Category: VPN
Alphabet Soup: Navigating SCADA, and Industrial Control Systems and VPNs increasing importance in all of these technologies.
All the terminology is daunting. Whether, Operational Technology (OT), Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) or Internet of Things (IoT), it’s important for the C-suite of executives to understand the differences and find a way to maintain the accessibility of these technologies while complying with local regulations.
One greatest common denominator behind all of these technologies is the important and increasing role that Virtual Private Networks (VPNs) are having on these technologies. But before we go there, let’s spend a little more time discussing the differences between each technology.
In many ways, the pressure is on the shoulders of the owners of these technologies. Hackers and cyber-attackers can afford to be wrong a million times a day, while industrial and manufacturing organizations wrong only once stand to lose revenue, compromise lives and damage the environment.
Without proper cybersecurity controls in place, Organizations with these technologies are vulnerable to attack and vulnerable to compliance issues from strict regulatory requirements. In sectors like oil and gas, which employ mostly Operational Technology (OT), chemicals, pharmaceuticals and manufacturing, organizations build SCADA to rely predominantly on its accessibility and integrity of data. The reading from a pressure valve, for example, has to been easy for engineers to get to, and the number it displays must be accurate. Failure to do so can at best cost a company a lot of money and at worst cause people to get hurt, or could harm the environment.
The trouble with reverse proxying
One of the big use cases for having an SSL VPN is the ability to grant secure access to internal company websites to your remote users.
This is generally done by reverse proxying and when it works right it’s a great way of securing your internal sites that you would rather not have directly facing the internet.
However, it can be a challenge to successfully set up a reverse proxy that works perfectly and to do so often requires significant effort from either the poor admin who is trying to set up the resource, or the support team from the company supplying the VPN system. In my 9 years of working on SSL VPN technology, I would guess that up to 80% of all support was related to getting these proxied resources working.
Sometimes you get lucky as the VPN vendor may have templated a particular resource (like Microsoft Sharepoint for example) which has already had the hard work done by their development team with all the config required, although the point here is that it was still probably difficult to generate this.
Sometimes your internal website is very simple with nice static links that’s easy to catch and rewrite. Most of the time though you run into problems.