Hi Forum,Our End-user is asking, if its possible get a "malicious or unusual network traffic across the SCADA (IEC104, ICCP and SNMP protocols)" REPORT in Zenon?.Please your help.Thanks,JOSE
Bronze Partner
Network Traffic Report in Zenon
Hi Forum,Our End-user is asking, if its possible get a "malicious or unusual network traffic across the SCADA (IEC104, ICCP and SNMP protocols)" REPORT in Zenon?.Please your help.Thanks,JOSE
Employee
Re: Network Traffic Report in Zenon
Hello Jose,
Im not sure but isn't that something a antivirus software should handle instead of the SCADA Software?
If there is some traffic from the driver not going the right direction the only thing i know to check is with the diag viewer, which you can find in the startup tool when clicking the button tools
__________________________________________
Tobias Ritschel
__________________________________________
Employee
Re: Network Traffic Report in Zenon
Hi Jose,
zenon currently does not feature own intrusion detection capabilities, however it can work in networks where such systems are deployed and used.
Drivers have communication details variables that can indicate issues with the configured (designed) communication. Some drivers (e.g. DNP3_TG) have further statistics information that allow potentially malicious traffic to be acted upon.
But since switches and TCP based protocols are commonly used, in combination with network segregation using vlans or firewalls, zenon would not see other traffic than the traffic designed to be allowed.
Tobias is correct that the logfiles of the diagnosis server will contain more information in case of errors due to malformed responses, that could indicate an attempt to perform a denial of service, e.g. through a man in the middle or spoofed communication partner. These logfiles could be evaluated also by third party tools.
I hope this answers your question.
If your end customer currently suspects malicious or unusual traffic in their network, I strongly recommend the end customer takes action on this with their local IT / security management team / CERT.
In case detailed questions arise related to the use of zenon in this regard, please contact your local COPA-DATA support.
Best regards,
Mark
Employee
Re: Network Traffic Report in Zenon
Since zenon 8.00 the IEC870 driver and Process Gateway IEC870Slave have option to use TLS, thus intrusion could be then detected.
Ursula Kramarczyk (f. Piela)
zenon Support & Services | zenon Video Tutorials | zenon Trainings | local zenon contact
Posting Rules
Reply With Quote