SlideShare una empresa de Scribd logo

Accessing remote networks

Descargar como PPTX, PDF
Westermo Network Technologies
Westermo Network Technologies

Webinar on how to access remote networks efficiently and securely.

Tecnología
1 de 31
Accessing Remote Networks Efficient and Secure
2 Overview  Team Introduction  Introduction to Westermo  Remote Access  VPNs  Cellular Communications  Tying it All Together
3 Introductions Dakota Diehl Network Application Engineer dakota.diehl@westermo.us 847.453.3899 Benjamin Campbell Technical Support Engineer benjamin.campbell@westermo.us 847.453.3896
4 Westermo Group 2020  Founded in 1975  Industry leading software and hardware development force  Own production in Sweden with state of the art process control  Own sales and support units in 12 key countries, distribution partners in many others
Remote Access
6 Conventional Dial-Up Access Laptop Modem dial up connection Serial communications • Only one application can be used at a time • Bandwidth is limited to 33600 bps at best • Some system allow drill down or pass-through • Multiply modems and lines are needed for multi vender applications • Still better than sending an engineer to site!
7 Serial IIoT! Control room SCADA using serial scanning protocol’s A changing world • Telecoms provide is withdrawing the leased lines service • No alternative solution is available • Existing modem technology now obsolete • Dialup modems are problematic • Mobil CSD Dial-up is being discontinued • Bandwidth requirement are only going up Dedicated Leased line Analogue Dial-up CSD over GSM
8 The Internet is Our New Access Media
9 Routers Replace Modems • The Internet is the new media • Routers replace modems • The VPN is the new virtual leased line IEC 62443 and 62351 state that VPNs should be use over any 3rd party media Internet
10 Next Natural Step is the Cloud VPN
11 Understanding the Value of Remote Access  Save time, money, and the environment by reducing site visits  Fast and effective customer support  Reduce cost for support  More efficient use of time and resources  Offer preventive maintenance  Collect data from end-customers  Stock control, shipping supplies on time  Examples  Water level monitoring (SCADA)  Street light control  Remote support and diagnostics  SCADA monitoring
Virtual Private Networks
13 Virtual Private Network – What Is It?  What do we mean?  Secure real-time communication over an insecure network (Internet)  Site-to-site VPN: Connect two or more sites  Remote access VPN: Individual hosts (PCs, etc.) connect to a central site  Private: Enable confidentiality using encryption  Virtual: Build secure network over shared intermediate network (Internet) VPN GW (Server) VPN GW (Client) VPN client (Road Warrior) Internet Central Office Branch Office
14 Terminology and Entities  VPN Gateways  VPN Server Gateway (Alice)  VPN Client Gateway (Bob)  Central Office and Branch Office  Road-warriors  “Site-to-site” or “Remote access” VPN  Firewall  Part of VPN Gateway  External Firewall  Often Both  Backend authentication server Internet VPN GW (Server) VPN GW (Client) VPN client (Road Warrior) Alice Bob Site-to-site VPN Internet VPN GW (Server) Alice Bob Remote access VPN AS AS Central Office Central Office Branch Office
15 Extended Topologies  Multiple clients  Multiple clients can connect to the server  Mix site-to-site and remote access  Redundant site-to-site  Multiple VPN gateways at each site  Dynamic routing protocols (OSPF/RIP) for automatic failover Alice Charlie Bob Dave Internet Alice2 Bob2 Alice1 Bob1 Internet Central Office Branch Office Branch Office Central Office Branch Office
16 Establishing a Secure Tunnel  Authentication phase  Long term secret  Preshared key (symmetric), KAB  Certificates (asymmetric)  Prove identity  Prepare data transfer phase  Negotiation of cipher suite  Create session key (Ksession)  Data transfer  Protection: Encryption (e.g. AES- 128) and Integrity (e.g., SHA1)  Encapsulation (format/layer) of data to be protected Alice Bob KAB Ksession AES SHA-1 Authenticated Key Exchange Based on KAB Data transfer: Data Protection & Encapsulation KAB Ksession AES SHA-1
17 Real-Time Security Protocols  “Real-time” as opposed to asynchronous communication (secure email, etc)  WeOS support two protocols  OpenVPN (SSL VPN)  IPsec VPN  Roughly equivalent service  Encapsulation  OpenVPN: Layer-4 (UDP/TCP)  IPsec: Layer-3 (IP)  Pros of IPsec  Well recognized IETF standard  Relatively good performance  Pros of OpenVPN  Widespread platform support  Easier to setup (in particular if VPN GW is placed behind a 3rd party firewall)
Cellular Communications
19  Cellular data communication started in the 1970s with 1G networks. 1G used analog signal to transfer data up to 2.4 Kb/s.  In the 1980s, 2G was introduced, changing from analog to digital communications, and introducing CDMA (Code Division Multiple Access) and GSM (Global System for Mobile Communications). Multiplexing was introduced to allow multiple data sources over one single channel.  3G was introduced in the early 90s and was the first cellular technology able to send a large amount of data over the cellular network.  4G, otherwise known as LTE, is the current modern accepted standard. The core network behind it is the internet, and frequency channels of LTE communications have increased to allow more bandwidth for more data. 5G is on the way, but 4G LTE is the most well- known technology. History of Cellular Technology
20 4G LTE Visual  Cellular data communications works by establishing radio service over an area of land divided into “cells”.  Each cell has its own band of frequencies to use for communications, and frequencies can be re-used if no adjacent cells have the same frequency.  CDMA is used to allow multiple simultaneous data flows to access the network over the single frequency.
21 4G LTE Routers and SIM Cards  Cellular routers access a carrier’s network but require a SIM card to do so.  All cellular devices accessing an LTE network require a SIM card, as the SIM card holds vital information.  The unique serial number and ISMI numbers are held on the card, along with cryptographic security information, and information denoting what services the user has access to on the network.  SIM cards can be swapped between devices to allow devices to access multiple different networks, so long as it is cleared with the carrier.
22 Considerations of Cellular Networks  Any connection to a Cellular network should be treated the same as a connection to the Internet, and therefore requires more awareness of cybersecurity.  Firewalls are imperative to prevent any unauthorized or unallowed traffic to access the network.  VPNs can be configured to ensure any data going outside the network will be encrypted and safe.  VLANs can be configured so the cellular router and access to the Internet will go through its own VLAN, limited the exposed surface of the network.
Tying it All Together
24 Access Remote Devices over WeConnect
25 Remote Devices Access Each Other Over WeConnect
26 Secure Remote Connections to the Network Edge
27 Underlying Technology  SSL VPN  Secure Socket Layer Virtual Private Network  Extremely reliable and secure  Highly Encrypted  AES256  Used by the financial industry  Open source  Huge community
28 Product Definition Wired Interfaces:  2 x RJ-45 10/100 Mbit/s Ethernet  1 x DB-9 RS-232 Serial Connection Wireless Interfaces:  3G WCDMA & LTE Cat. 4  2x2 MiMo  3G Band 2 & 5  4G Bands 2, 4, 5, 13, 17  Dual SIM Support Physical Specification:  -40 to +70C Temperature Range  Small DIN Rail Form Factor Power:  12-48 VDC Input, 10-60 VDC Operating  Full Galvanic Isolation
29 Product Definition Always Connected  Connection Manager ensures connectivity in crowded networks.  Dual SIM Support Security  Ensures secure communication w/o unauthorized access  Wide VPN Protocol support  Built-In Firewall management Simple Management  Web GUI Interface for Ethernet management  SMS Support  Management over SNMP Available Legacy Connectivity  RS-232 Serial connectivity support  Modbus, DNP3, Dynamic Peer Serial Protocol support
30 IP Train Networks Next Webinar Will Be In August:  Learn about the topology and application of Ethernet Train Networks  Westermo’s full offering of EN50155 certified Ethernet Switches  A greater focus for onboard communications for both old and new train networks  See Westermo’s Website under News and Events for more details.
31

Recomendados

Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 
Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
How to build resilient industrial networks
How to build resilient industrial networksHow to build resilient industrial networks
How to build resilient industrial networksWestermo Network Technologies
 

Recomendados

Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 
Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
How to build resilient industrial networks
How to build resilient industrial networksHow to build resilient industrial networks
How to build resilient industrial networksWestermo Network Technologies
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsWestermo Network Technologies
 
Westermo solutions for trackside networks
Westermo solutions for trackside networksWestermo solutions for trackside networks
Westermo solutions for trackside networksWestermo Network Technologies
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo Network Technologies
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Jiunn-Jer Sun
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
Ap8163 datasheet
Ap8163 datasheetAp8163 datasheet
Ap8163 datasheetAdvantec Distribution
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Nicolas Lesconnec
 
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)bsidesaugusta
 
Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Jiunn-Jer Sun
 
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Jiunn-Jer Sun
 
Ap6562 ss
Ap6562 ssAp6562 ss
Ap6562 ssAdvantec Distribution
 
WIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGYWIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGYHari Krishnan
 
Rajant Mesh Technology
Rajant Mesh TechnologyRajant Mesh Technology
Rajant Mesh TechnologyRay Farmer
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?Jeff Green
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi ModuleMohsen Sarakbi
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Enterprise
 
What is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas IncWhat is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas IncAntenna Manufacturer Coco
 
Wimax security
Wimax securityWimax security
Wimax securityBehroz Zarrinfar
 
Aes%20 ah jdocument
Aes%20 ah jdocumentAes%20 ah jdocument
Aes%20 ah jdocumentRamon Mendoza Pantoja
 
Cisco Industrial Wireless
Cisco Industrial WirelessCisco Industrial Wireless
Cisco Industrial WirelessCisco Russia
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
HCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdfHCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdfRayanneAguiar4
 

Más contenido relacionado

La actualidad más candente

Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Jiunn-Jer Sun
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Nicolas Lesconnec
 
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)bsidesaugusta
 
Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Jiunn-Jer Sun
 
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Jiunn-Jer Sun
 
WIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGYWIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGYHari Krishnan
 
Rajant Mesh Technology
Rajant Mesh TechnologyRajant Mesh Technology
Rajant Mesh TechnologyRay Farmer
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?Jeff Green
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Enterprise
 
Cisco Industrial Wireless
Cisco Industrial WirelessCisco Industrial Wireless
Cisco Industrial WirelessCisco Russia
 

La actualidad más candente (20)

The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet Communications
 
Westermo solutions for trackside networks
Westermo solutions for trackside networksWestermo solutions for trackside networks
Westermo solutions for trackside networks
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networks
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliation
 
Ap8163 datasheet
Ap8163 datasheetAp8163 datasheet
Ap8163 datasheet
 
Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]Sigfox presentation [Sep 2016]
Sigfox presentation [Sep 2016]
 
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
Paul Coggin - Digital Energy BPT (Basic Persistent Threat)
 
Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019
 
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018
 
Ap6562 ss
Ap6562 ssAp6562 ss
Ap6562 ss
 
WIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGYWIRELESS GIGABIT TECHNOLOGY
WIRELESS GIGABIT TECHNOLOGY
 
Rajant Mesh Technology
Rajant Mesh TechnologyRajant Mesh Technology
Rajant Mesh Technology
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network Solution
 
What is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas IncWhat is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas Inc
 
Wimax security
Wimax securityWimax security
Wimax security
 
Aes%20 ah jdocument
Aes%20 ah jdocumentAes%20 ah jdocument
Aes%20 ah jdocument
 
Cisco Industrial Wireless
Cisco Industrial WirelessCisco Industrial Wireless
Cisco Industrial Wireless
 

Similar a Accessing remote networks

HCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdfHCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdfRayanneAguiar4
 
Virtual private network
Virtual private network Virtual private network
Virtual private network Parth Akbari
 
A better connected world - Beijer Sales Kit 2017
A better connected world - Beijer Sales Kit 2017A better connected world - Beijer Sales Kit 2017
A better connected world - Beijer Sales Kit 2017Jiunn-Jer Sun
 
Introduction April 22
Introduction April 22Introduction April 22
Introduction April 22Nick Kovacic
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Wireless Metropolitan Area Networks
Wireless Metropolitan Area NetworksWireless Metropolitan Area Networks
Wireless Metropolitan Area NetworksDilum Bandara
 
PTCL Corporate product portfolio
PTCL Corporate product portfolioPTCL Corporate product portfolio
PTCL Corporate product portfolioMohammad Farooq
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual NetworksNicole Gomez
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 

Similar a Accessing remote networks (20)

Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
HCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdfHCSA-Presales-IP+Network+V3.0+Training+Material.pdf
HCSA-Presales-IP+Network+V3.0+Training+Material.pdf
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
VPN
VPN VPN
VPN
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
Comm-seminar
Comm-seminarComm-seminar
Comm-seminar
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
ITE7_Chp5.pptx
ITE7_Chp5.pptxITE7_Chp5.pptx
ITE7_Chp5.pptx
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
A better connected world - Beijer Sales Kit 2017
A better connected world - Beijer Sales Kit 2017A better connected world - Beijer Sales Kit 2017
A better connected world - Beijer Sales Kit 2017
 
Introduction April 22
Introduction April 22Introduction April 22
Introduction April 22
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Wireless Metropolitan Area Networks
Wireless Metropolitan Area NetworksWireless Metropolitan Area Networks
Wireless Metropolitan Area Networks
 
PTCL Corporate product portfolio
PTCL Corporate product portfolioPTCL Corporate product portfolio
PTCL Corporate product portfolio
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
 
ITE7_Chp5.pptx
ITE7_Chp5.pptxITE7_Chp5.pptx
ITE7_Chp5.pptx
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
Lecture 1.pptx
Lecture 1.pptxLecture 1.pptx
Lecture 1.pptx
 

Más de Westermo Network Technologies

450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der EnergiewirtschaftWestermo Network Technologies
 

Más de Westermo Network Technologies (20)

Westermo Technologie Webinar WeOS4 und WeOS5
Westermo Technologie Webinar WeOS4 und WeOS5Westermo Technologie Webinar WeOS4 und WeOS5
Westermo Technologie Webinar WeOS4 und WeOS5
 
Westermo Webinar - Geroutete Redundanzen
Westermo Webinar - Geroutete RedundanzenWestermo Webinar - Geroutete Redundanzen
Westermo Webinar - Geroutete Redundanzen
 
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdfWebinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
 
Webinar WeConfig - State of the Art NCM
Webinar WeConfig - State of the Art NCMWebinar WeConfig - State of the Art NCM
Webinar WeConfig - State of the Art NCM
 
Webinar Serial-over-IP
Webinar Serial-over-IPWebinar Serial-over-IP
Webinar Serial-over-IP
 
Webinar - Protokollkonvertierung
Webinar - ProtokollkonvertierungWebinar - Protokollkonvertierung
Webinar - Protokollkonvertierung
 
OpenWRT - Überblick
OpenWRT - ÜberblickOpenWRT - Überblick
OpenWRT - Überblick
 
DHCP
DHCPDHCP
DHCP
 
Switchkonfiguration
SwitchkonfigurationSwitchkonfiguration
Switchkonfiguration
 
PoE & Lösungen.pdf
PoE & Lösungen.pdfPoE & Lösungen.pdf
PoE & Lösungen.pdf
 
VPN&Verschlüsselung
VPN&VerschlüsselungVPN&Verschlüsselung
VPN&Verschlüsselung
 
Mobilfunkanbindungen
MobilfunkanbindungenMobilfunkanbindungen
Mobilfunkanbindungen
 
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
 
Netzwerkmonitoring.pdf
Netzwerkmonitoring.pdfNetzwerkmonitoring.pdf
Netzwerkmonitoring.pdf
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
WeOS 4.32.0 und WeConfig 1.15.pdf
WeOS 4.32.0 und WeConfig 1.15.pdfWeOS 4.32.0 und WeConfig 1.15.pdf
WeOS 4.32.0 und WeConfig 1.15.pdf
 
WLAN
WLANWLAN
WLAN
 
Merlin - Die neue Mobilfunkrouterserie
Merlin - Die neue MobilfunkrouterserieMerlin - Die neue Mobilfunkrouterserie
Merlin - Die neue Mobilfunkrouterserie
 
We os 4.31.0 und weconfig 1.14.0
We os 4.31.0 und weconfig 1.14.0We os 4.31.0 und weconfig 1.14.0
We os 4.31.0 und weconfig 1.14.0
 
Layer 2 Redundanzen
Layer 2 RedundanzenLayer 2 Redundanzen
Layer 2 Redundanzen
 

Último

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Último (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

Accessing remote networks

  • 2. 2 Overview  Team Introduction  Introduction to Westermo  Remote Access  VPNs  Cellular Communications  Tying it All Together
  • 3. 3 Introductions Dakota Diehl Network Application Engineer dakota.diehl@westermo.us 847.453.3899 Benjamin Campbell Technical Support Engineer benjamin.campbell@westermo.us 847.453.3896
  • 4. 4 Westermo Group 2020  Founded in 1975  Industry leading software and hardware development force  Own production in Sweden with state of the art process control  Own sales and support units in 12 key countries, distribution partners in many others
  • 6. 6 Conventional Dial-Up Access Laptop Modem dial up connection Serial communications • Only one application can be used at a time • Bandwidth is limited to 33600 bps at best • Some system allow drill down or pass-through • Multiply modems and lines are needed for multi vender applications • Still better than sending an engineer to site!
  • 7. 7 Serial IIoT! Control room SCADA using serial scanning protocol’s A changing world • Telecoms provide is withdrawing the leased lines service • No alternative solution is available • Existing modem technology now obsolete • Dialup modems are problematic • Mobil CSD Dial-up is being discontinued • Bandwidth requirement are only going up Dedicated Leased line Analogue Dial-up CSD over GSM
  • 8. 8 The Internet is Our New Access Media
  • 9. 9 Routers Replace Modems • The Internet is the new media • Routers replace modems • The VPN is the new virtual leased line IEC 62443 and 62351 state that VPNs should be use over any 3rd party media Internet
  • 10. 10 Next Natural Step is the Cloud VPN
  • 11. 11 Understanding the Value of Remote Access  Save time, money, and the environment by reducing site visits  Fast and effective customer support  Reduce cost for support  More efficient use of time and resources  Offer preventive maintenance  Collect data from end-customers  Stock control, shipping supplies on time  Examples  Water level monitoring (SCADA)  Street light control  Remote support and diagnostics  SCADA monitoring
  • 13. 13 Virtual Private Network – What Is It?  What do we mean?  Secure real-time communication over an insecure network (Internet)  Site-to-site VPN: Connect two or more sites  Remote access VPN: Individual hosts (PCs, etc.) connect to a central site  Private: Enable confidentiality using encryption  Virtual: Build secure network over shared intermediate network (Internet) VPN GW (Server) VPN GW (Client) VPN client (Road Warrior) Internet Central Office Branch Office
  • 14. 14 Terminology and Entities  VPN Gateways  VPN Server Gateway (Alice)  VPN Client Gateway (Bob)  Central Office and Branch Office  Road-warriors  “Site-to-site” or “Remote access” VPN  Firewall  Part of VPN Gateway  External Firewall  Often Both  Backend authentication server Internet VPN GW (Server) VPN GW (Client) VPN client (Road Warrior) Alice Bob Site-to-site VPN Internet VPN GW (Server) Alice Bob Remote access VPN AS AS Central Office Central Office Branch Office
  • 15. 15 Extended Topologies  Multiple clients  Multiple clients can connect to the server  Mix site-to-site and remote access  Redundant site-to-site  Multiple VPN gateways at each site  Dynamic routing protocols (OSPF/RIP) for automatic failover Alice Charlie Bob Dave Internet Alice2 Bob2 Alice1 Bob1 Internet Central Office Branch Office Branch Office Central Office Branch Office
  • 16. 16 Establishing a Secure Tunnel  Authentication phase  Long term secret  Preshared key (symmetric), KAB  Certificates (asymmetric)  Prove identity  Prepare data transfer phase  Negotiation of cipher suite  Create session key (Ksession)  Data transfer  Protection: Encryption (e.g. AES- 128) and Integrity (e.g., SHA1)  Encapsulation (format/layer) of data to be protected Alice Bob KAB Ksession AES SHA-1 Authenticated Key Exchange Based on KAB Data transfer: Data Protection & Encapsulation KAB Ksession AES SHA-1
  • 17. 17 Real-Time Security Protocols  “Real-time” as opposed to asynchronous communication (secure email, etc)  WeOS support two protocols  OpenVPN (SSL VPN)  IPsec VPN  Roughly equivalent service  Encapsulation  OpenVPN: Layer-4 (UDP/TCP)  IPsec: Layer-3 (IP)  Pros of IPsec  Well recognized IETF standard  Relatively good performance  Pros of OpenVPN  Widespread platform support  Easier to setup (in particular if VPN GW is placed behind a 3rd party firewall)
  • 19. 19  Cellular data communication started in the 1970s with 1G networks. 1G used analog signal to transfer data up to 2.4 Kb/s.  In the 1980s, 2G was introduced, changing from analog to digital communications, and introducing CDMA (Code Division Multiple Access) and GSM (Global System for Mobile Communications). Multiplexing was introduced to allow multiple data sources over one single channel.  3G was introduced in the early 90s and was the first cellular technology able to send a large amount of data over the cellular network.  4G, otherwise known as LTE, is the current modern accepted standard. The core network behind it is the internet, and frequency channels of LTE communications have increased to allow more bandwidth for more data. 5G is on the way, but 4G LTE is the most well- known technology. History of Cellular Technology
  • 20. 20 4G LTE Visual  Cellular data communications works by establishing radio service over an area of land divided into “cells”.  Each cell has its own band of frequencies to use for communications, and frequencies can be re-used if no adjacent cells have the same frequency.  CDMA is used to allow multiple simultaneous data flows to access the network over the single frequency.
  • 21. 21 4G LTE Routers and SIM Cards  Cellular routers access a carrier’s network but require a SIM card to do so.  All cellular devices accessing an LTE network require a SIM card, as the SIM card holds vital information.  The unique serial number and ISMI numbers are held on the card, along with cryptographic security information, and information denoting what services the user has access to on the network.  SIM cards can be swapped between devices to allow devices to access multiple different networks, so long as it is cleared with the carrier.
  • 22. 22 Considerations of Cellular Networks  Any connection to a Cellular network should be treated the same as a connection to the Internet, and therefore requires more awareness of cybersecurity.  Firewalls are imperative to prevent any unauthorized or unallowed traffic to access the network.  VPNs can be configured to ensure any data going outside the network will be encrypted and safe.  VLANs can be configured so the cellular router and access to the Internet will go through its own VLAN, limited the exposed surface of the network.
  • 23. Tying it All Together
  • 24. 24 Access Remote Devices over WeConnect
  • 25. 25 Remote Devices Access Each Other Over WeConnect
  • 26. 26 Secure Remote Connections to the Network Edge
  • 27. 27 Underlying Technology  SSL VPN  Secure Socket Layer Virtual Private Network  Extremely reliable and secure  Highly Encrypted  AES256  Used by the financial industry  Open source  Huge community
  • 28. 28 Product Definition Wired Interfaces:  2 x RJ-45 10/100 Mbit/s Ethernet  1 x DB-9 RS-232 Serial Connection Wireless Interfaces:  3G WCDMA & LTE Cat. 4  2x2 MiMo  3G Band 2 & 5  4G Bands 2, 4, 5, 13, 17  Dual SIM Support Physical Specification:  -40 to +70C Temperature Range  Small DIN Rail Form Factor Power:  12-48 VDC Input, 10-60 VDC Operating  Full Galvanic Isolation
  • 29. 29 Product Definition Always Connected  Connection Manager ensures connectivity in crowded networks.  Dual SIM Support Security  Ensures secure communication w/o unauthorized access  Wide VPN Protocol support  Built-In Firewall management Simple Management  Web GUI Interface for Ethernet management  SMS Support  Management over SNMP Available Legacy Connectivity  RS-232 Serial connectivity support  Modbus, DNP3, Dynamic Peer Serial Protocol support
  • 30. 30 IP Train Networks Next Webinar Will Be In August:  Learn about the topology and application of Ethernet Train Networks  Westermo’s full offering of EN50155 certified Ethernet Switches  A greater focus for onboard communications for both old and new train networks  See Westermo’s Website under News and Events for more details.
  • 31. 31