Wireless Recreating Security Defenses
Wednesday, January 20, 2016 @ 03:01 PM gHale
Editor’s note: This is an excerpt of a Statseeker white paper entitled, “Wireless Reshaping IT/OT Network Best Practices.”
By Frank Williams
Mobile devices and the proliferation of edge devices and sensors from the Internet of Things (IoT) are leading to the creation of a new and different security posture.
Along those lines, the traditional security architecture of the layered defense simply doesn’t work anymore.
While wireless has been a part of networking for more than a decade, the advent of IoT will make significant changes in the way network architectures end up designed, and nowhere will those changes be more immediate or far-reaching than in the ways wireless systems are used.
Disruptive technologies led by IoT technologies challenge all aspects of current network best practices. If it is understood connectivity-of-everything is inevitable, then the industry has to come to grips on the challenges and then reshape current best practices on how networking architecture must align to drive stronger business strategies.
IoT, and its accompanying Cloud services and Big Data analytics routinely deliver immense and unheard-of amounts of data from devices and sensors. That means network architectures continue to adapt and will change dramatically to implement the data flow from these sensors. That also means networks will become outward focused, as the amount of data acquired from edge devices dwarfs the amount of data produced inside the network.
Beyond Traditional WiFi
It used to be WiFi was the only wireless protocol a network admin needed to worry about. It was a very small part of network design, and most admins ignored it for the most part. What was far more challenging, was the use of laptops connected to WiFi outside the enterprise where the user was connecting via an insecure connection or over the Internet.
Previously, network architecture for wireless used a design that had a wireless access point directly and quickly connected to wired Ethernet. Network backhauls were always wired. However, in more recent times, companies with sprawling multi-building campuses or manufacturing or process plants have been using wireless backhauls.
Some of these are using WiMAX (IEEE 802.16) as broadband microwave links. Others are designed as optical. These wireless backhauls are significantly less expensive to install, and provide secure data transmission.
Wireless backhauls also make it easier to set up new nodes or temporary data centers, without the cost of pulling large scale fiber to the building. In manufacturing and process plants, wireless backhauls make it possible to extend sensor and control networks everywhere in the plant, especially where there are no more cables available in marshalling cabinets, or where sensors were not a part of the original design.
Wireless Sensor Networks the Norm
Using the Bluetooth standard and IEEE 802.15.4, among others, sensor vendors created a plethora of sensor network protocols network administrators will increasingly see as IoT, and its manufacturing offshoot, the Industrial Internet of Things (IIoT), become a reality in the manufacturing enterprise.
This proliferation of wireless sensor networks will affect the design and architecture of enterprise networks. The amount of data produced is significant. Whether it is going to enterprise servers, OT servers, or directly to the Cloud, the data avalanche will dwarf what network administrators usually see. A process pressure transmitter might report every 250 milliseconds, while a factory automation sensor might report every 15 milliseconds. From a single sensor, that’s a lot of data. Now consider how much data that is, if there are 10,000 sensors in a plant.
Is your network going to choke on that much data? Or will you clog up your pipe to the Cloud? Or will you be able to handle this rush of data? Good network administrators are planning for handling that much data.
Cellular Wireless More Relevant
For years, network administrators have had little to do with cellular telephony, other than to provide smart phones and tablets access to WiFi services. IoT is changing that, too. Even in the confines of a manhole in the street, data is being collected and transmitted back to the enterprise network and the OT network using cellular modems. Does your network know how to handle this data stream?
In factory and in health care industries, bar codes, QR codes, RFID chips, and other AIDC (Automatic Identification and Data Capture) tools have been used for years. Now they are in applications, from automatic tolling on highways to supply chain inventory management, to maintenance management, and Big Data applications for quality, inventory control, and statistical process control.
AIDC is used in the factory and in the process plant to help control the flow of material and parts throughout the process. AIDC technologies are the backbone of track and trace in the pharmaceuticals and fine chemicals industries, and the data they produce must end up collected and distributed through the network to the various applications that use it.
Personal Monitoring Drives More Connections
The latest sensor proliferation is that of personal monitoring devices. Even in enterprise IT applications, some companies want to track the position of their employees, and their expensive assets. In process plants and manufacturing plants, tracking employees and assets is essential for safety. “Man down” applications, personal hazardous gas sensors, and chemical shower usage are also undergoing implementation. The ability to track the location and condition of a plant’s firefighting apparatus may be critical in the event of an accident.
Currently, most of these sensors use either proprietary wireless protocols or one of the major 802.15.4 wireless protocols like ZigBee or WirelessHART. They access the network through wireless gateways. As IPv6 is enabled and used in the network, these devices will have IP addresses and function as network devices themselves. Once again, the network will have to absorb this information and route it to the appropriate application for action.
Re-thinking Mobility with Wireless
We are already beginning to see the use of networked devices that are entirely mobile. Personal wearable devices like fitness bands, smart watches, smart clothing, as well as smart phones and tablets are beginning to proliferate. These devices will connect to Cloud servers, or network servers. So administrators need to prepare for devices entering and leaving the network at random. These devices, whether company-owned or BYOD, will also access the network from points outside the network. Network policies and procedures need to properly assign access and permissions.
Networks used to be fixed with devices that didn’t move around. Now networks have portions of virtual networks, some SDN sectors, Cloud interfaces, movable sensors and devices, and network administrators have to keep track of all of it in real time. That increases the reliance on network information solutions. That old saying that “you cannot manage, especially in an environment of amorphous change, what you cannot see,” becomes even more important.
With the increased network stress, there is also a need for a new security architecture that will cope with virtual servers and computer systems, bidirectional Cloud-access to servers not controlled by the enterprise, edge firewalls and device-level security software that uses encryption and authentication directly in the device. The new security architecture will need to act more like an immune system than a firewall. Intrusion detection and malware identification will need more development than today’s antivirus software. They will need to traverse the network and find problematic data and software, and eliminate it.
The majority of this must be automatic. Current security responses are far too open loop, with a human response required for the majority of actions. Network security must do 80 percent of its work automatically. Only very difficult issues should go to the network administrator in person.
Network of the Future, Today
Today’s network administrator needs to prepare for a changed network in the future. Wireless systems for sensors, devices and backhauls introduced into the network will need to be accounted for. The amounts of data networks will have to deal with will increase exponentially in the next 10 years. According to Gartner Group, there will be billions of devices connected to the IoT by 2020. Network administrators need to be up to speed on these devices, and the wireless interconnection most of them will be using.
Automation industry veteran Frank Williams is the chief executive at Statseeker, a provider of network monitoring technology. For more details click here to view the white paper entitled “Wireless Reshaping IT/OT Network Best Practices”.