Upload
bernice-montgomery
View
223
Download
8
Tags:
Embed Size (px)
Citation preview
2© 2008 OSIsoft, Inc. | Company Confidential
Web of TrustWeb of Trust
Classic Examples– Bulk Electric System– Pipelines– Transportation– Supply Chains– Finance
Cyber Examples– Internet Service Providers– Name and Time Services– Certificate Authorities– eBay Ratings
3© 2008 OSIsoft, Inc. | Company Confidential
OSIsoft Cyber Security Web of TrustOSIsoft Cyber Security Web of Trust
AssociationsAssociationsAssociationsAssociations
ResearchResearchResearchResearch CommercialCommercialCommercialCommercial
GovernmentGovernmentGovernmentGovernment
5© 2008 OSIsoft, Inc. | Company Confidential
Safety and SecuritySafety and Security
Prevention is Best Approach – Risk includes Human Factors
Technology Can Help – Auditing, Monitoring and Protection
Actively Caring is the Key– Effects all stakeholders
6© 2008 OSIsoft, Inc. | Company Confidential
Mutual Distrust Posture – FERC 706Mutual Distrust Posture – FERC 706
The term “mutual distrust” is used to denote how “outside world” systems are treated by those inside the control system
A mutual distrust posture requires each responsible entity … to protect itself and not trust any communication crossing an electronic security perimeter, regardless of where that communication originates.
7© 2008 OSIsoft, Inc. | Company Confidential
There are only two types of security issues:There are only two types of security issues:
Input trust issuesInput trust issues
Everything else!Everything else!
Secure Coding IssuesSecure Coding Issues
Source: Security Development Lifecycle – Microsoft Press, Michael Howard
8© 2008 OSIsoft, Inc. | Company Confidential
What Now?What Now?
Not allowed to Trust “Outside” Systems…Shouldn’t Trust any Input…
–Secure Boundaries–Build-in Security
9© 2008 OSIsoft, Inc. | Company Confidential
Smart Connector
PI
Archive
User
ServicesData
Access
Portal
Notification
Services
`Smart
Clients
Data Source Subscribers
PI System Security BoundariesPI System Security Boundaries
10© 2008 OSIsoft, Inc. | Company Confidential
Defense-in-Depth ChallengesDefense-in-Depth Challenges
Legacy TechnologyLoss of PerimeterImplementation PracticesManual ProceduresLack of VisibilityInfrastructure Lifecycles
PhysicalPhysical
NetworkNetwork
HostHost
ApplicationApplication
DataData
11© 2008 OSIsoft, Inc. | Company Confidential
PI Security Boundary FeaturesPI Security Boundary Features
Isolated Application Stack– Protect Critical Systems
Data Only “Conduit” Health Monitoring & VisibilityQuick Disconnect
– No Data Loss Recovery
PhysicalPhysical
NetworkNetwork
HostHost
ApplicationApplication
DataData
ControlSystemsControl
Systems
12© 2008 OSIsoft, Inc. | Company Confidential
Architecture – Interface NodeArchitecture – Interface Node
•Simple•Resilient•Highly Instrumented
13© 2008 OSIsoft, Inc. | Company Confidential
Architecture: High AvailabilityArchitecture: High Availability
14© 2008 OSIsoft, Inc. | Company Confidential
Integrating Windows Security into PIIntegrating Windows Security into PI
RtWebParts– Microsoft Office Sharepoint Services
PI AF– .Net Framework and MS SQL Server
PI Server – Windows 2008 Logo Certification
(including Server Core)– Modern Hardware Support
(Memory Protection, TPM, x64)
– Integrated Authentication and Authorization
15© 2008 OSIsoft, Inc. | Company Confidential
Authentication and AuthorizationAuthentication and Authorization
Customer SIG Requests and Objectives:
1. Leverage Windows for account administration
2. Single sign-on (no PI Server login required)
3. Secure authentication methods
4. Extended access control
…more than Owner, Group, World
…e.g. Groups of Groups
16© 2008 OSIsoft, Inc. | Company Confidential
Architectural OverviewArchitectural Overview
Our Current Security Model– Choice of access rights: read, write– A single owner (per object)– A single group association– And then everyone else . . . “world”
The New Model– Support for Active Directory and Windows Local
Users/Groups– Mapping of authenticated Windows principals to “PI
Identities”– Access Control Lists for points, etc.
17© 2008 OSIsoft, Inc. | Company Confidential
WIS in a NutshellWIS in a Nutshell
Windows PI Server
ActiveDirectory
Security
Principals
Authentication Identity Mapping
PI Identities
Access Control Lists
Authorization
PISecureObjects
18© 2008 OSIsoft, Inc. | Company Confidential
User AuthenticationUser Authentication
Until Now– Explicit Login: validation against internal user database– Trust Login: validation of user’s Security Identifier (SID)
PI Server “380” Release– Strong Authentication using SSPI – “Negotiate”
(Microsoft Security Support Provider Interface)– Principals from Active Directory– Principals from Local Server– Backward Compatible Authentication (Configurable)
20© 2008 OSIsoft, Inc. | Company Confidential
PI IdentitiesPI Identities
Custom Labels for PI Security Authorization– Replace and Extend “Owner”, “Group” and “World”
New Default PI Identities:– PIWorld, PIEngineers, PIOperators, PISupervisors– Legacy PI users and groups also become identities
Change as needed for Role and Category– Add / Rename / Disable using PI-SMT
21© 2008 OSIsoft, Inc. | Company Confidential
PI Identity MappingPI Identity Mapping
Links a Windows group (or user) to a PI Identity
– Example: Server\AuthenticatedUsers to PIWorld
Multiple mappings allowed per PI Identity
– Suggestion: Manage complex mapping through nested membership in Windows Groups
Legacy PI Trusts map to a single Identity only
22© 2008 OSIsoft, Inc. | Company Confidential
Demo: Configuring a PI IdentityDemo: Configuring a PI Identity
23© 2008 OSIsoft, Inc. | Company Confidential
PI Secure Objects: AuthorizationPI Secure Objects: Authorization
Main objects: Points and Modules– New “Security” attribute supersedes legacy settings
• PtSecurity instead of PtAccess, PtGroup, PtOwner
Access Control Lists– New Syntax for “Security” ACL string:
“ID1: A(r,w) | ID2: A(r,w) | ID3: A(r,w) | …”
Compatibility Mode– Configure 3 identities:
• PIUser, 1PIGroup, and PIWorld (any order)– Existing behavior preserved in “o: g: r:” attributes
25© 2008 OSIsoft, Inc. | Company Confidential
Demo: Comparing ACLs – Old v. NewDemo: Comparing ACLs – Old v. New
1. Using Tag Configurator, show existing security attributes (dataowner, datagroup, dataaccess) alongside new attribute (datasecurity).
2. In datasecurity, change piworld: A(r,w) to piworld: A(). Export and import. Point out that change is reflected in dataaccess.
3. In datasecurity, delete “| piworld: A()”. Export and import. Point out “incompatible” state of dataaccess, datagroup, and dataowner
4. Explain why data* attributes are in the “incompatible” state and why it matters.
5. Optional: Restore “| piworld: A(r,w)” to datasecurity, export, and import. Point out that data* attributes are once again compatible.
26© 2008 OSIsoft, Inc. | Company Confidential
Making the TransitionMaking the Transition
Existing security still supported– On upgrade: no loss of configuration, no migration– Downgrade only by restoring from backup
Existing SDK applications– Preserve existing behavior
• Can still connect via explicit logins or trusts– Single sign-on after SDK and server upgrade
• No configuration or code changes to client applications!
27© 2008 OSIsoft, Inc. | Company Confidential
SummarySummary
Windows Integrated Security is the next milestone for the PI Server– Flexible Configuration– Less Maintenance– Investment Preserved
Security Development Lifecycle is Ongoing– Features that are Secure– Security Enhancing Features– Good Practice Advice and Security Tools– Actively Caring about Security