Manufacturing Network security improvements

We recently undertook an intense serious of investigations and IT security improvements on a live manaufacturing facility in Al Jubail, Saudi Arabia.

The site had a commendable attitude and clearly took IT security very seriously. The work involved implementing firewalls to create a DMZ for servers accessed from office networks, the design and creation of a new Active Directory creating dedicated managed domain service accounts for each specific task. Each dedicated account was granted the minimum required level of access for the task. Active directory design, implementation and management procedures were provided along with an approved AntiVirus, patch update and deployment mechanism.

Dedicated service accounts for DCS interfaces for a number of plants, all DCOM security changes including known vendor specific requirements. Live APC machines were moved into a new domain and configuration changes put in place to use these newly created service accounts. Site specific firewall rules were created with clear documentation on the use of every allowed port through each firewall.

 

 

All machines were installed with a current corporate approved AntiVirus solution with the capability to receive and deploy virus definitions. Windows update patch deployment for all machines including those inside the DMZ. New redundant interfaces between MES system and DCS were installed and tested. Documented procedures were provided to assist the local system administrators to continue to operate in a manner that was compliant with all Global IT security policies. 

Security standards enforced by policy across machines based on OU providing a simpler way of creating new machines but maintaining compliance.

This project was completed in a short time frame considering the scope of works, technical challenges and the business requirement for an ongoing high level of compliance to be managed by local personnel.