Products > Test Equipment

Computerized test equipment - network or not? Virus safeguard issue

(1/5) > >>

I'm really not sure where to put this question.  But it's about OS in test equipment, so I'm going to put it here.

As we all know, many equipment are based on PC for not only UI but for base functions.  Some are based on Linux, some are based on proprietary stuff, some are Windows 95 to Windows 10.  My logic analyzer is based on Windows 2000.  I can access it from different PCs or print to my network printer, if I put it on a network.  My HP3048A runs on anything from DOS to HPUX to HP Basic running on Win10.  I think my Siglent runs on some kind of Linux based OS.

However, what about virus and other intrusion problems?  I have regular PCs on the same subnet.  If one gets infected with virus or something, it can act as a host and contaminate all PCs on my network.  I can't simply upgrade the OS to the latest as all drivers and software are not written to run on anything later, and it's already de-supported.

So here's a question...  do you connect your test equipment to your network, or do you air-gap it? 

This is a good point - especially for the PC (x86 based) systems. With other CPUs, espeicallly Linux variant on ARM (other non x86 CPUs) I would be less afraid, as there are not many virusses around effecting ARM systems. In addition the chances are good that the Linux systems would be relatively well limited to the parts actually needed and thus not effected by most security issues.

Start by scanning for open ports on the test gear and see what you find.

Air gap is going to be the convenient way, but the sort of lesser versions of that could be a change of protocol (GPIB or USB control to a network connected machine), or a local network.  A lot of PCs, at least desktops, will have a second ethernet port, so if you have a local net for your equipment that gets to that port but which isn't bridged over to your internet connected network, while it's not as secure as a true air gap, it can be a good combination of security and usability.

I have all my network capable instruments in their own LAN, with a dedicated switch and no Internet connection.

The desktop PC has two LAN cards with two different IP clases, one of which is for instruments only.  The other network card is for LAN connections with the router for my ISP and other devices requiring Internet access.

It happens that everything is running Linux, I ditched Windows some years ago.


[0] Message Index

[#] Next page

There was an error while thanking
Go to full version