Manualshelf

User manual

ManualsBrandsSimrad ManualsOtherFS70 - REV 3
11121314151617181920
SimradES70
Thelikelihoodthatanyremoteconnectionwilldoanyoftheabove.
Thedamagedoneifaremoteconnectionsucceedsdoingthis.
BecauseKongsbergMaritimehasnoinformationregardingthecompletesystem
installationonanyvessel,wecannotestimatethethreatlevelandtheneedfornetwork
security.Forthisreason,wecannotacceptresponsibilityfornetworksecurity.Systems
providedbyKongsbergMaritimeareregardedasstand-alonesystems,eventhoughthey
maybeconnectedtoanetworkforsensorinterfacesand/ordatadistribution.Forthis
reason,nosafetyapplicationsareinstalledonanycomputerstoprotecttheseagainst
viruses,malwareorunintentionalaccessbyexternalusers.
SecuringtheES70itselfhasnomeaningunlessthereisapolicyinplacethatsecures
allcomputersinthenetwork,includingphysicalaccessbytrainedandtrustedusers.
Thismustalwaysbeataskfortheendusertoimplement.TheES70systemhasbeen
veriedtorununderratherstrictsecuritysetup,soitshouldbepossibletoimplement
agoodsecurityregime.
IfyouwishtoconnecttheES70totheship'snetwork,youmustimplementthesame
securitymechanismsontheES70computer(s)asfortherestofthenetwork.Inthe
tentativestandardfromDetNorskeV eritas(DNV)-IntegratedSoftwareDependent
System(DNV-OS-D203)thisisdescribedasataskforthenetworkresponsiblepersonin
chargeoftheoverallbehaviourofthenetworksystem.Somekeyelementsheremustbe:
Thesameanti-virusprotectiononallcomputers,includingroutinesforupdating
thisprotection.
Thesamesettingsfortherewallonallcomputers.
Controlledphysicalaccesstocomputersonthenetwork.
Trustedoperators.
Log-inaccessmechanisms
Samepolicyforattachingperipheralequipmenttothecomputers(USBdevices,
harddrivesetc)
Installationofprogramsonanycomputerinthenetwork,vericationthateach
programisauthentic.
Denitionofwhichprogramsareallowedtorunoneachcomputer.
Loggingmechanismofcomputeractivity,andinspectionoftheselogs.
Howtodeneandimplementtheserulesdependsoneachenduser'snetworksystem
conguration,whichagainmustbearesultofthepoliciesandthreatlevelstheenduser
hasdenedforthecompleteinstallation.Forsomeproductsthenetworkconsistsofonly
processorunitsorworkstations,transceiversandafewsensors.Onothervessels,larger
computersystemscanbeinstalledtoincludenumerousproductsanddatasystems.As
theDNV-OS-D203suggests,theremustbeoneresponsiblepersonforthesecurityof
asystem,largeorsmall.
18
338106/C