In this example, access to the RTU is allowed only to a PC with a specified IP address.
HTTPS, or "HTTP Secure," is the hypertext transfer protocol with encryption using the SSL or TLS protocol. It is available as an add-on, which allows access to the integral web server in the RTU using HTTPS. Simple menu interactions allow the user to configure the TCP ports for HTTP and HTTPS, whether HTTP is blocked, and to specify a certificate file name.
Firewalls
A firewall is a device or software capability that is designed to allow or deny network transmissions based upon a set of rules. The firewall is used to protect networks from unauthorized access while allowing legitimate communications to pass.
Firewalls are finding their way into the more sophisticated RTU products on the market. The firewall provides access protection for any incoming or outgoing IP connection. Ethernet ports and cellular, e.g. GPRS connections, can be protected using a firewall. Menu interaction allows the user to define one or more rules to allow or deny access. Users are warned to be sure that they completely configure firewalls; otherwise, an outside party might still be able to access the network.
Virtual Private Networks
Vulnerabilities specific to SCADA networks result from their coverage of broad, geographical areas and use of the Internet or public networks. One security measure SCADA operators have implemented is a virtual private network (VPN). A virtual private network uses authentication to deny access to unauthorized users and encryption to privately transport data packets over networks that are, otherwise, unsecured. An alternative to a firewall, a VPN allows users to bypass such Internet restrictions.
Authentication
Two of the authentication methodologies that have recently been put into practice in the RTU world include IEEE 802.1X and DNP3 Secure Authentication.