g+
g+ Communities
Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  Index 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014 
<== Date ==> <== Thread ==>

Subject: Protecting EPICS IOCs on ethernet
From: "John A. Priller" <priller@nscl.msu.edu>
To: "Tech-Talk (E-mail)" <tech-talk@aps.anl.gov>
Date: Fri, 22 Jan 1999 12:17:00 -0500
All;

We're about 6 months away from starting up a production EPICS system, and
I'm wondering about how to best protect our IOCs from malicious intent
coming at them over the ethernet.

I'd originally planned to set them up on a private network and multi-home
the workstations on both it and our lab's ethernet, but that involves a lot
of extra ethernet cards and running a lot of extra cable.

Our Ethernet Gurus suggest that a router/firewall combo between the IOCs and
our building ethernet would be far easier to implement, and I'm wondering
what other EPICS sites have tried doing and what seems to work.  I find the
router/firewall idea appealing (from the less-work-for-me standpoint, if
nothing else), but I'm uncertain how secure it can be configured and still
allow EPICS to work fairly seamlessly throughout our lab (i.e, channel
access broadcasts, beacons, log messages, what-have-you, can still pass to
and from the IOCs and trusted workstations on the other side).

I'd be very interested in hearing what other sites have done to solve this
sort of problem.  And if you've gone with a router and/or a firewall, any
hints as to how you've configured the thing would be most welcome!

Thanks,
JP

--
John A. Priller            | Phone : (517) 333-6375
MSU Cyclotron Laboratory   | Fax   : (517) 353-5967
South Shaw Lane            | Email : priller@nscl.msu.edu
East Lansing, MI 48824     | Web   : http://prille.nscl.msu.edu/jp.html


Replies:
Re: Protecting EPICS IOCs on ethernet Andy Foster
Re: Protecting EPICS IOCs on ethernet Chip Watson
Re: Protecting EPICS IOCs on ethernet Alan K Biocca

Navigate by Date:
Prev: RE: Slow booting ioc Garrett D. Rinehart
Next: Re: Protecting EPICS IOCs on ethernet Ron Chestnut
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014 
Navigate by Thread:
Prev: RE: Slow booting ioc Garrett D. Rinehart
Next: Re: Protecting EPICS IOCs on ethernet Andy Foster
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICSv4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·