Support Site

Compliance

Per CIP-007-5, all ports should be secured or disabled

by

Per CIP-007-5, all ports should be either secured or disabled. This obviously includes configuration ports. However, most substation devices do not allow the disabling of these ports nor should these ports be disabled as they serve important purposes, including being the primary configuration or emergency access port.

Instead, these ports must be secured.

Virtually all electronic devices with communication capability have configuration ports. For modern servers, baseboard management controllers that are networkable are the common configuration port technology. Older servers, routers, switches, firewalls, IED’s, RTU’s, etc. have serial privileged configuration ports, often network-enabled with terminal servers.

Configuration ports exist on almost every device used in Utility operations.  Control systems and control devices have configuration ports. Virtually every PLC, RTU, and IED has a configuration port (usually a privileged serial port with command and control access to the device‘s core program and operating system functions). In remote locations, such as substations and endpoints (poles), there are found many devices that have configuration ports.

From the control room to the sub-station to the pole, these physical ports provide a special level of privileged access that can be used to:

  1. Change Configuration
  2. Upgrade Firmware or BIOS
  3. Build-out devices that have components (like servers)
  4. Perform a variety of Administrative functions
  5. Perform emergency repair or failure recovery when no other port is accessible

Configuration Management’s Impact on Security & Operations

by

TDi Technologies’ advancements in configuration management technology provide the much needed managerial visibility and control over unintended or unapproved changes to IT devices, eliminating the major sources of human error or nefarious activity that can impact overall security and operations.

There are a number of areas where Configuration Management adds significant value to both Security and Operations:

  • Better visibility and accountability of the configuration of devices on a network
  • Minimized troubleshooting time for downtimes caused by configuration issues
  • Reduced downtime with time alerts, alarms on the identification of unauthorized configuration changes
  • Adherence to device configuration standards, software versions, and hardware
  • Proof of compliance with cybersecurity regulatory standards

Additional information is available on the ConsoleWorks Baseline Configuration Management solution at this link.

Closed Loop Remediation with ConsoleWorks

by

Closed Loop Remediation – The ability to monitor, log, remediate, and secure physical and virtual infrastructure in all machine states; power on, single user, maintenance, production, and failure.

ConsoleWorks allows privileged users to perform their daily work while it works behind the scenes to monitor and respond to Events and changes to devices and applications.

Event detection is accomplished by using the pre-defined event patterns from each application or infrastructure vendor and mapping, in real-time, the information received to the vendor messages. With ConsoleWorks Intelligent Event Modules (IEMs), messages are matched using a number of techniques, including case sensitivity, wildcards, and regular expressions. The activity leading up to the event pattern match, and everything after it, is logged down to the keystroke.

When an Event is detected, it is checked for level of severity and to see whether an Event with the same name is already active or if an activity is currently outstanding. The Event can be configured to trigger one or more Actions that can notify personnel, integrate with applications such as trouble ticket systems or help desk solutions, or take customized actions that meet a client’s specific needs.

When a problem is detected, ConsoleWorks provides the user with a consistent way to interface with the IT infrastructure to solve the problem while capturing the process, commands, and method used to remediate the Event.

 

Fault Tolerant Monitoring & Logging

by

A Redundant Automatic Failover configuration consists of two ConsoleWorks invocations, which under normal operating conditions are simultaneously connected to each managed device in the environment, making the solution fully redundant with no single point of failure. If the primary invocation fails, the secondary invocation continues to monitor and manage the enterprise.

Under this scenario, to be completely assured that there is no gap in monitoring and logging, a pair of ConsoleWorks servers duplicate systems monitoring and logging such that at least one server would receive the logging information and send the necessary notifications under all operating conditions and in accordance with designated severity levels.

Either of the servers can be down due to a scheduled maintenance or failure, but logging and alerting remain continuous as required by the standard.

The failover process for ConsoleWorks maximizes availability and eliminates loss of critical security status monitoring, event logging, and compliance reporting for strict compliance requirements.

View Datasheets in Resources

Consistent Monitoring and Logging When Nothing Can Be Lost

by

Organizations that must meet stringent compliance standards like NERC-CIP, SOX, HIPAA, and PCI DSS may be subject to fines or even criminal actions if they don’t meet the requirements. In order to be compliant, logging and monitoring must be configured such that they are always running and monitoring everything possible, even in the case of hardware or software failure. Unlike most technology approaches, ConsoleWorks remains fully functional in all modes, including single user, standby, and failure modes enabling consistent monitoring and logging, not just under normal operating conditions, ConsoleWorks meets the most stringent of compliance practices.

Additionally, for organizations with a fault tolerant environment, one with redundancy built into the infrastructure, ConsoleWorks can be used to strengthen that redundancy.

This Redundant Automatic Failover configuration consists of two ConsoleWorks invocations, which under normal operating conditions are simultaneously connected to each managed device in the environment, making the solution fully redundant with no single point of failure. If the primary invocation fails, the secondary invocation continues to monitor and manage the enterprise.

View Datasheets in Resources

Change Management with ConsoleWorks

by

One of the biggest compliance challenges organizations must address is documenting the actions of privileged users. But this challenge often falls into the change management bucket as well. When implementing organizational change, documentation is key in ensuring that things are going according to plan. Unfortunately, traditional change management often requires privileged users to manually document their activity. This practice fails to meet one of the primary goals of change management – to minimize the impact of organizational change on workers. Not to mention the margin for error – missing records, inaccuracies, and inconsistencies will exist in this scenario.

Fortunately, ConsoleWorks solves this problem. By sitting between privileged users and privileged interfaces, ConsoleWorks can capture every keystroke of privileged users and automatically produce digitally signed records. This eliminates the need for manual documentation and provides an accurate way to verify practices across the entire IT environment.

ConsoleWorks can also be used to directly enforce policies with real-time control capabilities. Privileged user activity is captured in real-time and can be scanned for out-of-policy activity. Control capabilities range from generating an email or text message to programmatically terminating a user session.

View Datasheets in Resources

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us