Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RS422 and Virus Attack


  • Please log in to reply
3 replies to this topic

#1 Green Dragon

Green Dragon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 October 2010 - 12:47 PM

Hello, we have a industrial control system and we want it to be isolated and secured, and not connected to a computer network

but recently we should connect the rs422 port of a panel to a network to send some infomation
the panel is controlled by some controllers and is connected to the control network computers...

it must be something like sending information to printer, and its jut send not receive
but I dont know if we can limmit rs422 to one direction sending, should we use a firewalll and where?
and is it possible viruses and worms penetrate to the control system via that port and controllers...

please help

Edited by hamluis, 14 October 2010 - 11:41 AM.
Moved from MRL to XP, later moved from XP to AV, Firewall, etc. ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:34 PM

Posted 13 October 2010 - 07:02 PM

Any computer system...should always be protected by a firewall.

Connecting a device to a computer or a network...exposes that device to some of the same problems.

But...the protection lies on the system or network...not on the device.

Louis

#3 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 13 October 2010 - 10:41 PM

RS422 and other serial port protocols often require communication between two devices for things like flow control and the like. Disabling bidirectional communication is technically possible but it would likely break your communication software that rides on this connection.

There really isnt a firewall implimentation for this layer, though you could use a RS422 Monitor or Analyzer to monitor the data being sent at this hardware layer. If you are using PPP or SLIP or another protocol to encaplute TCP/IP over the serial connection, you can use a TCP/IP firewall on the software layer. Otherwise, without TCP/IP you don't have any ports to connect to, so a standard firewall would do nothing.

So the question isn't "should we connect to this physical port", but rather "what kind of data is being exchanged over this physical layer".

As far as weither it is safe to connect it to a network, the answer would be in how safe the network is to connect to. If the network is itself issolated and the computers connected to issolated from any external connection, and all updates and software installed on the systems are audited and verified with the vendors, I would say it's very reasonable that it would be safe to connect to a network.

There would need to be strictly followed protocols with people who have access to the network. No plugging in thumb drives that have data from outside the network, no plugging an i-pod into a usb port just to charge it, etc. Data isolation is important to maintaining a truely secure network.

I'm not really sure why this got moved to the XP forum. This is a general virus discussion. As it probably relates to the infection vectors with the recently highly publicized Stuxnet worm, which has a payload of taking control of industrial control systems.

Edited by Gabrial, 13 October 2010 - 11:00 PM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:34 PM

Posted 14 October 2010 - 07:54 AM

I moved it to the XP forum...because I didn't really see the "issues" and I wanted someone more intelligent...to point the way :thumbsup:.

The words "virus attack" don't mean very much to me these days, since members throw them around when they don't know what's wrong with a system.

From the initial post, I don't see a clearly defined/expounded problem/situation/question...I'd like some feedback from the OP and the the XP forum was/is the easiest place for me to keep my eye on it until such feedback is obtained.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users