Friday, April 12, 2024
Useful Resources for Brilliant Manufacturing, Operational & Industrial Intelligence Technology Enthusiasts!

Automation, Control & Plant Intelligence - Articles, Analysis, Reviews, Interviews & Views

Tom Cutler

Editor's Ramblings
Data Protection: SSL and VPN?

by Naeem Ismat (Guest Contributor)  |   June, 2006

Welcome back to another issue of AutomationMedia's Ramblings. Again, thanks for all the emails, though I could not reply most due to .......
At home or in the office or in my car, fully enjoying fifa World Cup results. You can type "fifa" directly in google to get some add free links but this yahoo LINK is my favourite to get a comprehensive fifa view.

I have been in debate with some customers about SSL and VPN connections.
SSL stands for Secure Sockets Layer (SSL) protection. In todays world, industry users are more concerned about how to transfer senstive plant data and what are different secure ways.
Main stream Web-Based Tools for accessing, analyzing and visualizing Production information with sophisticated trending and reporting capabilities started to work on it and many already offering Secure Sockets Layer. Recently I worked and recommended a software to my customer - Proficy Portal of GE Fanuc, which supports SSL protection. It uses SSL protocol for transmitting data privately over the Internet. To use SSL, Digital Certificates are required. These certificates are used by the web browser to authenticate the server prior to establishing an SSL session.

SSL is a widely recongnized secure connection protcol for clients accessing sensitive data through firewalls or from third party software. Visa, MasterCard and American Express all view SSL as a Secure Connection Standard for customers transactions. So if you have ever banked by Internet, you have probaly used SSL.

One way to identify sucure trnsactions - the URL will begin with HTTPS (rather than with HTTP) to denote that secure connection are desired. Servers and Clients typicall identify themselves to each other using Identity Certificates.

For Servers, these IDENTITIES are purchased from a Certificate Authority based on Operating System used on server. Also there are popular Open Source alternatives.
Normally, Clients issue their own credentials depending on the needs of cryptographic protocols and algorithms, mutually agreed upon by the server and client when they first begin communications.

In summary
  • Step 1: Cryptographic negotiation between server and client
  • Step 2: Authentication via centificates and credentials.
  • Step 3: Encrypted data transmission and traffic.

  • 128 bit or higher encryption is very important for communications out side the firewalls or between multilple plant sites. This ensure that traffic can not be overheard, stolen or intercepted. Also certification of the source and cleint identites, to ensure that the data ends up where it sould.

    VPN (an SSL alternative)
    An alternative of SSL is VPN - Virtual Private Networks. It is a tunneling protocol to ensure safe, secure internet connection from clients to plant networks, even through firewalls. Basic technology comes standard with Windows Server operating systems and is fairly easy to setup or Network Administrator do all setup. However, most companies require more stringent security than is available with default features of Window Server edition. They use firewall and routers and personal identification devices.
    Drawback is that each user (even infrequent casual users) must be given access to the network as a user, which means we need to add that user in domain. Also proviliges and rights need to be managed of target network. Sometime for administration, maintenance and company security reasons this can be a really burden or sometime not acceptable. On the otherhand, with SSL, access is only grandted to the web folders to the web server, no network wide security account required for access. SSL has a reserverd port for communications through firewall - port 443. So no special equipment required.

    Until next time,

    Naeem Ismat

    Popular Editor's Ramplings