It is important for all businesses to create a level of security around their data to ensure that it is not lost, stolen, or otherwise manipulated by outside parties. Implementing a data security program helps owners and operators of convenience stores and gas stations maintain equipment operations and protect their operational and customer data. Here are some standard best practices to follow to help keep fuel site data secure.
- Create a Security Policy for your fuel site. This policy with be different for every organization but at a minimum it should define the equipment at your site, the networks that each piece of equipment is connected to, and the equipment and access permissions for each user or role that will be on site.
- Put a firewall in place. While there are many types of software and hardware solutions that provide a firewall, the basic idea is the same: a firewall is a network security device that monitors incoming and outgoing traffic and allows or blocks traffic based on a defined set of security rules. * Every organization should have a firewall in place.
Security Features of the TLS-450PLUS ATG
- Manage the network connectivity of your devices. There are three Ethernet Ports available to users on the TLS-450PLUS Automatic Tank Gauge (ATG), one that is a directly connected ethernet interface, and two that are connected via an internal switch. The direct connection is typically only routed internally to isolate secure traffic, while the switched ports allow connection to other traffic.
- Reassign port numbers or move ports. The TLS-450PLUS ATG allows users to reassign the ports, making it more difficult for intruders to find open ports to exploit. Users can also implement port forwarding with external IP addresses to manage the access level of certain systems within their internal network.
- Disable unused ports. To aid in the ease of set up, the TLS-450PLUS ATG is delivered with all TCP/IP ports enabled. At the time that the gauge is initially programmed, all ports that remain unused should be disabled.
- Use new encrypted data command interfaces. Whenever possible, organizations should use the new encrypted data Secure Shell (SSH) serial command interface instead of Telnet raw data communications on port 10001.
- Manage your user accounts and create custom roles when necessary. Create a new administrator account to replace default accounts. Use unique user IDs to restrict access to tank gauge data instead of allowing groups to shared generic IDs.
- Stay ahead of hackers by keeping console software versions up-to-date. We regularly update our software to integrate new features and our release process includes a scan for known vulnerabilities and, if any are found, the issues are addressed within the release.
This list of best practices is not exhaustive but should give you a good idea of where to start. The important thing to remember is that your organization should have a security awareness program for your personnel so that they know the policies and procedures to keep data safe. There are always new threats emerging so learn from any mistakes and improve your policies continuously.
Webinar Replay: Protecting Gas Station and Fuel Site Data
Watch the full discussion of data security as it relates to gas stations and our TLS-450PLUS automatic tank gauge and best practices for maintaining a secure network.
VIEW THE FULL WEBINAR
* Cisco Systems, Inc. (Accessed August 27, 2020) What Is a Firewall?: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html