Académique Documents
Professionnel Documents
Culture Documents
Version 1.0
April 6, 2005
Network Communication
Application Notice
The only port required for the system is 21068. Opening this port should not be a security concern
as it is not tied to common functions, such as HTTP, FTP, etc.
Transmissions that use the Reliable Controls Protocol can only be initiated from port 21068 to
21068. No broadcasts are used in transmission. Responses to workstation requests are directed
to the requesting port number.
Reliable Controls networks on Ethernet use almost no bandwidth during their regular
communication duties. The following description will demonstrate this point.
When determining the amount of network traffic, we will assume an average period of
2 minutes of communications between the controllers on a 10-megabit Ethernet
network. A simple formula, shown below, will show the average network usage in a 2minute period, expressed as a percent of the total network traffic possible.
U = (K * n) / 1000
The number of network points passing between the controllers determines network
utilization.
K Constant
Light 20 points
2.9
Medium 60 points
5.8
10.1
Table 1: K Constant
Page 2 of 6
sub-network
The Reliable Controls network will respond to operator requests through software, as
well as transmit alarms if the situation requires it. Alarms are sporadic and the size of
an alarm varies depending on what kind of information is being sent. Overall system
performance will not be impacted by alarms and the bandwidth required is far less
than the average operation numbers.
When an operator requests information from the controller, the amount of sent data
varies depending on what is being requested. The overall impact of operator requests
will be minimal.
Page 3 of 6
Network Security
To date, the BACnet protocol can expose the Reliable Controls MACH-System to
some security risks due to the open nature of the BACnet protocol. The BACnet
committee is currently in the process of developing security methods for BACnet
networking.
Because of the dual protocol feature of Reliable Controls products, BACnet can be
disabled on Ethernet, making for a very secure system.
All Reliable Controls Corporation software is made in-house at our Victoria, British
Columbia headquarters in an effort to minimize the risk of exposing individuals outside
of the company to our proprietary information.
Is the Reliable
viruses?
Controls
MACH-System
susceptible
to
To date, there are no viruses that can affect a Reliable Controls controller. Reliable
Controls firmware and hardware are custom made by our employees and only
respond within the limitations of their designed functions. Any computer virus in
circulation will not affect our controllers.
No, the Reliable Controls MACH-System only responds to specific Reliable Controls
Protocol commands. Any network packets not specifically recognized by the controller
will not be forwarded to the network because Reliable Controls controllers do not
Page 4 of 6
have the capability of conducting network router duties. Reliable Controls products
cannot be used as a backdoor into a network because of this same feature.
If there is a potential security concern in leaving port 21068 open through a router or
firewall, then most routers or firewalls can be configured to direct any traffic received
on those ports to a specific IP address. By employing this procedure, a network
administrator can ensure that any traffic intended for a Reliable Controls MACHSystem is directed only to a Reliable Controls MACH-System.
In order to access a Reliable Controls network, a User Name and Password must be
provided through the Reliable Controls operating software. The encrypted User
Name and Password data are stored on the controllers. The controllers will never
transmit unencrypted User Names and Passwords, making it impossible to intercept
traffic using network analyzers.
Also, the system uses a default master password that can be changed by the operator
when commissioning the system.
RC-WEBVIEW SECURITY.
RC-WebView resides on IIS 5.0 for Windows 2000 Server and IIS 6.0 for Windows
2003 Server. All Windows security and service packs should be applied before
installing RC-WebView. Whenever a security patch or service pack is installed, reinstall RC-WebView.
To avoid the transmission of viruses via network traffic, the use of a firewall is
recommended. The transmission of viruses is normally not a problem, if the web
server and Reliable Controls system are isolated on the same dedicated network,
allowing only 1 external port in to access the web server on the website you set up. In
using this arrangement, do not allow for ports out, except the response to requests on
the website port. Using a hardware firewall would accomplish this arrangement.
Page 5 of 6
There are no viruses specific to RC-Webview unless directed to IIS. But applying the
above security will eliminate any problems.
Allow only port UDP 21068 on the internal net and TCPIP 80 to the web server
(externally).
Firewall
Redirect requests to server box.
RC-WebView
Web request translated to Reliable request
MG
M1
M1
Page 6 of 6
M1