Chapter 2 Introduction; Security; Firewall; Defense In Depth - GE PACSystems RX3i Secure Deployment Manual
Profinet io devices
Hide thumbs
Also See for PACSystems RX3i:
- User manual (169 pages) ,
- Command line interface manual (116 pages) ,
- Application manual (39 pages)
Table of Contents
Advertisement
Chapter 2 Introduction
This section introduces the fundamentals of security and secure deployment.
2.1 Security
Security is the process of maintaining the confidentiality, integrity, and availability of a system:
•
Confidentiality: Ensure only the people you want to see information are those who can actually see it.
•
Integrity: Ensure the data is what it is supposed to be.
•
Availability: Ensure the system or data is available for use.
GE Automation & Controls recognizes the importance of building and deploying products with these concepts
in mind and encourages customers to take appropriate care in securing their GE Automation & Controls
products and solutions.
As GE Automation & Controls product vulnerabilities are discovered and fixed, security advisories are issued to
describe each vulnerability in a particular product version as well as the version in which the vulnerability was
fixed. GE Product Security Advisories can be found at the following location:
https://digitalsupport.ge.com/communities/en_US/Article/GE-Intelligent-Platforms-Security-Advisories
2.2 Firewall
Firewalls and other network security products, including Data Diodes and Intrusion Prevention Devices, can be
an important component of any security strategy. However, a strategy based solely on any single security
mechanism will not be as resilient as one that includes multiple, independent layers of security.
Therefore, GE Automation & Controls recommends taking a Defense in Depth approach to security.
2.3 Defense in Depth
Defense in Depth is the concept of using multiple, independent layers of security to raise the cost and
complexity of a successful attack. To carry out a successful attack on a system, an attacker would need to find
not just a single exploitable vulnerability, but would need to exploit vulnerabilities in each layer of defense that
protects an asset.
For example, if a system is protected because it is on a network protected by a firewall, the attacker only needs
to circumvent the firewall to gain unauthorized access. However, if there is an additional layer of defense, for
example, a username/password authentication requirement, now the attacker needs to find a way to
circumvent both the firewall and the username/password authentication.
GFK-2904D
July 2018
5
Advertisement
Table of Contents
