Re: [foxboro] Ethernet FBM security

I wouldn't assume anything.  These things apparently run WinCE, and 
without full source code (to WinCE and Foxboro's FBM application), you 
don't know what is or is not possible.

Best thing to do is isolate your FBM<->PLC network if you can.  If not, 
Hirschmann and others make little standalone, DIN-rail firewall boxes to 
help protect devices like PLCs, but I have never used any of them.


Corey Clingo
BASF Corporation






"Lowell, Timothy" <TLowell@xxxxxxxxxxx> 
Sent by: foxboro-bounce@xxxxxxxxxxxxx
09/23/2008 10:50 AM
Please respond to
foxboro@xxxxxxxxxxxxx


To
<foxboro@xxxxxxxxxxxxx>
cc

Subject
Re: [foxboro] Ethernet FBM security






Stupid Crackberry...

We're doing a security assessment at one of our refineries that has 
FBM232/FBM233's, and the question is coming up of what ability is there of 
Ethernet packets to traverse from the PLC network through the FBM to the 
MESH network.  Obviously, the Modbus TCP and ControlLogix, etc, packets 
make it through if you install the correct device driver or it wouldn't 
work, but what about other packets that could constitute malware, DoS, 
etc?  Is the FBM a filter that definitively stops all other packets, or 
should we be putting a firewall between the PLC and the FBM?  I'd be 
interested to hear what everybody is doing or what Invensys considers is 
best practice.

Tim



 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave

Other related posts: