Remote Modem Defender™
Real Time Protection For Remote Modems
While authentication and encryption are extremely important to Control System security, a Control System cannot be completely secure unless communication endpoints are protected as well. In many production environments, open dial-up lines at substations can be accessed by simply dialing the correct phone number and using an easily discovered default password. Such an intruder can interfere with local operations and even potentially manipulate the Master via the communication path to the Control Center. Remote Modem Defender™ (RMD) addresses this vulnerability by providing centralized password management and monitoring capabilities for analog dial-up lines.
The RMD™ intercepts dial-up access calls and enforces user IDs and passwords. Users who attempt to access the control devices are initially directed to a login screen in which they must enter a valid user ID and password. All login attempts are authenticated in real-time against the centralized user database at the Odyssey™ Host computer. Optionally, an LDAP or Active Directory server can be used for authentication. Upon successful authentication, the user is granted access to the control device interface for that session. The authentication exchange travels via dedicated serial line to the RSM™ and then is sent up the existing SCADA communication path to the Odyssey™ Host. An alternative method is to authenticate via an RMD™ client on the users network.
In addition, the RMD™ device must successfully authenticate with the attached RSM™ before callers can be authenticated. This ensures that only callers passing through a valid and trusted RMD™ can authenticate with the Odyssey™ Host.
RMD™ devices can be configured by an operator at the Control Center, due to Odyssey™ Product Series centralized architecture. Some of the configuration parameters that can be set are listed below:
- Login Retry Limits – the number of times the user is allowed to submit incorrect login information before being forcibly disconnected. This prevents automated devices from attempting numerous login combinations on a single call, and significantly slows progress if multiple calls and attempts are made.
- Login Retry Delays – the amount of time between incorrect login attempts before another login attempt is permitted. If an incorrect login is attempted, the next login prompt will appear after the delay period.
- Login Timeout Limit – the amount of total time permitted for login attempts. Once this limit is reached, the caller is forcibly disconnected. Callers are not allowed to connect and remain at a login prompt indefinitely.
- Idle Timeout Limit – once the caller has correctly authenticated, this is the maximum amount of time the call may be idle (with no communications activity) before they are forcibly disconnected. If a caller gains access and forgets to disconnect, this will automatically disconnect him/her to prevent an unauthorized person from gaining access on the same machine.
- User Lock-Out – if a user is suspected of conducting suspicious activity through the dial-up modems, the Host operator can force the user off the system, and change their password to prevent future access.
- Line Schedules – from the Host User Interface, the Host operator can configure each dial-up line to be active or inactive on a 24-hour rotation. Lines can be configured to answer, not answer, or be busy during different hours of the day. For example, when lines are not expected to be used for maintenance, they can be configured to give a busy signal or continuous ring and not answer the call. The operator can also temporarily enable or disable lines for a specific period of time, as needed.
- Password Expiry – ensures that the operator changes the password in a configurable time period.