Embed Size (px)
DESCRIPTION
Reliable
Citation preview
Notice # 0002
Version 1.0
April 6, 2005
Ap
pli
ca
tio
n N
oti
ce
© 2005
RELI ABLE CONTROLS ® NETWORK INFORMATION
Network Communication
What kind of traffic should be expected on an Ethernet networkrunning Reliable Controls® products?
Ethernet protocols used by Reliable Controls® controllers
•Universal Datagram Protocol (UDP, segmented)
•Internet Protocol (IP)
•Internet Control Message Protocol (ICMP)
•Address Resolution Protocol (ARP)
•Reliable Controls® Protocol encapsulated in UDP
•Simple Network Management Protocol (SNMP)
•BACnet® over IEEE 802
•BACnet/IP
Note: The BACnet® protocol can be optionally disabled.
What ports are required on a Reliable Controls® MACH-System?
The only port required for the system is 21068. Opening this port should not be a security concernas it is not tied to common functions, such as HTTP, FTP, etc.
Transmissions that use the Reliable Controls® Protocol can only be initiated from port 21068 to21068. No broadcasts are used in transmission. Responses to workstation requests are directedto the requesting port number.
BACnet/IP communications utilize port 47808 by default.
Reliable Controls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 1 of 6
© 2005 Reliable Contro
AP P L I C A T I O N NO T I C E : Rel iab le Contro ls® Network In format ion
What kind of bandwidth will a Reliable Controls® network onEthernet use?
Reliable Controls® networks on Ethernet use almost no bandwidth during their regularcommunication duties. The following description will demonstrate this point.
When determining the amount of network traffic, we will assume an average period of2 minutes of communications between the controllers on a 10-megabit Ethernetnetwork. A simple formula, shown below, will show the average network usage in a 2-minute period, expressed as a percent of the total network traffic possible.
U = (K * n) / 1000
The number of network points passing between the controllers determines networkutilization.
A Reliable Controls® MACH-System with 80 controllers on Ethernet and undermedium load equates to (5.8 * 79) / 1000 = 0.46%, network utilization over a two-minute period.
If there is only 1 controller on Ethernet, then almost no traffic is ever generated.
U = the overall network utilization expressed as percent
K = the network utilization constant, see below
n = the total number of Reliable Controls® controllers on the Ethernetnetwork minus one
Network Points per Controller K Constant
Light – 20 points 2.9
Medium – 60 points 5.8
Heavy – 120 points 10.1
Table 1: K Constant
ls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 2 of 6
© 2005 Reliable Contro
AP P L I C A T I O N NO T I C E : Rel iab le Contro ls® Network In format ion
Do controllers on a Reliable Controls® sub-networkcontribute to the overall Ethernet traffic?
No, sub-network controllers do not communicate on the Ethernet connection. Theycommunicate on the local EIA-485 ports and do not broadcast on any other ports.
Is there any additional traffic generated by the ReliableControls® network?
The Reliable Controls® network will respond to operator requests through software, aswell as transmit alarms if the situation requires it. Alarms are sporadic and the size ofan alarm varies depending on what kind of information is being sent. Overall systemperformance will not be impacted by alarms and the bandwidth required is far lessthan the average operation numbers.
When an operator requests information from the controller, the amount of sent datavaries depending on what is being requested. The overall impact of operator requestswill be minimal.
An example of heavy operator traffic might involve 10 operators accessing a ReliableControls® network using RC-Webview™ and having a large graphic worksheetcontaining 160 points with a refresh interval of 1 second each. In this case, the overallusage from the system will result in an additional 2.6% bandwidth increase over theregular Reliable Controls® networking operations between controllers.
ls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 3 of 6
© 2005 Reliable Contro
AP P L I C A T I O N NO T I C E : Rel iab le Contro ls® Network In format ion
Network Security
BACnet® is an open protocol, how does this affect security?
To date, the BACnet® protocol can expose the Reliable Controls® MACH-System tosome security risks due to the open nature of the BACnet® protocol. The BACnet®committee is currently in the process of developing security methods for BACnet®networking.
Because of the dual protocol feature of Reliable Controls® products, BACnet® can bedisabled on Ethernet, making for a very secure system.
How is my Reliable Controls® MACH-System protected frompeople with malicious intent?
Reliable Controls® Corporation utilizes a proprietary protocol and custom softwareinterfaces. Only select employees of Reliable Controls® Corporation have access tothis information, making for a very secure protocol.
All Reliable Controls® Corporation software is made in-house at our Victoria, BritishColumbia headquarters in an effort to minimize the risk of exposing individuals outsideof the company to our proprietary information.
Is the Reliable Controls® MACH-System susceptible toviruses?
To date, there are no viruses that can affect a Reliable Controls® controller. ReliableControls® firmware and hardware are custom made by our employees and onlyrespond within the limitations of their designed functions. Any computer virus incirculation will not affect our controllers.
Can a Reliable Controls® controller be used to hijack orinfiltrate a network?
No, the Reliable Controls® MACH-System only responds to specific Reliable Controls®
Protocol commands. Any network packets not specifically recognized by the controllerwill not be forwarded to the network because Reliable Controls® controllers do not
ls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 4 of 6
© 2005 Reliable Contro
AP P L I C A T I O N NO T I C E : Rel iab le Contro ls® Network In format ion
have the capability of conducting network router duties. Reliable Controls® productscannot be used as a backdoor into a network because of this same feature.
What can be done if there is a concern about leaving port21068 open for communications through a router or firewall?
If there is a potential security concern in leaving port 21068 open through a router orfirewall, then most routers or firewalls can be configured to direct any traffic receivedon those ports to a specific IP address. By employing this procedure, a networkadministrator can ensure that any traffic intended for a Reliable Controls® MACH-System is directed only to a Reliable Controls® MACH-System.
When accessing the controllers via software, what securitymeasures are in place to discourage unauthorized access?
In order to access a Reliable Controls® network, a User Name and Password must beprovided through the Reliable Controls® operating software. The encrypted UserName and Password data are stored on the controllers. The controllers will nevertransmit unencrypted User Names and Passwords, making it impossible to intercepttraffic using network analyzers.
Also, the system uses a default master password that can be changed by the operatorwhen commissioning the system.
RC-WEBVIEW SECURITY.
RC-WebView™ resides on IIS 5.0 for Windows 2000 Server and IIS 6.0 for Windows2003 Server. All Windows security and service packs should be applied beforeinstalling RC-WebView™. Whenever a security patch or service pack is installed, re-install RC-WebView™.
To avoid the transmission of viruses via network traffic, the use of a firewall isrecommended. The transmission of viruses is normally not a problem, if the webserver and Reliable Controls® system are isolated on the same dedicated network,allowing only 1 external port in to access the web server on the website you set up. Inusing this arrangement, do not allow for ports out, except the response to requests onthe website port. Using a hardware firewall would accomplish this arrangement.
ls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 5 of 6
© 2005 Reliable Contro
AP P L I C A T I O N NO T I C E : Rel iab le Contro ls® Network In format ion
There are no viruses specific to RC-Webview™ unless directed to IIS. But applying theabove security will eliminate any problems.
Allow only port UDP 21068 on the internal net and TCPIP 80 to the web server(externally).
Firewall
Request to web server on Port 80
RC-WebView
MG
Redirect requests to server box.
Web request translated to Reliable request
M1 M1 M1
ls Corporation . 120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036 . 877.475.9301 . Fax: 250.475.2096
Page 6 of 6
