Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  Index 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
<== Date ==> <== Thread ==>

Subject: Re: Protecting EPICS IOCs on ethernet
From: Ron Chestnut <rpc@SLAC.Stanford.EDU>
To: TECH-TALK@APS.ANL.GOV
Date: Fri, 22 Jan 1999 10:35:18 -0800 (PST)
Dear John,

At SLAC we have our production EPICS stuff on a seperate network, with access 
through "gateway" machines, which can see both the IOCs and talk to OPIs in the 
control room.

>From a security standpoint this works fine. We have no (few) user accounts on 
the gateways and things are invoked via RSH scripts. In principle, noone is 
interactively logged in to the gateways. (Of course we do for various reasons).

There are several negative points to consider:

1) You need mechanisms to allow operators, for example, to indirectly update 
things or add things to production directories. I'm thinking of StripTool 
configurations or updated displays and such.

2) You need different EPICS setups for DEV and PROD. In our case we source 
different files depending on what we need to do.

3) Some users will adamantly refuse to see the need for this and scream 
constantly about needing to do one extra step to move data somewhere where
they can run, say, MATLAB, to do some analysis. We even have disks cross mounted 
so data transfer is very easy and they howl.

But we have had no (knock on wood) bad people breaking in.

We'll be holding the collaboration meeting here at SLAC in early summer (exact 
dates soon), so come see and ask questions of the implementers.

/Ron Chestnut

Navigate by Date:
Prev: Protecting EPICS IOCs on ethernet John A. Priller
Next: Re: Protecting EPICS IOCs on ethernet Andy Foster
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
Navigate by Thread:
Prev: Re: Protecting EPICS IOCs on ethernet Alan K Biocca
Next: Re: Protecting EPICS IOCs on ethernet Bill McDowell
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·