How to Secure Your Process Automation Network (PAN) with Router and Switch Access and Monitoring
The Process Automation Network (PAN) is an important part of any business. It is the backbone of data communication within a company and needs to be properly secured in order to protect company data and ensure reliable network performance. To ensure the security of a PAN, it is necessary to have proper access and monitoring methods in place. This article will discuss the requirements for PAN router and switch access and monitoring and how to secure the PAN.
Management of Passwords and User IDs
One of the most important things to consider for securing PAN routers and switches is the management of passwords and user IDs. All user accounts should be assigned a unique user ID and passwords should be encrypted and transmitted in an encrypted format. The system should also be configured to require a minimum password length of eight characters and enforce password complexity rules. This means that easy guessable passwords should be avoided. Additionally, passwords should be reset every six months and users should be notified at least 10 days prior to password expiry. Lastly, users should always be required to provide both their old and new passwords when changing user account passwords.
System Access
System login scripts should be configured to prevent users from bypassing them. Additionally, any failed login attempts should be logged with the location, date, time, and user account used. At login time, users should be provided information reflecting the last login time and date, if supported by the system or application.
Wireless Technologies
Wireless technologies such as ISA 100.11a and WiFi can be used in the PAN or to extend the PAN with prior approval from the P&CSD Manager.
Monitoring and Review
The PAN should be configured to monitor and record events such as unexpected users logged on the system, users from unexpected hosts logged on, users logged on at unexpected times, and more. Additionally, PAN switches and routers should be configured to capture all related events to detect performance and availability related problems. Vendor approved 3rd party computer hardware monitoring software or appliance may be used to manage hardware performance monitoring parameters.
Finally, security audit logs should be retained and archived in accordance with Corporate Data Protection and Retention INT-7 policy for a minimum of 3 months.Monitoring and ReviewThe PAN should be configured to monitor and record events such as unexpected users logged on the system, users from unexpected hosts logged on, users logged on at unexpected times, and more. Additionally, PAN switches and routers should be configured to capture all related events to detect performance and availability related problems. Vendor approved 3rd party computer hardware monitoring software or appliance may be used to manage hardware performance monitoring parameters. Finally, security audit logs should be retained and archived in accordance with Corporate Data Protection and Retention INT-7 policy for a minimum of 3 months.
Physical Access
Physical access to PAN hardware components such as cables, switches, routers and modems should be restricted to those persons authorized for administrative access. This is to reduce the risk of vandalism and electronic eavesdropping.
Conclusion
The Process Automation Network (PAN) is an important part of any business and needs to be properly secured in order to protect company data and ensure reliable network performance. To ensure the security of a PAN, it is necessary to have proper access and monitoring methods in place. This article discussed the requirements for PAN router and switch access and monitoring and how to secure the PAN.