VTSCADA AND TWILIO
Are you using Twilio for alerts with VTScada?
Twilio is a convenient, reliable and cost effective service that allows your VTSCADA system to send and receive SMS and/or Voice calls.
Unfortunately the major drawback is it requires your VTScada client login to be exposed on the internet.
How does the VTScada Twilio solution work?
When an alarm occurs in VTScada it triggers a HTTP or HTTPS call to Twilio's servers. Twilio then initiates a series of callbacks using HTTP or HTTPS to the VTScada server, logging in to the Twilio realm with a previously shared VTScada username and password.
It is these callbacks that require your SCADA Server to be internet accessible.
How comfortable are you with SCADA being accessible from the Internet?
For many critical SCADA systems the risk of being hacked makes having direct exposure to the internet undesirable.
What about Whitelisting to limit inbound traffic to my SCADA servers to just the Twilio servers?
Firewall whitelisting isn't an option because Twilio uses a vast array of dynamic IP addresses from within Amazon Web Services.
URL Filtering would work wouldn't it?
You may be able to use inbound URL filtering but this requires detailed knowledge on the part of your IT team of the incoming requests and even after that time investment doesn't completely eliminate the possibility of an exploit by a skilled attacker.
So Is there a solution that still allows me to use Twilio but keep my SCADA server off the Internet?
All requests originating from Twilio are cryptographically signed using your secret Twilio Authtoken. This signature can be authenticated to ensure that any requests are indeed from Twilio.
Quintessential has developed a Linux based proxy solution that takes advantage of this digital signature. The proxy will accept incoming Twilio requests, validate the Twilio signature, and only then pass on the request to your SCADA system.
In combination with a proper DMZ the risk to your SCADA system can be dramatically reduced.
For more information email