Information Security Technology CNC Network Security Technical Requirements

Enterprise 2023-08-18 17:42:54 views: null

statement

This article is to study GB-T 37955-2019 Information Security Technology CNC Network Security Technical Requirements. The study notes are compiled and shared in the hope that more people will benefit. If there is any infringement, please contact us in time

CNC network security technical requirements

Network Architecture

basic requirements

The CNC network and the management network should be logically partitioned, and the key network areas within the CNC network should be logically partitioned from other network areas. It is advisable to divide the DMZ area within the CNC network.

Logical partitioning can be realized by dividing VLANs, etc. In the CNC network, logical partitioning can be carried out according to the location of the equipment, network level, and production functions completed by the equipment.

Enhanced requirements

The CNC network should be physically isolated from other networks. It is advisable to carry out physical isolation in different areas within the CNC network.

border protection

basic requirements

Basic requirements include:

  1. The communication between the CNC network and the management network, the Internet, and the communication between the various areas within the CNC network shall be monitored and controlled;
  2. All network traffic should be denied by default at each boundary and only exceptions should be allowed;
  3. It should be able to restrict or check the unauthorized connection of unauthorized equipment to the inside of the CNC network, and effectively block it;
  4. It should be able to restrict or check the unauthorized connection of internal users of the CNC network to the external network, and effectively block it.

Enhanced requirements

Enhanced requirements include:

  1. Protection equipment should be deployed at the boundaries of the CNC network and management network, as well as the regional boundaries within the CNC network, to ensure cross-border access and data communication through controlled interfaces;
  2. When the boundary protection mechanism of the numerical control network and the management network fails to operate, the boundary communication between the numerical control network and the management network shall be blocked;
  3. When the boundary protection mechanism between the internal security domains of the CNC network fails, it should be able to issue an alarm and ensure that the communication of key equipment is not affected.

Access control

basic requirements

Basic requirements include:

  1. Before data transmission, it should be possible to authenticate the identity of both parties in the communication;
  2. When remotely maintaining CNC equipment, it should be accessed through a trusted channel, and one-way access control measures should be adopted to prohibit obtaining process information such as NC codes from CNC equipment, and encryption technology should be used to prevent authentication information from being leaked during network transmission;
  3. Terminals managed through the network should be restricted by setting terminal access methods or network address ranges;
  4. It should support the configuration of inactive time, and the remote session should be terminated after the inactive time is exceeded;
  5. Protection equipment should be deployed between the CNC equipment layer and the supervisory control layer, and between the supervisory control layer and the management network to conduct in-depth analysis of the data flow in and out of the network, and analyze the source address, destination address, source port, destination port and protocol of the data flow. and other information to check and filter to allow/deny data packets to enter and exit the CNC network.

Enhanced requirements

Enhanced requirements include:

  1. Remote access over public networks such as the Internet should be prohibited;
  2. It should be possible to perform content filtering on the NC code transmitted between the NC server and the CNC equipment to prevent malicious modification.

Intrusion Prevention

basic requirements

Basic requirements include:

  1. Detect, prevent or limit network attacks initiated from the outside at key network nodes between the CNC equipment layer and the supervisory control layer, and between the supervisory control layer and the management network;
  2. It should be possible to detect network attacks through network behavior analysis;
  3. The network attacks initiated from inside should be detected and restricted at key network nodes between the CNC equipment layer and the supervisory control layer, and between the supervisory control layer and the management network;
  4. It shall be possible to provide alarms on detected intrusions.

Enhanced requirements

Enhanced requirements include:

  1. It should be able to detect unknown new network attacks through network behavior analysis;
  2. When an attack is detected, it should be able to record information including but not limited to attack source IP, attack type, attack object, and attack time.

wireless usage control

basic requirements

Basic requirements include:

  1. It should be able to uniquely identify and identify the equipment participating in wireless communication in the CNC network;
  2. It shall be possible to encrypt wireless transmissions in the CNC network;
  3. It shall be possible to verify authorization and monitor the use of wireless connections in the CNC network.

Enhanced requirements

It shall be possible to identify and warn of unauthorized wireless devices used in the CNC network.

security audit

basic requirements

Basic requirements include:

  1. An audit mechanism should be adopted at key network nodes between the CNC network and the management network, and between the CNC equipment layer and the supervisory control layer to conduct security audits. Security audits should include but not limited to traffic audits, protocol audits, content audits, and behavior audits;
  2. The user shall be allowed to configure the storage capacity of audit records;
  3. Audit records shall include, but are not limited to, timestamp, origin, category, protocol type, event ID, and event result;
  4. When an audit fails (including but not limited to software or hardware errors, audit capture mechanism failure, audit storage capacity saturation or overflow), it shall be able to issue an alarm and take appropriate measures (such as overwriting the earliest audit records or stopping the generation of audit logs);
  5. Audit information and audit tools should be protected by means of encrypted storage, authority control, identity authentication, etc., to prevent them from being acquired, modified, and deleted without authorization;
  6. Audit records should be backed up regularly to avoid loss of audit information due to unexpected deletion, modification or overwriting;
  7. Time sources should be protected against unauthorized changes and audit events should be generated if changed.

Enhanced requirements

Enhanced requirements include:

  1. It should be able to provide comprehensive audit records for remote access to CNC equipment, including but not limited to access time, access address, access personnel, specific operation content, etc.;
  2. It shall be possible to configure the threshold of audit storage capacity, and shall be able to issue an alarm when the storage of audit records reaches the threshold of audit storage capacity;
  3. It should be possible to configure the clock synchronization frequency, and perform system clock synchronization according to the set frequency;
  4. It should be able to provide an interface for centralized audit management and upload the generated audit records;
  5. Shall be able to write audit records to non-volatile storage media;
  6. Audit records shall be accessible through programmatic interfaces.

centralized control

basic requirements

none.

Enhanced requirements

  1. A specific management area should be divided to manage the safety devices or safety components distributed in the CNC network;
  2. It should be able to establish a safe information transmission path to manage the safety equipment or safety components in the CNC network;
  3. The operating status of network links, security equipment, network communication equipment, NC servers, collection servers, and CNC equipment should be monitored in a centralized manner;
  4. Audit data scattered on various devices should be collected, aggregated and analyzed in a centralized manner;
  5. Centralized management of security policies, malicious codes, patch upgrades, system logs, and other security-related matters;
  6. All kinds of security incidents in the CNC network should be identified, alarmed and analyzed.

further reading

More content can be GB-T 37955-2019 Information Security Technology CNC Network Security Technical Requirements. Further study

contact us

DB3706-T006.3-2020 Technical Operation Regulations for Pollution-free Agricultural Products Pleurotus ostreatus Production.pdf

Guess you like

Origin blog.csdn.net/m0_74079109/article/details/129784621
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com