Notice # 0002

Version 1.0
April 6, 2005

RELIABLE CONTROLS NETWORK INFORMATION

Network Communication

What kind of traffic should be expected on an Ethernet network

running Reliable Controls products?

Application Notice

Ethernet protocols used by Reliable Controls controllers

Universal Datagram Protocol (UDP, segmented)

Internet Protocol (IP)
Internet Control Message Protocol (ICMP)
Address Resolution Protocol (ARP)
Reliable Controls Protocol encapsulated in UDP
Simple Network Management Protocol (SNMP)
BACnet over IEEE 802
BACnet/IP

Note: The BACnet protocol can be optionally disabled.

What ports are required on a Reliable Controls MACH-System?

The only port required for the system is 21068. Opening this port should not be a security concern
as it is not tied to common functions, such as HTTP, FTP, etc.

Transmissions that use the Reliable Controls Protocol can only be initiated from port 21068 to
21068. No broadcasts are used in transmission. Responses to workstation requests are directed
to the requesting port number.

BACnet/IP communications utilize port 47808 by default.

2005 Reliable Controls Corporation

120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036

Page 1 of 6

877.475.9301 . Fax: 250.475.2096

APPLICATION NOTICE: Reliable Controls Network Information

What kind of bandwidth will a Reliable Controls network on

Ethernet use?

Reliable Controls networks on Ethernet use almost no bandwidth during their regular
communication duties. The following description will demonstrate this point.

When determining the amount of network traffic, we will assume an average period of
2 minutes of communications between the controllers on a 10-megabit Ethernet
network. A simple formula, shown below, will show the average network usage in a 2minute period, expressed as a percent of the total network traffic possible.

U = (K * n) / 1000

the overall network utilization expressed as percent

the network utilization constant, see below

the total number of Reliable Controls controllers on the Ethernet

network minus one

The number of network points passing between the controllers determines network
utilization.

Network Points per Controller

K Constant

Light 20 points

2.9

Medium 60 points

5.8

Heavy 120 points

10.1

Table 1: K Constant

A Reliable Controls MACH-System with 80 controllers on Ethernet and under

medium load equates to (5.8 * 79) / 1000 = 0.46%, network utilization over a twominute period.

If there is only 1 controller on Ethernet, then almost no traffic is ever generated.

2005 Reliable Controls Corporation

120 Hallowell Road . Victoria, BC

Page 2 of 6

V9A 7K2 . 250.475.2036

877.475.9301 . Fax: 250.475.2096

APPLICATION NOTICE: Reliable Controls Network Information

Do controllers on a Reliable Controls

contribute to the overall Ethernet traffic?

sub-network

No, sub-network controllers do not communicate on the Ethernet connection. They

communicate on the local EIA-485 ports and do not broadcast on any other ports.

Is there any additional traffic generated by the Reliable

Controls network?

The Reliable Controls network will respond to operator requests through software, as
well as transmit alarms if the situation requires it. Alarms are sporadic and the size of
an alarm varies depending on what kind of information is being sent. Overall system
performance will not be impacted by alarms and the bandwidth required is far less
than the average operation numbers.

When an operator requests information from the controller, the amount of sent data
varies depending on what is being requested. The overall impact of operator requests
will be minimal.

An example of heavy operator traffic might involve 10 operators accessing a Reliable

Controls network using RC-Webview and having a large graphic worksheet
containing 160 points with a refresh interval of 1 second each. In this case, the overall
usage from the system will result in an additional 2.6% bandwidth increase over the
regular Reliable Controls networking operations between controllers.

2005 Reliable Controls Corporation

120 Hallowell Road . Victoria, BC

Page 3 of 6

V9A 7K2 . 250.475.2036

877.475.9301 . Fax: 250.475.2096

APPLICATION NOTICE: Reliable Controls Network Information

Network Security

BACnet is an open protocol, how does this affect security?

To date, the BACnet protocol can expose the Reliable Controls MACH-System to
some security risks due to the open nature of the BACnet protocol. The BACnet
committee is currently in the process of developing security methods for BACnet
networking.

Because of the dual protocol feature of Reliable Controls products, BACnet can be
disabled on Ethernet, making for a very secure system.

How is my Reliable Controls MACH-System protected from

people with malicious intent?

Reliable Controls Corporation utilizes a proprietary protocol and custom software

interfaces. Only select employees of Reliable Controls Corporation have access to
this information, making for a very secure protocol.

All Reliable Controls Corporation software is made in-house at our Victoria, British
Columbia headquarters in an effort to minimize the risk of exposing individuals outside
of the company to our proprietary information.

Is the Reliable
viruses?

Controls

MACH-System

susceptible

to

To date, there are no viruses that can affect a Reliable Controls controller. Reliable
Controls firmware and hardware are custom made by our employees and only
respond within the limitations of their designed functions. Any computer virus in
circulation will not affect our controllers.

Can a Reliable Controls controller be used to hijack or

infiltrate a network?

No, the Reliable Controls MACH-System only responds to specific Reliable Controls
Protocol commands. Any network packets not specifically recognized by the controller
will not be forwarded to the network because Reliable Controls controllers do not

2005 Reliable Controls Corporation

120 Hallowell Road . Victoria, BC

Page 4 of 6

V9A 7K2 . 250.475.2036

877.475.9301 . Fax: 250.475.2096

APPLICATION NOTICE: Reliable Controls Network Information

have the capability of conducting network router duties. Reliable Controls products
cannot be used as a backdoor into a network because of this same feature.

What can be done if there is a concern about leaving port

21068 open for communications through a router or firewall?

If there is a potential security concern in leaving port 21068 open through a router or
firewall, then most routers or firewalls can be configured to direct any traffic received
on those ports to a specific IP address. By employing this procedure, a network
administrator can ensure that any traffic intended for a Reliable Controls MACHSystem is directed only to a Reliable Controls MACH-System.

When accessing the controllers via software, what security

measures are in place to discourage unauthorized access?

In order to access a Reliable Controls network, a User Name and Password must be
provided through the Reliable Controls operating software. The encrypted User
Name and Password data are stored on the controllers. The controllers will never
transmit unencrypted User Names and Passwords, making it impossible to intercept
traffic using network analyzers.

Also, the system uses a default master password that can be changed by the operator
when commissioning the system.

RC-WEBVIEW SECURITY.

RC-WebView resides on IIS 5.0 for Windows 2000 Server and IIS 6.0 for Windows
2003 Server. All Windows security and service packs should be applied before
installing RC-WebView. Whenever a security patch or service pack is installed, reinstall RC-WebView.

To avoid the transmission of viruses via network traffic, the use of a firewall is
recommended. The transmission of viruses is normally not a problem, if the web
server and Reliable Controls system are isolated on the same dedicated network,
allowing only 1 external port in to access the web server on the website you set up. In
using this arrangement, do not allow for ports out, except the response to requests on
the website port. Using a hardware firewall would accomplish this arrangement.

2005 Reliable Controls Corporation

120 Hallowell Road . Victoria, BC

Page 5 of 6

V9A 7K2 . 250.475.2036

877.475.9301 . Fax: 250.475.2096

APPLICATION NOTICE: Reliable Controls Network Information

There are no viruses specific to RC-Webview unless directed to IIS. But applying the
above security will eliminate any problems.
Allow only port UDP 21068 on the internal net and TCPIP 80 to the web server
(externally).

Request to web server on Port 80

Firewall
Redirect requests to server box.
RC-WebView
Web request translated to Reliable request
MG
M1

2005 Reliable Controls Corporation

M1

120 Hallowell Road . Victoria, BC

Page 6 of 6

M1

V9A 7K2 . 250.475.2036

877.475.9301 . Fax: 250.475.2096