July 30, 2024

The Industrial Wi-Fi Shop Podcast – Ep. 8 Respect My Securit-ahh!

1 hour 3 minutes

CWISA Guide Giveaway details

There are two copies of the Certified Wireless IoT Solutions Administrator (CWISA) study/reference guides

Winners will be drawn randomly on episode 10 (episode title TBD)

ONE winner will be from IT

ONE winner will be from OT

Click the link below to enter the drawing! (One entry per person)

—> https://forms.gle/eE4rYtixhbppyMti8 ←- (link now inactive)

Let’s talk security – Owning your industrial airspace

Three things you need to consider

Situational awareness of your site

Understanding the current RF landscape

Securing your wireless assets

Situational awareness

Where is your site

Is it in an industrial park?

Is it in an urban area close to other buildings and businesses?

Is it out in the middle of “nowhere”?

What is around your site

Residential?

Commercial?

Industrial / manufacturing?

Who is around your site

Static residential

High volume transient population

Lions, tigers and bears, oh my!

What is your risk

Understand your RF landscape

What other structured wireless networks are operating on your site?

802.11

802.15.4

Proprietary wireless

Are there transient wireless networks

Mobile hotspots

Transportation and fleet management

Are there and sources of EMI / RFI

How bad

What frequencies

What is your risk?

Securing your wireless assets

802.11 security

Obviously, do not use WEP or WPA (granted I do know that there are still legacy devices in production environments out there and that sometimes you have no choice. Be sure to document what you cannot mitigate!)

WPA2 still the most common, enable Protected Management Frames if you can/have the option

WPA3 the most preferable

Advanced and improved encryption

MFP is mandatory

802.15.4 security

128-bit AES encryption is built into the standard

After layer 2 in the OSI, these compliant devices often implement other security options from onboarding to CRCs, it depends on the vendor

Want to know more about Bluetooth security – check out episode 6

Want to know more about WirelessHART or ISA100 security – check out episode 4

Proprietary wireless security

Usually have encryption options

Unique onboarding processes for mesh devices

Contextless data transfer

Management access

Disable Over-the-air (OTA) management

Use HTTPS/SSH whenever possible

VLAN/segment out management IP addresses whenever possible

NEVER use default passwords and security settings

Key takeaways

Owning your industrial airspace is much more than simply encrypting wireless traffic

You need to look at your site as a whole to fully realize and understand your overall risk

You do not have the luxury of deciding whether or not you are a target

This is what my 900MHz signal generator looks like in spectrum analysis. It’s definitely a unique signature from the Density view at the top to the Waterfall view in the middle. You can also see in the bottom panel how it just eats up airtime utilization.

If you would like to know more about our guests, check them out on LinkedIn:

Jeremy Baker – https://www.linkedin.com/in/jeremyabaker/

If you would like to connect with me or learn more about my employer, Global Process Automation (GPA), then check the following:

Scott McNeil – https://www.linkedin.com/in/americanmcneil/

GPA – https://www.global-business.net/

...more

View all episodes

By Scott McNeil

11 ratings

July 30, 2024

The Industrial Wi-Fi Shop Podcast – Ep. 8 Respect My Securit-ahh!

1 hour 3 minutes

CWISA Guide Giveaway details

There are two copies of the Certified Wireless IoT Solutions Administrator (CWISA) study/reference guides

Winners will be drawn randomly on episode 10 (episode title TBD)

ONE winner will be from IT

ONE winner will be from OT

Click the link below to enter the drawing! (One entry per person)

—> https://forms.gle/eE4rYtixhbppyMti8 ←- (link now inactive)

Let’s talk security – Owning your industrial airspace

Three things you need to consider

Situational awareness of your site

Understanding the current RF landscape

Securing your wireless assets

Situational awareness

Where is your site

Is it in an industrial park?

Is it in an urban area close to other buildings and businesses?

Is it out in the middle of “nowhere”?

What is around your site

Residential?

Commercial?

Industrial / manufacturing?

Who is around your site

Static residential

High volume transient population

Lions, tigers and bears, oh my!

What is your risk

Understand your RF landscape

What other structured wireless networks are operating on your site?

802.11

802.15.4

Proprietary wireless

Are there transient wireless networks

Mobile hotspots

Transportation and fleet management

Are there and sources of EMI / RFI

How bad

What frequencies

What is your risk?

Securing your wireless assets

802.11 security

WPA2 still the most common, enable Protected Management Frames if you can/have the option

WPA3 the most preferable

Advanced and improved encryption

MFP is mandatory

802.15.4 security

128-bit AES encryption is built into the standard

After layer 2 in the OSI, these compliant devices often implement other security options from onboarding to CRCs, it depends on the vendor

Want to know more about Bluetooth security – check out episode 6

Want to know more about WirelessHART or ISA100 security – check out episode 4

Proprietary wireless security

Usually have encryption options

Unique onboarding processes for mesh devices

Contextless data transfer

Management access

Disable Over-the-air (OTA) management

Use HTTPS/SSH whenever possible

VLAN/segment out management IP addresses whenever possible

NEVER use default passwords and security settings

Key takeaways

Owning your industrial airspace is much more than simply encrypting wireless traffic

You need to look at your site as a whole to fully realize and understand your overall risk

You do not have the luxury of deciding whether or not you are a target

If you would like to know more about our guests, check them out on LinkedIn:

Jeremy Baker – https://www.linkedin.com/in/jeremyabaker/

If you would like to connect with me or learn more about my employer, Global Process Automation (GPA), then check the following:

Scott McNeil – https://www.linkedin.com/in/americanmcneil/

GPA – https://www.global-business.net/

...more

More shows like The Industrial Wi-Fi Shop Podcast

View all

Heavy Wireless

9 Listeners

Waves with Wireless Nerd

4 Listeners

Packet Protector

6 Listeners

Share The Industrial Wi-Fi Shop Podcast – Ep. 8 Respect My Securit-ahh!

Sign up to save your podcasts

The Industrial Wi-Fi Shop Podcast – Ep. 8 Respect My Securit-ahh!

The Industrial Wi-Fi Shop Podcast – Ep. 8 Respect My Securit-ahh!

More shows like The Industrial Wi-Fi Shop Podcast

Heavy Wireless

Waves with Wireless Nerd

Packet Protector