Security appliances with integrated switch- Even more secure and more cost effective



Similar documents
Remote Maintenance with Security Appliances FL MGuard RS2000 and RS4000. Economic and Reliable Service

Secure access to a water treatment plant s SCADA network

Building A Secure Microsoft Exchange Continuity Appliance

Industrial Firewalls Endpoint Security

Figure 41-1 IP Filter Rules

Building Secure Networks for the Industrial World

Recommended IP Telephony Architecture

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Ovation Security Center Data Sheet

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.

RuggedCom Solutions for

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Polycom. RealPresence Ready Firewall Traversal Tips

What would you like to protect?

Network Virtualization Network Admission Control Deployment Guide

Innovative Defense Strategies for Securing SCADA & Control Systems

Ovation Security Center Data Sheet

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

E2BN Direct - Network Services for Schools and Academies

Cisco Small Business ISA500 Series Integrated Security Appliances

IP Telephony Management

- Introduction to PIX/ASA Firewalls -

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Tk20 Network Infrastructure

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Firewall Architecture

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Fortigate Features & Demo

Cisco SR 520-T1 Secure Router

PART D NETWORK SERVICES

Cyber Security Where Do I Begin?

Using a Firewall General Configuration Guide

CMPT 471 Networking II

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Designing a security policy to protect your automation solution

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Firewalls Overview and Best Practices. White Paper

Cisco Application Networking for BEA WebLogic

Post-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Industrial Security for Process Automation

Best Practices for DanPac Express Cyber Security

Highly available embedded server for secure teleservices Kontron KISS servers in use as a high-end firewall & VPN gateway for industrial teleservices

A Technical Overview of VMT s Architecture: Virtual Infrastructure Management. Key Architecture Components

Remote PC Guide Series - Volume 1

Deploying Firewalls Throughout Your Organization

Achieving PCI-Compliance through Cyberoam

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

ICAB5238B Build a highly secure firewall

Partner with the UK s leading. Managed Security Service Provider

Security Administration R77

High Performance, Secure VPN Servers for Remote Utility, Industrial Automation Systems:

Firewalls CSCI 454/554

IT Security and OT Security. Understanding the Challenges

Best Practices: Pass-Through w/bypass (Bridge Mode)

13 Ways Through A Firewall

GroupWise SMTP Infrastructure Design:

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Chapter 9 Firewalls and Intrusion Prevention Systems

Security Design.


Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Database Security, Virtualization and Cloud Computing

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Using Innominate mguard over BGAN

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Cisco PIX vs. Checkpoint Firewall

Chapter 7. Firewalls

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

DeltaV System Cyber-Security

Security Technology: Firewalls and VPNs

TechGuard Firewall Products Specs/Parts/Competitive Analysis

Firewall and UTM Solutions Guide

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Voice Over IP and Firewalls

Infinity Acute Care System monitoring system

8. Firewall Design & Implementation

Network Services Internet VPN

74% 96 Action Items. Compliance

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Transcription:

Security appliances with integrated switch- Even more secure and more cost effective There is currently a great deal of discussion about the issue of cyber security and its optimisation. But not many businesses have a concrete idea even of the types of dangers against which they must defend themselves. With its new Security Appliances FL MGuard RS2005 and RS4004, Phoenix Contact provides new devices with innovative functions that effectively protect the network from the many types of attacks. Today, plants are generally made up of complex machines and systems that are characterized by a high degree of automation. In the course of the forward-looking Industry 4.0 project, automation is likely to increase. Such solutions must be equipped with IT security that is oriented both on system requirements and user needs. IT security needs to erect appropriate impediments to the usual attack vectors, such as the Internet. On the other hand, production systems need to operate with increasing efficiency. Downtimes not only result in financial loss, but also jeopardise delivery dates and therefore the manufacturer s reputation. That is why, in addition to the constantly connected networks through which machines and systems communicate, remote maintenance access and thus networks outside the company must be considered and measures taken to protect against the dangers they pose.

The continuous networking of machines and systems to form comprehensive systems has increased significantly, especially in recent years. However, during the planning and construction of individual system components, those responsible often did not expect communication that would cross the borders of the system. That is why the issue of IT security was often neglected. Past attacks have made it clear, however, that even special industrial protocols and proprietary technologies are threatened. Easy to operate even without special IT knowhow In order to compete effectively, businesses are constantly looking for potential improvements. Users focus on issues such as cost, security, bandwidth, availability, stability, and reduction of complexity and installation cost. To address these demands, Phoenix Contact has added devices with an integrated switch to the proven FL MGuard security appliances (Figure 1). The new components save space on the DIN rail and simplify installation. They are available with one unmanaged switch with five ports or one managed switch with four ports and a DMZ (Demilitarised Zone) port. SD (Secure Digital) memory cards can be used as interchangeable configuration memories to facilitate quick device replacement. Figure 1 - The new security router from Phoenix Contact. As a result of their function and price, the FL MGuard RS2005 basic series security appliances are suitable for addressing simple routing and/or remote maintenance applications with a maximum of two VPN (Virtual Private Network) tunnels and guarantee a high level of security. As required, a firewall that is easily set up without IT know-how can be used to control data traffic. The five built-in Ethernet ports allow internal networking of the system and connect it to the superordinate network through a router port. Situation-appropriate switchover of predefined firewall rules In addition to the routing functions, FL MGuard RS4004 security appliances offer the full functional scope of a firewall and VPN as well as a DMZ port and managed switch with four ports. The precisely configurable Stateful Inspection firewall filters communication based on clearly organised input and output rules. This ensures that only data exchanges authorised

by the user take place. The FL MGuard RS4004 also has a conditional firewall that allows situation-appropriate, predefined switchover of firewall rules. This enables the firewall to be switched between rules for various operating conditions by means of simple triggering events. This may be necessary because during productive operation and during local or remote system maintenance, certain connections should be allowed or forbidden. For example, it may be sensible to cut off all data traffic from or to the superordinate network when a control cabinet door is opened. This would isolate the service technician working locally on the system simply and effectively from the superordinate network. Another example would be allowing machine and system updates to be carried out only at suitable times, such as during regularly scheduled maintenance periods. At those times, an authorised person could use a key to switch the firewall over to allow access to the update server. This avoids the necessity of configuration change, saving time and money. The security level is also raised, since spontaneous configuration changes are often prone to errors (Figure 2). Figure 2a & b - Conditional firewall for situation-appropriate switchover in which two different firewall settings (Figure 2a and Figure 2b) are pictured. Additional connection of an isolated system The DMZ port can be used to connect an additional network. This third network is protected by means of a firewall from the other two, which are connected to the WAN and LAN ports. The DMZ port raises the security level significantly because the systems connected through it work virtually in isolation from the other systems. One example is a mail server that must, of course, be accessible through the Internet so that it can receive e-mails. At the same time, internal users need to access the e-mail server in order to send e-mails. But the internal users need to be isolated from the external Internet. Production data archiving systems and special remote maintenance access can operate in the DMZ. Machines and systems can thus be integrated into the superordinate network through the WAN port with the help of routing functions and enjoy the protection of the firewall at the same time. The remote maintenance that must be accessible when it is needed is implemented through the DMZ

port. The previously mentioned conditional firewall allows the user to activate special preset remote maintenance options (Figure 3). Dynamic monitoring of all Windows systems Figure 3 - DMZ port for secure connection of superordinate systems. In the era of the Stuxnet worm, which is tailored to attack automation systems, dynamic monitoring of all Windows systems in the production environment significantly increases the level of security. Phoenix Contact offers so-called CIFS (Common Internet File System) Integrity Monitoring (CIM), an antivirus protection system that is in compliance with industry specifications and available as an additional license for the FL MGuard RS4004 security appliances. CIM, which works like an anti-virus sensor, but does not need to reload virus patterns, detects whether malware has infected a Windows system consisting of control, operator unit, and PC. Thus, operators can run firewalls and CIM in parallel to achieve maximum protection in systems previously thought unprotectable. These include networks that use out-of-date operating systems; whose (software) standard settings were certified by the manufacturer or an official body when a change would mean losing authorisation from that body; that cannot be equipped with a virus scanner in time-critical industrial applications; that cannot download virus pattern updates because they lack a connection to the Internet, for instance (Figure 4). Summary The new FL MGuard RS2005 and RS4004 security appliances are very well suited to implementing a secure, cost-effective, and reliable security and/or remote maintenance solution. The three-level security concept supported by RS4004 devices, made up of conditional firewall, DMZ, and CIFS Integrity Figure 4 - The principle of CIM (CIFS Integrity Monitoring).

Monitoring (CIM), allows construction of new security architectures for the secure operation of automation solutions that are manageable for the user. Multi-level concept for protection against unauthorised access If you are interested in publishing this article, please contact Becky Smith: marketing@phoenixcontact.co.uk or telephone 0845 881 2222. The new generation of fanless security routers from Phoenix Contact wins over customers with reliable security and performance. These compact devices in metal housings that can be mounted to the mounting rail have an SD card slot for easy device replacement and input/output connections. Based on a hardened Embedded Linux operating system, the RS4004 series has four coordinated security components: A bidirectional Stateful Inspection firewall with a conditional firewall A DMZ port for another isolated network A highly secure VPN gateway and Optional protection against malware using CIFS Integrity Monitoring The RS2005 series devices have been designed for use as industrial VPN field routers, so they can be used directly on the machine or as central security components in distributed networks. They provide up to two parallel VPN tunnels, a simple twoclick firewall, an integrated switch, and flexible routing functions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information