Thus far, the book has discussed classic networks small and big, with clients connected via wires or wireless to switches, LANs, servers, routers, and WANs. This chapter explores all the other networked devices and systems you’ll find in modern homes and businesses. CompTIA Network+ exam objective 2.1 lumps together devices as varied as networked printers and industrial control systems, so here’s a (somewhat realistic) scenario to make discussing them all together here.

The Bayland Widgets Corporation (BWC) makes widgets at its campus of three buildings, networked together to form a campus area network (CAN), shown in Figure 17-1. One building is the commercial office, where the sales and managerial staffs operate. The second is a factory space for building the new widget. The final building is the warehouse and shipping facility.

Figure 17-1  The BWC campus

The commercial space houses the primary servers, but a fiber-based network connects all three buildings, all of which have communications equipment installed. Plus, the factory and warehouse have robots and other mechanical systems that need computer-based controls.

As a kind of mass experiment, management decided at the beginning of the year that all employees should work from home for a year and a half, with intermittent solo office visits. This has created a challenge for the typical employee, but not as much for the techs who run the factory.

Emily, a top BWC performer, has adjusted well to working from home. She upgraded her home to include many network- and Internet-based features, including home automation devices, a faster Internet connection, and various mobile devices such as a smartwatch and upgraded smartphone.

Emily is working at the office a couple of days a week, but all that integration with her home devices doesn’t stop at her office door. Her smart doorbell and wireless cameras let her know when packages arrive from Amazon or FedEx. She can interact with the delivery people remotely. She can monitor and control the temperature in her house with her smartphone from anywhere.

The other half of the scenario explores the steps BWC has taken to improve and maintain the production facilities on its campus. Because of the robust automation and remote management tools already in place before the work-from-home mandate came through, the techs simply shifted to home systems and connected to the office via virtual private networking (VPN).

This chapter explores the current scene at the BWC campus, including how Emily and her coworkers interact with personal Internet-connected devices at the office. The campus design includes unified communications features and functions. The chapter finishes by exploring the functions and major components of BWC’s ICS/SCADA network.

Test Specific

Internet of Things

Marketing geniuses came up with the term Internet of Things (IoT) to describe the huge variety of devices you can access and control via the Internet (discounting personal computers, routers, and servers) and devices that connect directly to Internet resources. The term applies to lights you can turn on or off by using an app on your smartphone, air conditioning systems that you can monitor and control from a PC, and devices that can query the Internet for information. This section looks at personal IoT devices, like Emily has at her home.

IoT Home Automation

IoT technologies enable you to integrate a surprising variety of devices into a home automation system that you can control. (And they’re all called “smart” to distinguish them from their “dumb” unconnectable siblings.) You can control smart bulbs to change the lighting in your house. You can access smart refrigerators on your drive home from the office to check levels of milk or bread. Smart thermostats enable you to vary the temperature in your home (Figure 17-2). If Emily is working on the premises of BWC and a sudden cold snap comes in, with a quick app access, she can flip the heater on in her house so that it’s nice and cozy when she gets home.

Figure 17-2  Smart thermostat

Many smart systems, like the Amazon Echo products, can connect to the music library of your choice, and you can sprinkle smart speakers throughout your home to give you a seamless soundtrack for your life (Figure 17-3). Integrated home audio systems used to require extensive wiring and power considerations for speakers, plus a central control area. Smart speakers handle voice commands and interconnect wirelessly.

Figure 17-3  Smart speaker

Many IoT devices can connect directly to Internet resources to answer questions. The Amazon Echo Show pictured in Figure 17-4, for example, will answer the burning questions of the day, such as “Alexa, when was Miley Cyrus born?” and general important information, such as “Alexa, show me a recipe for chocolate chip cookies.” (By default, Amazon devices respond to the name “Alexa,” similarly to how Google devices respond to “OK Google” and Apple devices to “Hey, Siri!”) Figure 17-4 shows a response to the second command.

Figure 17-4  Amazon Echo Show responding to a command

Smart printers or multifunction devices (MFDs) connect directly to the Internet, not so much to control efficient communication but to enable it. You can print from a smartphone directly, for example, via AirPrint (on Apple iOS devices, like iPhones and iPads). You can scan a document, save it as an Adobe Postscript file (PDF), and immediately upload it to an Internet location, from the print device.

Smart garage door openers enable you to open or close the garage door from an app. Normally you’d use the app in a local setting, like in the old dark days. But in a pinch, you can monitor, open, and close the door for a delivery that you wouldn’t want left on the front porch, for example. A smart garage door opener is an example of a physical access control device installed at a house.

IoT Home Security

IoT makes setting up and monitoring a robust home security system very simple. The Ring system from Amazon, for example, can be configured with any number of wireless cameras with motion sensors to automatically record movement—and can tell the difference between a squirrel and a person! You can add the Ring smart doorbell, which comes with a bell button, naturally, and a camera, microphone, and speaker (Figure 17-5). This enables you to “answer the door” and interact with visitors without being there in person. Many companies make IoT security systems.

Figure 17-5  Ring smart doorbell

IoT Communications Technologies

Using wireless technology for personal IoT such as home automation has many challenges. First is the huge number of IoT devices that a modern home might potentially use, from thermostats to washing machines to power outlets and light bulbs. Secondly, homes, unlike offices, are filled with small rooms, narrow staircases, and other obstacles that make regular radio-based wireless difficult.

Zigbee and Z-Wave

IoT developers have come up with many protocols to create a mesh network of many low-powered devices. The open source Zigbee protocol, for example, supports over 64,000 devices at either the 2.4-GHz or 915-MHz band. The proprietary Z-Wave protocol supports a mere 232 devices, but operates at the 908- and 916-MHz band.

Wi-Fi

802.11 Wi-Fi certainly plays a role in IoT communications. The base station of an IoT system often connects to a Wi-Fi network to get on the Internet. Amazon Echo devices, for example, can connect to Wi-Fi (or Ethernet) to access the Amazon servers for information, streaming, and so on. But the devices communicate among themselves via a Zigbee mesh.

Wi-Fi also comes into play with enterprise IoT, where manufacturers are happy not to worry about power consumption when the trade-off is much higher speed. Also, Wi-Fi 6 was developed with IoT in mind, so it will undoubtedly make inroads into the IoT space.

Bluetooth

Bluetooth, that wonderful technology that connects headsets to smartphones and connects keyboards to laptops, is a wireless networking protocol developed to simplify connections between devices. You bring two Bluetooth-aware devices into close proximity, perform a quick pairing between the two, and they connect and work. Connected Bluetooth devices create a personal area network (PAN), and security concerns apply to all the devices and communication within that PAN.

Bluetooth has two important tools to make using it more secure. First, all of today’s Bluetooth devices are not visible unless they are manually set to discovery or discoverable mode. If you have a Bluetooth headset and you want to pair it to your smartphone, there is some place on the phone where you turn on this mode, as shown in Figure 17-6.

Figure 17-6  Setting up discoverable mode

The beauty of discoverable mode is that you have a limited amount of time to make the connection, usually two minutes, before the device automatically turns it off and once again the device is no longer visible. Granted, there is radio communication between the two paired devices that can be accessed by powerful, sophisticated Bluetooth sniffers, but these sniffers are expensive and difficult to purchase, and are only of interest to law enforcement and very nerdy people.

The second tool is the requirement of using a personal identification number (PIN) during the pairing process. When one device initiates a discoverable Bluetooth device, the other device sees the request and generates a PIN (of four, six, or eight numbers, depending on the device). The first device must then enter that code and the pairing takes place.

Bluetooth in IoT—including in every automobile infotainment system these days, it seems—offers two very different protocols for connectivity. The older, standard Bluetooth offers great range and speeds but uses a lot (relatively) of power to run. Newer IoT devices tap into Bluetooth Low Energy (BLE) networking technology introduced with Bluetooth 4.0 and carried over into current Bluetooth 5 devices. BLE, as the name implies, uses a lot less electricity than its predecessor. BLE runs at the same 2.4-GHz radio frequency as Bluetooth classic, but uses different modulation (so devices designed for one standard cannot work with the other standard).

Hardening IoT Devices

Hardening IoT devices decreases the danger of loss or downtime on the devices and increases the protection of personal information and company data. Generally, hardening means to keep the devices current (software and firmware), use physical security precautions, and apply internal security options.

Consider a scenario in which an organization uses many 802.11 PTZ (pan/tilt/zoom) cameras to monitor secure areas throughout three locations. These cameras are on the one and only SSID in each location. Each SSID uses WPA2 PSK encryption. Due to location, these cameras must use 802.11 for communication. All cameras must be accessible not only in each location but also in headquarters. Your job as a consultant is to provide a list of actions the organization should take to harden these cameras. Here’s a list of actions you should consider:

•   Limit physical access to the cameras.

•   Place all cameras in their own SSID.

•   Put all the camera feeds on their own VLAN.

•   Use a very long pre-shared key (PSK).

•   Set up routine queries for camera firmware updates from the manufacturer.

•   Use username ACLs to determine who may access the cameras.

Unified Communication

Some years ago, TCP/IP-based communications began to replace the traditional PBX-style phone systems in most organizations. This switch enabled companies to minimize wire installation and enabled developers to get more creative with the gear. Technologies such as Voice over IP (VoIP) made it possible to communicate by voice right over an IP network, even one as big as the Internet. Today, TCP/IP communications encompass a range of technologies, including voice, video, and messaging. On the cutting edge (led by Cisco) is the field of unified communication (UC). Bayland Widgets implements UC throughout its CAN.

It Started with VoIP

Early VoIP systems usually required multiple cables running to each drop to accommodate the various services offered. Figure 17-7 shows a typical workstation drop for a VoIP phone that connects via two RJ-45 connections, one for data and the other exclusively for VoIP.

Figure 17-7  Workstation drop

These drops would often even go to their own separate switches, and from there into separate VoIP gateways or voice gateways that would interface with old-school PBX systems or directly into the telephone network if the latter used VoIP PBX. These are the typical purposes and use case scenarios for computer telephony integration (CTI).

Virtually all VoIP systems use the Real-time Transport Protocol (RTP), as well as the Session Initiation Protocol (SIP). Because CompTIA typically throws in questions about port numbers, here’s the scoop on both. RTP uses UDP, but doesn’t have a hard and fast port. Many applications use the Internet Engineering Task Force (IETF) recommendations of ports 6970 to 6999. SIP uses TCP or UDP ports 5060 and 5061, with the latter for encrypted traffic over Transport Layer Security (TLS).

This first-generation VoIP setup that required a separate wired network gave people pause. There really wasn’t a critical need for physical separation of the data and the VoIP network, nor did these early VoIP systems handle video conferencing and text messaging. This prompted Cisco to develop and market its Unified Communications family of products.

Unified Communication Features

Of course, VoIP isn’t the only communications game in town. As organizations were implementing VoIP, they realized a number of additional communications tasks would benefit from centralized management. Enter unified communication, which adds various additional services to the now-classic VoIP. These services include

•   Presence information

•   Video conferencing/real-time video

•   Fax

•   Messaging

•   Collaboration tools/workflow

Along with some other real-time communication-oriented tools, these are categorized as real-time services (RTS).

Most of these services should be fairly self-explanatory, but I’d like to elaborate on two of them. Presence information services simply refer to technologies that enable users to show they are present for some form of communication. Think of presence as a type of flag that tells others that you are present and capable of accepting other forms of communication (such as a video conference). See Figure 17-8.

Figure 17-8  Presence at work

Video teleconferencing (VTC) enables people to communicate via voice and video simultaneously over an IP network. Done with high-quality gear and a high-speed network, VTC simulates face-to-face meetings. Real-time video technologies attempt to make delays in reception imperceptible. Networks across the globe have embraced VTC and real-time video through platforms such as Zoom and GoToMeeting to make meetings possible and avoid direct physical interaction.

UC Network Components

A classic UC network consists of three core components: UC devices, UC servers, and UC gateways. Let’s take a quick peek at each of these.

A UC device is what we used to call the VoIP telephone. In a well-developed UC environment, the UC device handles voice, video, and more (Figure 17-9).

Figure 17-1  Cisco Unified IP Phone

A UC server is typically a dedicated box that supports any UC-provided service. In small organizations this might be a single box, but in larger organizations there will be many UC servers. UC servers connect directly to every UC device on the LAN. It’s not uncommon to see all the UC servers (as well as the rest of the UC devices) on a separate VLAN.

A UC gateway is an edge device, sometimes dedicated but often nothing more than a few extra services added to an existing edge router. That router interfaces with remote UC gateways as well as with PSTN systems and services.

UC Protocols

Unified communication leans heavily on SIP and RTP protocols but can also use H.323 or MGCP. H.323 is the most commonly used video presentation protocol (or codec), and it runs on TCP port 1720. Media Gateway Control Protocol (MGCP) is designed from the ground up to be a complete VoIP or video presentation connection and session controller; in essence, it takes over all the work from VoIP the SIP protocol used to do and all the work from video presentation done by H.323. MGCP uses TCP ports 2427 and 2727.

VTC and Medianets

All forms of communication over IP networks have some degree of sensitivity to disruption and slowdowns, but video teleconferencing is particularly susceptible. No one wants to sit in on a video conference that continually stops and jitters due to a poor or slow Internet connection. Medianets help to eliminate or reduce this problem. A medianet is a network of (typically) far-flung routers and servers that provide—via quality of service (QoS) and other tools—sufficient bandwidth for VTC. Plus, medianets work with UC servers (or sometimes by themselves) to distribute video conferences.

Medianets can be wildly complex or very simple. A medianet could be two gateway routers with enough QoS smarts to open bandwidth for active VTCs as soon as they are detected. A medianet could be a huge multinational company with its own group of high-powered edge routers, spanning the globe with an MPLS-based VLAN, working with UC servers to support tens of thousands of voice and video conversations going on continually throughout its organization.

Medianets are all about the quality of service. But this isn’t the simple QoS that you learned about back in Chapter 11. VTC is the ultimate real-time application and it needs a level of QoS for performance that very few other applications need.

When we talk about QoS for medianets, we need to develop the concept of differentiated services (DiffServ). DiffServ is the underlying architecture that makes all the QoS stuff work. The cornerstone of DiffServ is two pieces of data that go into every IP header on every piece of data: DSCP and ECN. DSCP stands for differentiated services code point and ECN stands for explicit congestion notification. These two comprise the differentiated services field (Figure 17-10).

Figure 17-10  DS field

The first six bits are DSCP, making a total of eight classes of service. A class of service (CoS) is just a value you may use (think of it like a group) to apply to services, ports, or whatever your QoS device might use. Figure 17-11 shows a sample from my home router. My router has four QoS priority queues and I can assign a CoS to every port.

Figure 17-11  CoS settings on router

ECN is a 2-bit field where QoS-aware devices can place a “congestion encountered” signal to other QoS-aware devices. The following four values may show in that field:

•   00  Not QoS aware (default)

•   01  QoS aware, no congestion

•   10  QoS aware, no congestion (same as 01)

•   11  QoS aware, congestion encountered

UCaaS

Unified communication as a service (UCaaS) bundles up most (if not all) of an organization’s communication needs—things like calls, meetings, messaging, and more—in a single service. For the most part, users communicate through an app they install on their computer or smartphone (though the service can reach beyond this—it might forward calls to regular phone lines, provide VoIP service, or send faxes). The heavy lifting happens on remote servers in the cloud and UCaaS providers enable companies to subscribe to their services.

Zoom, WebEx by Cisco, and Microsoft Teams are all examples of UCaaS that integrate multiple kinds of real-time communication. These services typically integrate with whatever collaboration and productivity suite your company uses. Some of the big draws for organizations are predictable per-user licensing costs and getting rid of in-house communication servers. Figure 17-12 shows the Teams management interface where you can manage users and app integrations, view usage statistics, and more.

Figure 17-12  Microsoft Teams management interface showing usage statistics

ICS

Pretty much any industry that makes things, changes things, or moves things is filled with equipment to do the jobs that have to be done. From making mousetraps to ice cream, any given industrial plant, power grid, or pipeline is filled with stuff that needs to be monitored and stuff that needs to be controlled.

Here are some examples of things to monitor:

•   Temperature

•   Power levels

•   Fill quantity

•   Illumination

•   Mass

And these are some examples of the things to control:

•   Heaters

•   Voltage

•   Pumps

•   Retractable roofs

•   Valves

For Bayland Widgets, it’s all about the robots that control the factory, the machines that help automate packing and shipping, and the air-conditioning controls for both buildings.

In the early days of automation, you might have a single person monitoring a machine that produced something. When the temperature hit a certain point, for example, that person—the operator—might open a valve or turn a knob to make changes and keep the machine functioning properly. As machines became more complex, the role of the operator likewise changed. The operator needed to monitor more functions and, sometimes, more machines. Eventually, computers were brought in to help manage the machines. The overall system that monitors and controls machines today is called an industrial control system (ICS).

The ICS isn’t a new concept. It’s been around for over 100 years using technology such as telescopes and horns to monitor and using mechanisms and pneumatics to control from a distance. But ICSs really started to take off when computers were combined with digital monitors and controls. Over the last few years many ICSs have taken on more and more personal-computer aspects such as Windows- or Linux-based operating systems, Intel-style processors, and specialized PCs. Today, ICS is moving from stand-alone networks to interconnect with the Internet, bringing up serious issues for security. Competent network techs know the basic ICS variations and the components that make up those systems.

DCS

An ICS has three basic components: input/output (I/O) functions on the machine, a controller, and the interface for the operator. Input and output work through sensors and actuators. Sensors monitor things like temperature, for example, and the actuator makes changes that modify that temperature. The controller, some sort of computer, knows enough to manage the process, such as “keep the temperature between 50 and 55 degrees Fahrenheit.” The operator watches some kind of monitor—the interface—and intervenes if necessary (Figure 17-13). Let’s scale this up to a factory and add a little more complexity.

Figure 17-13  A simple ICS

What if you have multiple machines that accomplish a big task, like in a factory that produces some finished product? The widgets at Bayland Widgets, for example, are produced in stages, with the machine at each stage needing monitoring and control. In the early days of computers, when computers were really expensive, the controller was a single computer. All the sensors from each of the machines had to provide feedback to that single controller. The controller would compute and then send signals to the various actuators to change things, managing the process. See Figure 17-14.

Figure 17-14  An early computer-assisted ICS

As computing power increased and costs decreased, it made much more sense to put smaller controllers directly on each machine, to distribute the computing load. This is a distributed control system (DCS).

In a modern DCS, each of the local controllers connects (eventually) to a centralized controller—called the ICS server—where global changes can be managed (Figure 17-15). Operators at the ICS server for Bayland Widgets, for example, could direct the controllers managing the robots to change production from green widgets to blue widgets.

Figure 17-15  A simple DCS

Operators interact with controllers through a control or computer called a human–machine interface (HMI). Early HMIs were usually custom-made boxes with gauges and switches. Today, an HMI is most likely a PC running a custom, touch-screen interface (Figure 17-16). It’s important to appreciate that HMIs are not general purpose. You wouldn’t run Microsoft Office on an HMI, even if the PC on which it is built is capable of such things. It’s very common for an HMI to show a single interface that never changes.

Figure 17-16  SIMATIC HMI Basic Panel with a touch screen (© Siemens AG 2014, All rights reserved)

PLC

A DCS makes sense for a process that requires a continuous flow. The sensors provide real-time feedback to the controllers; the controllers are sophisticated enough to keep the machines functioning properly, making changes via the actuators. In a process that follows specific, ordered steps, in contrast, a different kind of system would make more sense.

A classic programmable logic controller (PLC) is a computer that controls a machine according to a set of ordered steps (Figure 17-17). Take for example a machine that produces cakes. Each step in the process of producing a cake follows a certain pattern (add ingredients, mix, bake, etc.) that has to go in order and in the proper timing. The PLC monitors sensors (like timers and oven temperatures) and tells the machine when to do the next step in the process.

Figure 17-17  Siemens SIMATIC S7-1500 PLC (© Siemens AG 2014, All rights reserved)

SCADA

A supervisory control and data acquisition (SCADA) system is a subset of ICS. Generally, a SCADA system has the same basic components as a DCS, but differs in two very important ways. First, a SCADA system is designed for large-scale, distributed processes such as power grids, pipelines, and railroads. Second, due to the distance involved, a SCADA system must function with the idea that remote devices may or may not have ongoing communication with the central control.

Remote Terminal Unit

In general, a SCADA system is going to be a DCS using servers, HMIs, sensors, and actuators. The big difference is the replacement of controllers with devices called remote terminal units (RTUs). RTUs provide the same function as a controller but have two major differences. First, an RTU is designed to have some amount of autonomy in case it loses connection with the central control. Second, an RTU is designed to take advantage of some form of long-distance communication such as telephony, fiber optic, or cellular WANs (Figure 17-18). As you might imagine, the fear of interception is a big deal with SCADA systems these days, so let’s discuss the need for network segmentation.

Figure 17-18  Substation Automation and RTUs (© Siemens AG 2014, All rights reserved)

Network Segmentation

It’s pretty easy to say that a network failure isn’t a happy occurrence. On the lowest end, losing your network in your home is going to make someone very unhappy when they can’t watch the latest episode of Bridgerton on Netflix. Taking it to the other extreme, many ICSs are incredibly crucial for the needs of everyday living. From the DCSs that run an oil refinery to the SCADA systems keeping our electrical infrastructure up and running, the potential downside of a catastrophic failure is far worse than that of missing a show!

Security isn’t the only reason we segment networks. We also reduce network congestion and limit network problems through segmentation. We segment to optimize performance. We segment to be in compliance with standards, laws, or best practices. We also segment for easier troubleshooting.

One of the best tools to help us understand network segmentation is the OSI seven-layer model, in particular the first three layers:

•   Layer 1 (Physical)  Physically separating your network from every other network.

•   Layer 2 (Data Link)  Separating a physically connected network into separate broadcast domains (think VLANs here)

•   Layer 3 (Network)  Separating broadcast domains by using different subnets or blocking IP routes

•   Above Layer 3  VPNs, separate SSIDs, separate Windows domains, virtualization

The CompTIA Network+ exam covers a number of situations where network segmentation is important.

Segmentation and Industrial Control Systems

All forms of ICS are by definition closed networks. A closed network is any network that strictly controls who and what may connect to it. However, there are two places where we begin to see connectivity. In many SCADA systems, it is very convenient to use public wireless networks to connect RTUs, and, in some cases, we connect SCADA servers to the Internet to provide intranet access. The biggest single line of defense for these two scenarios are virtual private network (VPN) connections. It’s impossible to find any form of SCADA/ICS that doesn’t use a VPN in the cases where it must be open to the public Internet.

Chapter Review

Questions

1.   Devices using which of the following protocols form a mesh network using the 908- and 916-MHz band?

A.   802.11 Wi-Fi

B.   Bluetooth

C.   Zigbee

D.   Z-Wave

2.   Connected Bluetooth devices create what kind of network?

A.   CAN

B.   LAN

C.   MAN

D.   PAN

3.   RTP runs on which ports?

A.   ICMP ports 5004, 5005

B.   UDP ports 5004, 5005

C.   TCP ports 5004, 5005

D.   Undefined UDP ports

4.   Of the following, which would most likely have an industrial control system implementation?

A.   An apartment complex

B.   A coffee shop

C.   A city park

D.   A bottling company

5.   H.323 uses which TCP port number?

A.   5004

B.   5060

C.   2427

D.   1720

6.   RTP runs on top of which protocol?

A.   UC server

B.   SIP

C.   MGCP

D.   H.323

7.   Which of the following devices would most likely be a UC gateway?

A.   VoIP telephone

B.   Desktop running Windows server

C.   Managed switch

D.   Router

8.   What is a medianet’s primary tool to ensure bandwidth for VTC?

A.   MPLS

B.   RTU

C.   QoS

D.   ISDN

9.   The central component of any ICS is what?

A.   Sensors

B.   PLCs

C.   ICS server

D.   HMI

10.   Which of the following differentiates a PLC from a DCS controller?

A.   Sequential control

B.   Sensors

C.   Operator

D.   Actuator

Answers

1.   D. Devices using the Z-Wave protocol form a mesh network using the 908- and 916-MHz band.

2.   D. Connected Bluetooth devices create a personal area network (PAN).

3.   D. The Real-time Transport Protocol (RTP) uses undefined UDP ports, though many companies use the IETF-recommended ports of 6970–6999.

4.   D. Of the choices offered, a bottling company is the one most likely to have an industrial control system (ICS) implemented.

5.   D. H.323 uses TCP port 1720.

6.   B. RTP runs on top of the Session Initiation Protocol (SIP).

7.   D. A unified communication (UC) gateway is most likely a router.

8.   C. Quality of service (QoS) enables medianets to ensure bandwidth for video teleconferencing.

9.   C. The centerpiece of any industrial control system (ICS) is the ICS server.

10.   A. A programmable logic controller (PLC) traditionally uses ordered steps to control a machine.