Protect Plant Systems from network aware spyware/virus's
Posted on 2009-04-17
Presently I have two network segments, (office)192.168.1.x and (plant)192.168.3.x. Both networks use the same network switches to "talk" to other workstations in their network segment. This was done to protect plant systems from network aware spyware/virus. The plant systems do not have internet access. We do not want to put av on the plant computers because of confilcts with some of the software we run and the performance hit. However, we now have a problem. We have installed wireless in the plant area. This was done so we could collect job data on the plant floor. Now, the supervisor wants to utilize the wireless on the plant network also (some type of portable scales they want to collect data from).
The simple solution is to place all systems, office and plant, in the same network segment. However, to do so increases the risk that some network aware spyware/virus will infect the plant systems. In some cases this could be costly as it could alter a production cycle and product could be underprocessed. How can I effecively combine these networks and provide virus/spyware protection?