feature that can limit the bandwidth consumed by devices connected to specific ports of the switch. Users can specify a maximum bandwidth for each port of the switch. This can be used, for example, to limit the level of traffic sent to a sensitive piece of equipment. Another use of this feature is to limit traffic sent to the control network from the office network. “In this way excessive traffic problems created by the office network, such as broadcast or directed-message storms, can be controlled by rate limiting,” explains Levine. “It’s recommended that rate limiting be used on all switch ports that connect to any Windows PCs. Rate limiting can also control the level of multicast messages.”

Port security can be used to control which devices can communicate through specific ports of a managed switch. This can determine which office network devices can communicate with the control network. For example, port security can be used to only allow the plant manager and the engineering manager to have access to the control network from their computers on the office network.

More News:

  • IDS Is Among the First Vision Manufacturers to Introduce USB 3.0 Camera With Sony IMX174

    Equipped with image sensors, this new IDS camera model delivers outstanding imaging performance previously unattainable by CMOS-based cameras in terms of high sensitivity, high dynamic range, low fixed pattern noise, and highly accurate color reproduction.

  • China Adopts EtherCAT as a National Technology Standard

    Chinese company representatives shared experiences about their numerous EtherCAT systems and applications with the audience and explained the benefits realized through implementation.

  • HART-Fieldbus Foundation Marriage Complete

    The final step in constructing a single organization to lead process automation communications and integration technologies was completed at the end of August when the members of both the HART Communication Foundation and Fieldbus Foundation approved the merger proposed by their respective boards.

  • Use of BYOD Spreads, But Holdouts Remain

    Manufacturing workers are jumping on the bring-your-own-device (BYOD) bandwagon,

  • ISA100 Wireless Standard Gains Final IEC Approval

    ANSI/ISA-100.11a-2011, "Wireless Systems for Industrial Automation: Process Control and Related Applications," has been unanimously approved by the IEC as an international standard

  • Mergers, Acquisitions & Alliances: Danfoss Makes Offer, Hardinge Acquires Assets, and Fanuc and Rockwell Collaborate

    Danfoss made a public tender offer for all shares of the Finnish ac drives company Vacon. Hardinge, international provider of advanced metal-cutting solutions, agreed to acquire the assets of the Voumard internal diameter (ID) grinding business from Peter Wolters GmbH in Rendsburg, Germany. Maverick Technologies, acquired CQS Innovation, a system integrator specializing in control and information systems for life sciences, chemical and metals industries.

  • Belden Advocates Ethernet, Security and Wireless

    The Internet of Things (IoT) and the industrial IoT will use increasingly intelligent network infrastructures, but this will create more risk and increase the need to protect those critical infrastructures and their data. That's why we're investing both organically and through acquisition in Ethernet, security and wireless—so we can help transform this interconnected world.

  • The Future Is Forged at IMTS 2014

    Front and center was large-scale additive manufacturing in the form of the world's first 3D-printed car, which was printed and assembled on-site at the show. The project was a cooperative effort by Local Motors, Cincinnati Inc.; Oak Ridge National Laboratory; the University of Tennessee; and IMTS' Association for Manufacturing Technology (AMT).

  • Big Manufacturing Trade-Shows Dominate November Calendar

    There Will be More than 100 Exhibits Featuring Products and Services from Rockwell Automation and its Network of more than 100 Partners.

  • Honeywell OneWireless Takes the Prize for Best Wireless Solution

    The OneWireless Network is designed to enhance efficiency, safety and reliability in business processes. The OneWireless Network offers flexibility and scalability, wire-like performance with wireless security and best-in-class data availability with a low cost of ownership.

All news »

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments