implementing-conduit-security-for-ot-remote-access

Featured

Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying jump servers, MFA-enabled gateways, session recording, and approval-based workflows to control vendor and engineer access to industrial control systems without exposing OT networks directly.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Conduit Security for OT Remote Access ## When to Use - When replacing direct VPN connections from IT or vendors into OT control networks - When implementing IEC 62443-compliant conduit architecture for remote access paths - When deploying secure remote access for third-party vendor maintenance of ICS equipment - When building approval-based access workflows for privileged OT system access - When remediating audit findings about uncontrolled remote access to SCADA systems **Do not use** for designing the overall Purdue Model segmentation (see implementing-purdue-model-network-segmentation), for deploying IT-only remote access solutions, or for configuring local console access to PLCs. ## Prerequisites - IT/OT DMZ (Level 3.5) deployed with dual-firewall architecture - Jump server or privileged access management (PAM) platform (CyberArk, BeyondTrust) - Multi-factor authentication (MFA) infrastructure for OT remote access users - Session recording capability for compliance and forensic purposes - Approval workflow system (ServiceNow, ticketing) for access requests ## Workflow ### Step 1: Design Conduit Architecture for Remote Access ```yaml # IEC 62443 Conduit Security Architecture for OT Remote Access # All remote access terminates in DMZ - never passes through to OT directly conduit_architecture: remote_access_conduit: conduit_id: "RA-001" source_zone: "Enterprise IT (Level 4)" destination_zone: "OT DMZ (Level 3.5)" security_level_targe...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

securing-remote-access-to-ot-environment

This skill covers implementing secure remote access to OT/ICS environments for operators, engineers, and vendors while preventing unauthorized access that could compromise industrial operations. It addresses jump server architecture, multi-factor authentication, session recording, privileged access management, vendor remote access controls, and compliance with IEC 62443 and NERC CIP-005 remote access requirements.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-iec-62443-security-zones

This skill covers designing and implementing security zones and conduits for industrial automation and control systems (IACS) per IEC 62443-3-2. It addresses zone partitioning based on risk assessment, assigning Security Level targets (SL-T), designing conduit security controls, implementing microsegmentation with industrial firewalls, and validating zone architecture through traffic analysis and penetration testing against the Purdue Reference Model.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ot-network-security-assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-for-ot

This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-purdue-model-network-segmentation

Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.

12,642 Updated today
mukul975