Secure Access Control & Identity

Generally organisations use a system for the authentication, logging and access reporting on the switching infrastructure located within the OT network.  Whilst this instance can also be used for VPN, the need to provide a more centralised and secure mechanism for all authentication is highly recommended.  This central system provides the following:

  • Infrastructure authentication, logging and reporting;
  • Firewall & IPS/IDS;
  • VPN authentication and reporting – important for approved 3rd party contractors;
  • x Authentication for wired connections;
  • Guest and contractor secure access;
  • Secure wireless access and posturing for owned devices;
  • Application authentication; and
  • Optional Analytics

A central Active Directory may be built or the existing centrally operated Active Directory may be used for overall user account management.

RIoT Solutions can deploy, configure and test Cisco ISE for these requirements.  Figure 1 below, extracted from Cisco’s “Deploying Identity Services within a Converged Plant wide Ethernet Architecture” white paper is the basis of the architecture.

Unified

Figure 1 – Unified Identity Services for Wired and Wireless

This architecture is tried and proven and provides the organisation with the visibility and control required to support the increasing demand of IP access to industrial and critical environments.