Note: The BACnet® protocol can be optionally disabled.
What ports are required on a Reliable Controls® MACH-System?
The only port required for the system is 21068. Opening this port should not be a security concern
as it is not tied to common functions, such as HTTP, FTP, etc.
Transmissions that use the Reliable Controls® Protocol can only be initiated from port 21068 to
21068. No broadcasts are used in transmission. Responses to workstation requests are directed
to the requesting port number.
BACnet/IP communications utilize port 47808 by default.
120 Hallowell Road . Victoria, BC . V9A 7K2 . 250.475.2036
Page 1 of 6
.
877.475.9301 . Fax: 250.475.2096
APPLICATION NOTICE: Reliable Controls® Network Information
What kind of bandwidth will a Reliable Controls® network on
Ethernet use?
Reliable Controls® networks on Ethernet use almost no bandwidth during their regular
communication duties. The following description will demonstrate this point.
When determining the amount of network traffic, we will assume an average period of
2 minutes of communications between the controllers on a 10-megabit Ethernet
network. A simple formula, shown below, will show the average network usage in a 2minute period, expressed as a percent of the total network traffic possible.
U = (K * n) / 1000
U
=
the overall network utilization expressed as percent
K
=
the network utilization constant, see below
n
=
the total number of Reliable Controls® controllers on the Ethernet
network minus one
The number of network points passing between the controllers determines network
utilization.
Network Points per Controller
K Constant
Light – 20 points
2.9
Medium – 60 points
5.8
Heavy – 120 points
10.1
Table 1: K Constant
A Reliable Controls® MACH-System with 80 controllers on Ethernet and under
medium load equates to (5.8 * 79) / 1000 = 0.46%, network utilization over a twominute period.
If there is only 1 controller on Ethernet, then almost no traffic is ever generated.
APPLICATION NOTICE: Reliable Controls® Network Information
Do controllers on a Reliable Controls®
contribute to the overall Ethernet traffic?
sub-network
No, sub-network controllers do not communicate on the Ethernet connection. They
communicate on the local EIA-485 ports and do not broadcast on any other ports.
Is there any additional traffic generated by the Reliable
Controls® network?
The Reliable Controls® network will respond to operator requests through software, as
well as transmit alarms if the situation requires it. Alarms are sporadic and the size of
an alarm varies depending on what kind of information is being sent. Overall system
performance will not be impacted by alarms and the bandwidth required is far less
than the average operation numbers.
When an operator requests information from the controller, the amount of sent data
varies depending on what is being requested. The overall impact of operator requests
will be minimal.
An example of heavy operator traffic might involve 10 operators accessing a Reliable
Controls® network using RC-Webview™ and having a large graphic worksheet
containing 160 points with a refresh interval of 1 second each. In this case, the overall
usage from the system will result in an additional 2.6% bandwidth increase over the
regular Reliable Controls® networking operations between controllers.
APPLICATION NOTICE: Reliable Controls® Network Information
Network Security
BACnet® is an open protocol, how does this affect security?
To date, the BACnet® protocol can expose the Reliable Controls® MACH-System to
some security risks due to the open nature of the BACnet® protocol. The BACnet®
committee is currently in the process of developing security methods for BACnet®
networking.
Because of the dual protocol feature of Reliable Controls® products, BACnet® can be
disabled on Ethernet, making for a very secure system.
How is my Reliable Controls® MACH-System protected from
people with malicious intent?
Reliable Controls® Corporation utilizes a proprietary protocol and custom software
interfaces. Only select employees of Reliable Controls® Corporation have access to
this information, making for a very secure protocol.
All Reliable Controls® Corporation software is made in-house at our Victoria, British
Columbia headquarters in an effort to minimize the risk of exposing individuals outside
of the company to our proprietary information.
Is the Reliable
viruses?
Controls®
MACH-System
susceptible
to
To date, there are no viruses that can affect a Reliable Controls® controller. Reliable
Controls® firmware and hardware are custom made by our employees and only
respond within the limitations of their designed functions. Any computer virus in
circulation will not affect our controllers.
Can a Reliable Controls® controller be used to hijack or
infiltrate a network?
No, the Reliable Controls® MACH-System only responds to specific Reliable Controls®
Protocol commands. Any network packets not specifically recognized by the controller
will not be forwarded to the network because Reliable Controls® controllers do not
APPLICATION NOTICE: Reliable Controls® Network Information
have the capability of conducting network router duties. Reliable Controls® products
cannot be used as a backdoor into a network because of this same feature.
What can be done if there is a concern about leaving port
21068 open for communications through a router or firewall?
If there is a potential security concern in leaving port 21068 open through a router or
firewall, then most routers or firewalls can be configured to direct any traffic received
on those ports to a specific IP address. By employing this procedure, a network
administrator can ensure that any traffic intended for a Reliable Controls® MACHSystem is directed only to a Reliable Controls® MACH-System.
When accessing the controllers via software, what security
measures are in place to discourage unauthorized access?
In order to access a Reliable Controls® network, a User Name and Password must be
provided through the Reliable Controls® operating software. The encrypted User
Name and Password data are stored on the controllers. The controllers will never
transmit unencrypted User Names and Passwords, making it impossible to intercept
traffic using network analyzers.
Also, the system uses a default master password that can be changed by the operator
when commissioning the system.
RC-WEBVIEW SECURITY.
RC-WebView™ resides on IIS 5.0 for Windows 2000 Server and IIS 6.0 for Windows
2003 Server. All Windows security and service packs should be applied before
installing RC-WebView™. Whenever a security patch or service pack is installed, reinstall RC-WebView™.
To avoid the transmission of viruses via network traffic, the use of a firewall is
recommended. The transmission of viruses is normally not a problem, if the web
server and Reliable Controls® system are isolated on the same dedicated network,
allowing only 1 external port in to access the web server on the website you set up. In
using this arrangement, do not allow for ports out, except the response to requests on
the website port. Using a hardware firewall would accomplish this arrangement.
APPLICATION NOTICE: Reliable Controls® Network Information
There are no viruses specific to RC-Webview™ unless directed to IIS. But applying the
above security will eliminate any problems.
Allow only port UDP 21068 on the internal net and TCPIP 80 to the web server
(externally).
Request to web server on Port 80
Firewall
Redirect requests to server box.
RC-WebView
Web request translated to Reliable request
MG
M1