Page 41 - RC18-EDGE Spring.FINAL
P. 41
Firewalls can help limit traffic in and out of designated Defined Network (IDN) solution enabled the facilities staff
areas, but most firewalls enforce rules based on arbitrary to rapidly segment their expansive BACnet system with
(dynamic and spoofable) IP addresses. Furthermore, centralized management across their entire deployment.
inside the protection of a firewall, devices are still able to
communicate laterally and are often visible to the rest of In short, a secure networking solution enables Facilities
the network. And, any slight misconfiguration of either the and Operations teams to remove the traditional
device or the firewall can be catastrophic. networking obstacles and:
Thankfully, with recent advancements in technology, • Easily connect, control, and secure building
this problem can be easily resolved. Rather than using automation systems to optimize efficiency
ephemeral IP addresses for device identity, we can now
use a unique host identifier that provides a more reliable • Enhance risk posture by reducing the network attack
attribute of identity. One such implementation is the Host surface across the enterprise
Identity Protocol (HIP), an open IETF standard that adds
a ‘host identifier’ in the form of a cryptographic public key • Improve overall network performance by isolating
associated with the host. With HIP-based solutions, two specific network segments
parties must share a cryptographic binding before being
able to see each other on the network; effectively hiding • Experience significant OpEx savings through
(cloaking) portions of the network that are not allowed to simplified point-and-click management – no advanced
communicate with each other. IT skills required
With HIP, IP resources can move anywhere in the world Jeff Hussey is the President and CEO of Tempered
and maintain connectivity, regardless of whether they’re Networks, the pioneer of the Identity-Defined
in a static or dynamic IP environment. Now mobility and Networking market. He is an accomplished
migration between buildings, remote offices, datacenters, entrepreneur and business leader with a proven
shared networks, and multiple cloud providers is not only track record in the networking and security markets.
possible, but simple.
Smart Building Challenges – Beyond Cybersecurity
When facilities and operations teams work on building
automation projects, they’re also trying to optimize
network performance and resiliency. For example,
pervasive Building Automation and Control Networks
(BACnet) systems can create broadcast storms that Control for Smart Buildings.
might cripple network performance. These traffic storms
can cause problems for network administrators due
to high signal-to-noise ratios and interference that can
disrupt other IP traffic on the network. It can happen
without warning and take down critical building services.
Today, with proper micro-segmentation, you can improve
overall network performance by restricting noisy traffic to
encrypted network segments.
Successful BACnet Segmentation
for a Leading University
Penn State University (and its Facility Automation
Services team) was tasked with segmenting and
centralizing the university’s expansive BACnet system.
The BACnet system-controlled HVAC, lighting controls,
and access controls for classrooms, high-value research
labs, and more. Over 640 buildings are spread across
dozens of state-wide campuses. Their network attack
surface was large due to many rogue access switches Visit us at IBcon Las Vegas
and wireless access points. With BACnet communi- Booth #315
cations openly traversing Penn State’s flat network, orders Secure Networking Made Simple. temperednetworks.com
were to get the BACnet traffic segmented. An Identity
39
