Industrial Firewalls Endpoint Security

Similar documents
Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Firewalls, Tunnels, and Network Intrusion Detection

OPC & Security Agenda

Firewall and UTM Solutions Guide

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Who s Endian?

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Top tips for improved network security

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

Firewalls (IPTABLES)

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

8. Firewall Design & Implementation

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Building Secure Networks for the Industrial World

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Security appliances with integrated switch- Even more secure and more cost effective

BlackRidge Technology Transport Access Control: Overview

Zone Labs Integrity Smarter Enterprise Security

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Security Technology: Firewalls and VPNs

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Recommended IP Telephony Architecture

Securing the Small Business Network. Keeping up with the changing threat landscape

From Network Security To Content Filtering

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Network Security Administrator

Second-generation (GenII) honeypots

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Designing a security policy to protect your automation solution

Security with Passion

Overview and Deployment Guide. Sophos UTM on AWS

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

Chapter 9 Firewalls and Intrusion Prevention Systems

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Unified Threat Management, Managed Security, and the Cloud Services Model

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Achieving PCI-Compliance through Cyberoam

Introduction of Intrusion Detection Systems

Virtual Privacy vs. Real Security

Firewall Security. Presented by: Daminda Perera

Norton Personal Firewall for Macintosh

Network & Information Security Policy

Chapter 1 The Principles of Auditing 1

Firewall Defaults and Some Basic Rules

10 easy steps to secure your retail network

13 Ways Through A Firewall

13 Ways Through A Firewall What you don t know will hurt you

PART D NETWORK SERVICES

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Description: Objective: Attending students will learn:

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

The Cisco ASA 5500 as a Superior Firewall Solution

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Secure VoIP for optimal business communication

Cisco IOS Advanced Firewall

Guideline on Firewall

Networking for Caribbean Development

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

Voice Over IP and Firewalls

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Simple security is better security Or: How complexity became the biggest security threat

Providing Secure IT Management & Partnering Solution for Bendigo South East College

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Firewall Environments. Name

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Dr. György Kálmán

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Transcription:

Industrial Firewalls Endpoint Security

Is there a need for a new type of industrial firewall? Industries have a huge park of different management and control systems to monitor their production. These monitoring & production control systems are known under the term: SCADA Supervisory Control and Data Acquisition Over the last 10 years SCADA systems have been integrated into Process Control Networks to optimize production.

Is there a need for a new type of industrial firewall? Because it is very efficient and versatile more and more SCADA systems are based on TCP/IP as transport protocol. Althought a lot of efforts have been made to keep these TCP/IP networks separate from the Internet, bridges and gateways do exist Cyberweapons like Stuxnet have proven: Production networks are penetrable and vulnerable from the Internet!!!

The SCADA security challenge SCADA systems were built with very little respect or none to IT security. In order to reach the goal of optimizing the production and reducing downtime the focus was put on real time data delivery and efficient management. Most SCADA systems show a lot of vulnerabilities or unprotected ports. Due to the increased use of TCP/IP networks for centralized managment SCADA devices became exposed to a new class of security threats they have not been designed for.

New security threats to SCADA systems Port scanning Sending false commands Man in the middle attacks Password breaking Viruses/Cyberweapons Motivations: Espionage, Sabotage, Hacking, Cyberwar

SCADA security rule number 1: ACCESS prevention STRICT ACCESS controls to any endpoint in the production network. A SCADA firewall acts as solid gate keeper to prevent unauthorized access A SCADA firewall prohibits dangerous attacks by limiting the potential attack vectors to a minimum. The endpoint security device must encrypt all communication between the control-room and the machine its protecting with a VPN -Tunnel

SCADA security rule number 2 Secure any endpoint A classical firewall protects a network of users against threats from the Internet In the industry any machine needs to be protected to assure that production is not interrupted The source of the threat is not always outside on the Internet, it can also be an internal threat, coming from the company network

SCADA security rule number 3 create multiple barrieres 1 2 3 4 5 1 Layer 1 Access Restriction A lot of attacks can be prohibited by shielding the Industrial control units from receiving any packets from unapproved sources. Simple remedies like MAC Address Filtering allows only communications with approved sources. 4 Layer 4 - Malformed Packet Rejection To send malformed Packages is an advanced hacking trick to break in to a machine. 4I Edge devices have an option to only allow normal TCP or UDP traffic to pass through to the end devices. 6 2 Layer 2 - Service/Port Restriction By restricting each defined connection to only the specific TCP or UDP port, the other ports on the TCP/IP stacks are blocked. This provides another layer of defense for viruses, Trojans, worms, and exploits. 5 Layer 5 - Intrusion Detection Alerts 4i Edge devices have the ability to report any kind of rule violation back to any security monitoring systems. 3 6 Layer 3 - Denial of Service Protection 4I systems can detect any unusual increase of traffic. Abnormal bandwidth will be sensed and can be set to be blocked. Layer 6 - SCADA Protocol Filtering We are providing Modbus TCP protocol filtering for 4i Edge on request. 4i Edge: Multi layer security VPN endpoints

Industrial security devices must have specialized features Must provide various access controls tools Needs to support a wide range of industry standard VPN protocols to assure compatibility with existing VPN concentrators Must provide multi layered defence and detect threats that are coming from the network. ( Firewall + Stateful Inspection + IDS System) Should understand SCADA protocols (like modbus*) to detect unauthorized commands and identify their source Should have a remote management options for update and reconfiguration * on request = Endian 4i Series

The Endian 4i Productline Endian 4i is a complete multilayered security system for the industry VPN Endpoint security devices VPN-Concentrator and Access-Server Classical UTM appliances for the gateway protection A complete management solution for all distributed devices and VPNs

The Endian 4i Industrial Protection Concept Endian UTMs appliances as gateway and perimeter security Endian 4i edge device to protect any single endpoint Endian Access Server as VPN concentrator and secure switchboard connects from any Internet enabled device into your SCADA device. The Endian Network allows you to monitor and manage all Endian applinaces from one place Endian drop in: Any 4i device can work as standalone and blends into existing infrastructure.

Endian 4i industrial protection create multiple barriers restrict access protect enpoints detect intrusion separate zones encrypt communication connect securely = unlimited nummer of VPNs = complete protection = software maitenance included

The Endian edge devices 4i Edge 200 An extremely powerful and scalable officesolution ideal for remote locations with more than one VPN Highlights: Metal body, fanless Low Power (< 5W) Recommended for: Infrastructure Healthcare Communications 4i Edge 300 The perfect industrial security solution suited for using in remote locations that are not temperature sensitive. Highlights: DIN Rail, fanless 24VDC Power Recommended for: Machine Building Manufacturing Infrastructur 4i Edge 500 Our most powerful and ruggedized industrial solution which works in extreme temperature environments. Highlights: -40 to 70 C Temperature DIN Rail, fanless 12/24/48VDC Power Recommended for: Machine Building/Manufacturing Infrastructure/Communications Healthcare

The Solid Gate Keeper Endian UTM appliance Internet Gateway Stateful Inspection Firewall Intrusion Prevention VPN Gateway Contenfilter Anti Virus Anti Spam Mail Security Surf Protection Routing /Bridging QoS, Traffic Shaping Application Level Gateway

The Secure Matchmaker Endian 4i Access Server Remote Access: Supports all relevant protocols for VPN Network communication (OpenVPN, IPsec). Intuitive Web Interface: A single interface to manage the remote access of Engineers, Partners or Customers. Rule and Role based Management: Allowing the network manager to control finegrained access rights to machines and applications. Mobile Connectivity: Provides access from the next generation of mobile devices like iphone, ipad, Android. Scalability: Offering access for up to thousands of devices, the 4i Access Server scales with your needs. Support for load balancing and failover systems ensures extremely high availability.

The Endian 4i Solution Endpoint Protection: 4i Edge VPN Management: Endian Access Server Gateway Protection: Endian UTM Endian 4i... Complete multilayered SCADA security. Device Management Endian Network 4i BYODprotection

Endian 4i built for the future of the industry Future proof...over 1 Mil Downloads of Endian firewalls ensure that Endian 4i is ready for latest security threats comming from the Internet. Easy to deploy...with easy drop in and 4i software update through Endian Network, deploying hundrests of VPN endpoints turns out to be lightning fast. Easy to manage....thanks to 4i's easy to unterstand web interface, quick VPN setup wizard and fast disaster recovery, managing IT security has become a lot easier.

A complete solution to SCADA security

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information