Showing results 1 to 4 of 4

Thread: Network Traffic Report in Zenon

  1. #1
    Join Date
    30.03.2017
    Posts
    31

    Default Network Traffic Report in Zenon

    Hi Forum,

    Our End-user is asking, if its possible get a "malicious or  unusual network traffic across the SCADA (IEC104, ICCP and SNMP protocols)" REPORT in Zenon?.

    Please your help.
    Thanks,
    JOSE

  2. #2
    Join Date
    15.01.2016
    Posts
    88

    Default Re: Network Traffic Report in Zenon

    Hello Jose,

    Im not sure but isn't that something a antivirus software should handle instead of the SCADA Software? 

    If there is some traffic from the driver not going the right direction the only thing i know to check is with the diag viewer, which you can find in the startup tool when clicking the button tools
    __________________________________________

    Tobias Ritschel
    __________________________________________

  3. #3

    Default Re: Network Traffic Report in Zenon

    Hi Jose,

    zenon currently does not feature own intrusion detection capabilities, however it can work in networks where such systems are deployed and used.

    Drivers have communication details variables that can indicate issues with the configured (designed) communication. Some drivers (e.g. DNP3_TG) have further statistics information that allow potentially malicious traffic to be acted upon.

    But since switches and TCP based protocols are commonly used, in combination with network segregation using vlans or firewalls, zenon would not see other traffic than the traffic designed to be allowed.

    Tobias is correct that the logfiles of the diagnosis server will contain more information in case of errors due to malformed responses, that could indicate an attempt to perform a denial of service, e.g. through a man in the middle or spoofed communication partner. These logfiles could be evaluated also by third party tools.

    I hope this answers your question.

    If your end customer currently suspects malicious or unusual traffic in their network, I strongly recommend the end customer takes action on this with their local IT / security management team / CERT.

    In case detailed questions arise related to the use of zenon in this regard, please contact your local COPA-DATA support.

    Best regards,
    Mark

  4. #4
    Join Date
    01.07.2008
    Location
    Salzburg, AT
    Posts
    809

    Default Re: Network Traffic Report in Zenon

    Since zenon 8.00 the IEC870 driver and Process Gateway IEC870Slave have option to use TLS, thus intrusion could be then detected.

Similar Threads

  1. Replies: 1
    Last Post: 18th October 2018, 14:18
  2. Installing Zenon WebClient 7.50 in a Network enviroment
    By luca.bardon in forum Webserver / Webclient Setup
    Replies: 2
    Last Post: 6th December 2017, 10:12
  3. Installing Zenon WebClient 7.50 in a Network enviroment
    By luca.bardon in forum Webserver / Webclient Setup
    Replies: 6
    Last Post: 23rd September 2016, 07:58
  4. Idea to display zenon network status on WebServer start page
    By herberto in forum Webserver/Webclient
    Replies: 0
    Last Post: 20th March 2015, 12:36

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •