Feature Article
Security Appliances with Integrated Switch Even More
Secure and More Cost Effective
Ingo Hilgenkamp, Marketing Network Technology - Phoenix Contact Electronics GmbH
Mariam Coladonato, Product Marketing Specialist, Security - Phoenix Contact USA
Optimizing cybersecurity is an important topic in industrial automation today, but many businesses do not have a concrete
idea about the types of dangers against which they must defend themselves. Modern security devices, designed specifically to
meet requirements for the factory floor and other industrial settings, can effectively protect the automation network from many
types of attacks.
Today, most plants have complex machines and systems characterized by a high degree of automation. As plants move towards making the Industrial Internet of Things (IIoT) a reality, automation will increase. Such solutions must be equipped with
IT security that meets both system requirements and user needs.
IT security needs to erect appropriate impediments to the usual attack vectors coming from internal or external threats over
media such as the Internet. On the other hand, production systems need to operate with increasing efficiency. Downtime results not only in financial loss, but also jeopardizes delivery dates, and subsequently, the manufacturer's reputation. To prevent
such serious consequences, the company must consider measures to protect the constantly connected networks through
which these machines and systems communicate.
The continuous networking of machines and systems to form comprehensive systems has increased significantly in recent
years. However, when most of the individual components within the system were being planned and built, the engineers did
not necessarily foresee communication that would cross beyond the system's borders. In the past, these systems relied on
"security by obscurity," so IT-level security was often neglected. More recent attacks have made it clear, however, that even
special industrial protocols and proprietary technologies are threatened today.
Easy to Operate Even Without Special IT Expertise
To compete effectively, businesses are constantly looking for potential improvements. Users focus
on issues such as cost, security, bandwidth, availability, stability and reduction of complexity and
installation cost. To address these demands, some new industrial security appliances come with
an integrated switch (Figure 1). The new components save space on the DIN rail and simplify installation. These devices are available with one unmanaged switch with five ports or one managed
switch with four ports and a DMZ (Demilitarized Zone) port. SD (Secure Digital) memory cards can
be used as interchangeable configuration memories for quick device replacement.
More basic versions of these security appliances can offer high function at a low price. These
Figure 1.
devices can address simple or complex routing, NATing and/or remote maintenance applications
using VPN (Virtual Private Network) tunnels and guarantee a high level of security. Setting up
the required firewall to control the flow of data traffic is easy, even if the user doesn't have IT expertise. The built-in Ethernet
switch allows several internal devices to be routed through a single device, saving money and space on the DIN rail.
Conditional Firewall Predefines Rules
In addition to the routing functions, more advanced versions of the security appliances offer the full functional
scope of a firewall and VPN as well as a DMZ port and
managed switch with four ports. Precisely configurable
Stateful Inspection firewall filters communication based
on clearly organized incoming and outgoing rules. This
ensures that only data exchanges authorized by the
user take place. A simple two-position switch can be
the physical control for a conditional firewall switchover,
which activates/deactivates sets of firewall rules This
enables the firewall to be switched between rules for
various operating conditions by means of simple triggering events. This can be valuable during production or
system maintenance, when it may be necessary to allow
or forbid specific connections.
14
www.RemoteMagazine.com
Figure 2.
http://www.RemoteMagazine.com
Table of Contents for the Digital Edition of Remote - Fall 2016