F
Basic setup... A DCS, a few PLCs, two ABB robots, an IP camera and a database server all connected to an unmanaged switch. The database server has a second NIC connected to the plant LAN making process data available to the masses.Security... Not much, database server has Windows firewall enabled, unused ports are closed and access is limited to IPs that fall within our domain.Need for greater security... Just had an incident, no damage but it was an eye-opener. A maintenance guy ran fiber to his desk and plugged into the control network so he could do PLC work without having to walk across the plant. He was using his "General use" desktop PC which probably spent quite a few night shift hours surfing YouTube. I'm wondering if I need to replace the switch with a managed so that unreconized IPs would not be able to communicate on the network. I'm also starting to question the safety of the dual NIC database machine. Any tips on how to tighten-up this system?