Calgary, AB., Canada T1Y 7H8 Phone: +1.403.569.1680 Fax: +1.403.569.1620 www.ASATsolutions.com DAPguard Application Authentication To Central server and/or To local authentication server Authorization Multi-level user access Audit Logging of User/device access DAPguard is a substation security application that provides secures remote access to the substation devices. With its capabilities in authentication, authorization and data logging for audit trail, DAPguard provides the confidence the utilities need to deploy a system-wide approach for connecting substation devices to enterprise applications. What does the DAPguard substation security application do? Limit or grant remote access to your substation devices in a secure manner Compliance to the North American Reliability Corporations Critical Infrastructure Protection (NERC CIP) requirements Secure file transfer of substation data to utility enterprise applications Log of user and device access for auditing purposes Integrate seamlessly with your existing IT infrastructures DAPguard is a software application in the DAP software suite, that runs on our DAPserver and DAPmini substation data management units. DAPguard TM Features Authentication, Authorization, Audit-trail (AAA) Linux security hardened operating system Built in Linux Firewall secured network tunnel - SSH/SSL/TLS RADIUS and LDAP support Local and central user directory administration Configurable User/group privileges Disable unused ports and services On demand revoke of user remote access privileges Intelligent Technologies, Smart Substations
ASAT Solutions Inc.
#8 2121 29th Street NE Calgary, AB., Canada T1Y 7H8 Phone: +1.403.569.1680 Fax: +1.403.569.1620 www.asatsolutions.com Use Case 1 Scenario: Remote access to substation system and IEDs is needed by substation engineering, maintenance and other utilities staff. Central security or access server is not available. Securing point of access and NERC CIP compliant is a must. Solution: Integrate IEDs using DAPserver with DAPguard application in substation. In this case, DAPguard runs a local LDAP or RADIUS server, and functions as an independent substation security gateway to manage access control and secure data exchange. Use Case 2 Scenario: The existing D20 RTU is acting as the data concentrator and point of access to substation. Central security or access server is not available. Securing point of access and NERC CIP com- pliant is a must. Solution: Add DAPmini with DAPguard application to the D20 RTU. In this case, DAPguard runs a local LDAP or RADIUS server, and functions as an independent substation security gateway to manage access control and secure data exchange. Use Case 3 Scenario: Remote access to substation system and IEDs is needed. A central security or access server is currently in operation, or will be incorporated in the future. However, substation level security gateway is also needed. Solution: Integrate IEDs using DAPserver with DAPguard application in substation. DAPguard supports most Linux or Windows based central security server. In this case, DAPguard coordinates with the central security server to conduct authentication and authorization. Should the central security server become unavailable, DAPguard will function as the backup security server to maintain the integrity of the electronic security perimeter. DAPguard TM DAPserver DAPmini with D20 RTU* *D20 RTU is a product of GE Erngy