twitteryou tubefacebookacp

6 tips to secure your control room

Service accounts still have a place in most solutions, says Barco. (Image source: Barco)

Technology company Barco tells Technical Review Middle East all the different ways to increase privacy and adopt a more secure control room

Update firewall rules

Check and update your firewall rules regularly. If something does not work and passes through the firewall, someone checks it. But how often do you check if all the rules are still needed? When phasing out some equipment, does your team check if all the firewall changes that were needed when it was first installed are still needed?

Lock down switch ports

Most companies are not ready for 802.1x or total Zero Trust Networking, but a good step in that path is locking down switch ports to known MAC addresses. Depending on how dynamic your control room is, you can follow the process control industry's standard of locking down a port to an individual MAC address.

Rights management

Rights management is another area where reviewing things on a regular basis is important, particularly for those companies that still have the traditional isolated network for their control room. This means that the standard automated process of onboarding, changing and offboarding accounts needs to be replicated manually. 

Location, Location, Location

Where you can view and where you can edit/interact, can be a powerful tool both for security and efficiency. Allowing the ability to view a situation outside the control room is powerful for escalations or management decisions, and for limiting the number of people in the control room to those who really need to be there. The problem comes when someone who has edit permissions in the control room, logs in outside of the control room. Does your setup allow for context, like location? 

Restrict service accounts

Service accounts still have a place in most solutions. And managed well, they can be kept secure. But too often, these are misused or misunderstood as generic user accounts. Service accounts should never be used when a user can change something.

Master your priorities

Deciding what should be fully encrypted and locked down versus what risks can be accepted within a design, should always be an end-customer decision. This leads to the idea of a loosening guide rather than the traditional hardening guide. When selecting a product, note how the manufacturer talks about security and where they expect the effort. 

When designing CTRL, Barco integrated security is at the core of the system. If you're interesed in knowing more about the security of Barco CTRL, click here