Open main menu

Securing your systems

Physical and data security for seismic installations and networks.

Your equipment is a valuable asset but the consequential cost of interruptions to data caused by theft – or even by inadvertent reconfiguration – of equipment can dwarf such considerations. This document discusses the various ways in which Güralp Systems Ltd can support the security of your equipment and data.

Physical Security

Picture of the Güralp Systems’ test vault at Wolverton

The physical security of instruments, data-links, networking equipment and data consumer equipment should be considered during the early stages of planning an installation. In many situations, access prevention is sufficient but in certain installations, access detection is of equal importance. Conventional solutions – walls, doors, fences, intruder alarms etc should be deployed where appropriate.

In addition, Güralp data acquisition systems, such as the D24SxEAM, can be provided with both internal tamper detection (using micro-switches and optical sensors) and multiple tamper-monitoring inputs, which can either be connected to existing intruder detection systems or used as the basis of a stand-alone tamper detection system. The status of the tamper-detection lines is monitored thirty times per second. The monitoring system can be used to both raise external alarms and to set data-quality flags to highlight the fact that data may have been compromised.

The image shows Güralp Systems’ test vault at Wolverton. The entrance to the vault is protected by a steel door and a secondary steel fence with padlocked gate.

Data Security

If you rely on real-time transmission of your data, it is vulnerable to both interruption and interception.

generic picture intended to represent data

The effects of data interruption can be mitigated by using the data storage facilities in Güralp Systems’ digitisers and acquisition modules. If transmission should fail for any reason, the firmware can be configured to store all data locally until it can either be transmitted over a restored link or physically collected from the device itself.

Güralp Systems’ Platinum firmware, running on DAS, EAM and NAM units, is capable of supporting multiple communications links, monitoring them for availability and automatically switching live data transmission between them when required, in order to maintain communications in the event of disruption to one of the transmission media.

Platinum firmware is password-protected and its web-based configuration interface can be reconfigured to only allow TLS-secured access, using the HTTPS protocol, preventing attempts to eavesdrop on communications. Command-line access can use the SSH protocol to prevent eavesdropping and even to replace password logins with more secure public-key cryptographic authentication.

In addition, certain acquisition modules can use hardware-based encryption techniques to authenticate network communications and digitally sign individual data packets in order to thwart attempts to interfere with data in transit.

Safeguarding Configurations

It is important to protect your data from the effects of misguided or accidental reconfiguration of digitisers and acquisition systems. Many organisations need to maintain a separation of roles so that data consumers can not inadvertently affect the acquisition process to the detriment of other users. Active reconfiguration of the acquisition parameters often needs to be restricted to authorised personnel. The remainder of this article will focus on techniques to establish and enforce this separation of privileges.

A typical scenario is illustrated below: An instrument is connected to a digitiser which, in turn, is connected to a EAM acquisition module. A modem line connects the EAM to a remote monitoring station where GSL’s Scream! software is used for control and monitoring. Similar considerations apply to other topologies. For example: if you are not using EAMs, simply ignore the relevant section.

illustration of typical configuration

In this situation, provided that the hardware can be secured, the only access to any of the configuration interfaces (the digitiser’s command line, the gconfig utility on the EAM and Scream!’s configuration system) is via the PC.

We will consider each of these configuration interfaces in turn:

More specific advice relating to Platinum systems (EAMs, NAMs, DM24S*TDE instruments, etc) can be found at A guide to securing Platinum systems.

For more information about any of the techniques described in this article, please contact .