Home
Resources
N2OS Configuration
The N2OS Configuration - Reference Guide.
Decryption
IEC 60870-5-7 / 62351-3/5 encrypted links
IEC TC57 (POWER SYSTEMS management and associated information exchange) develops the standards 60870 and 62351. IEC 60870 part 5 (by WG3) describes systems used for telecontrol. IEC 62351 (by WG15) handles the security of TC 57 series.

Resources
- Release Notes
  Access the release notes for release-based products.
- N2OS Configuration
  The N2OS Configuration - Reference Guide.
  - Features control panel
  - Edit sensor configuration
  - Basic rules
  - Garbage Collector
  - Alerts
  - Incidents
  - Nodes
  - Assets
  - Links
  - Variables
  - Protocols
  - Vulnerability assessment
  - Customize node identifier generation
  - Decryption
    - IEC 60870-5-7 / 62351-3/5 encrypted links
      IEC TC57 (POWER SYSTEMS management and associated information exchange) develops the standards 60870 and 62351. IEC 60870 part 5 (by WG3) describes systems used for telecontrol. IEC 62351 (by WG15) handles the security of TC 57 series.
    - Configure IEC-62351-3
  - Trace
  - Time Machine
  - Retention
  - Bandwidth throttling
  - Synchronization
  - Slow updates
  - Session hijacking
  - Passwords
  - Sandbox
  - Miscellaneous
- N2OS Software Development Kit
  The N2OS Software Development Kit (SDK).
- Integration Guides
  Integration guides to help you use applications that integrate with Nozomi Networks products.
- Reference Guides
  Additional reference guides with information on items such as Alerts and Incidents and Federal Information Processing Standards (FIPS).
- Quick Start Guides
  Hardware Quick Start Guides.
- Security
  Stay up-to-date with the most recent information and solutions for all vulnerabilities that affect Nozomi Networks products.
- Print format documentation
  A list of all the technical documentation that is available in print format.
- Documentation archive
  Access previous versions of the technical documentation.

IEC 60870-5-7 / 62351-3/5 encrypted links

IEC TC57 (POWER SYSTEMS management and associated information exchange) develops the standards 60870 and 62351. IEC 60870 part 5 (by WG3) describes systems used for telecontrol. IEC 62351 (by WG15) handles the security of TC 57 series.

IEC TC57 WG15 recommends the combination of IEC 62351-3 and 5 to secure IEC 60870-5-104 links:

IEC 62351-3 is a TLS profile to secure power systems related communication.
IEC 62351-5 is an application security protocol applicable to IEC 60870-5-101, 104, and derivatives. Its implementation in terms of ASDUs (i.e., real encapsulation) is outlined in IEC 60870-5-7.

In order to decrypt IEC 62351-3 (TLS) traffic, you must meet these conditions:

The private key for each TLS server (e.g. RTU, PLC) must be available; it is used to derive session keys.
All the equipment where decryption is needed must operate using the TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f) cipher suite. Often, this step is accomplished by forcing either the client or the server to confine itself to that specific cipher suite.