You’ve spotted a problem on your BACnet network. Devices are dropping like flies, with no apparent explanation. You need to get a packet capture (pcap) if you want to dig in and untangle what’s happening. But the IT department’s worried what sensitive information could be leaked if you pull any data. You’re at a stand-off, with conflicting needs.
Trying to convince your IT department that you can safely pull pcap files? Here are five ways to keep IT out of your OT.
1. Use Wireshark
Wireshark is a useful tool that is local to your computer. Download the program and you’ll be capturing and analyzing BACnet data in no time. Unfortunately, Wireshark is not as easy to use as it is to secure: it’s notoriously challenging to master, and few people can confidently call themselves a “Wireshark Guru.” If it is your only option, though, you can certainly learn to navigate the program. Check out our webinar on Advanced Troubleshooting BACnet in Wireshark.
2. Use Visual BACnet
Visual BACnet is as secure as it is easy to use. While the program is hosted on the cloud, privacy is always a priority: all data that is uploaded into Visual BACnet is encrypted, both in flight and at rest. Visual BACnet helps you quickly visualize, assess, and diagnose problems on your BACnet network, with advanced diagnostic checks. A concrete network health score lets you instantly know if your network is in critical or optimal health. You can even schedule packet captures, which will upload directly into Visual BACnet for you to assess. Learn more.
3. Filter for BACnet data
Filtering in Wireshark or our free capture tool will ensure you only get the information you need, and none of the data you don’t: no sensitive IT information will even be captured in the file, let alone uploaded into Visual BACnet. Read our article on filtering for BACnet traffic, or watch our quick video below for step-by-step instructions to isolate BACnet data in Wireshark.
4. Scrub the file
Still concerned about the sensitive nature of the data? You can anonymize your pcap file to keep information secure. By switching the devices’ IP addresses with fake ones, any leaked data cannot be traced. Be sure to keep track of what address translates to what, though, otherwise you won’t know which devices are causing problems! Read our article on securing packet captures in Wireshark and WireEdit.
5. Buy Visual BACnet Enterprise
Visual BACnet Enterprise is a secure cloud that is site-specific and hosted on your server. It guards against malicious outsiders, so you can safely analyze your BACnet network. If you have a large, highly sensitive network, this is your best option for keeping data secure. Contact us to learn more about Visual BACnet Enterprise.
IT and BACnet networks have different functions, but they don’t have to be at odds. These are just a few ways you can better understand your OT devices’ behaviour, without jeopardizing the security of your IT network.