11 months ago


  • Text
  • Logistics
  • Terminal
  • Measuring
  • Automation
  • Sensor
  • Industries
  • Capacitive
  • Industrial
  • Measurement
  • Sensors

02 The protection of the

02 The protection of the production network can be improved by setting a wire bridge to start firewall configuration 03 Easy Protect Mode protects the control cabinet network cell against unauthorized access AUTOMATION mum protection. However, there’s not many users in industry who are IT security experts. Such people need firewalls that have been optimized for industrial applications and are also easy to work with. Phoenix Contact’s new FL mGuard 1100 series (figure 1) caters to exactly this target group: users who have an industrial application requiring a firewall, who don’t have profound technical know-how about the configuration of IT security devices, and who don’t have time to attend any relevant product training courses. The entry-level FL mGuard 1100 security products complement the existing FL mGuard 4000 product family tailored to the needs of security experts from the fields of IT and OT. The new series is not intended to replace the well-established FL mGuard 4000 devices, but it adds to the product portfolio security routers whose form, fit, and function differ from the existing offerings. To address the new target group, during product development of the mGuard 1100 family we focused on reducing the scope of functions to the essen- 8 WORLD OF INDUSTRIES 2020

tials as well as on automating more complex security settings. As a result, personnel with little knowledge of network technology can activate the devices on their own, quickly, and with minimal effort. Time-intensive product training is thus not needed. Assigning an IP address is no longer necessary One special feature of the FL mGuard 1100 series security routers, besides a high data throughput, is their Easy Protect Mode. Setting a simple wire bridge on the device will activate a firewall rule set used in numerous applications. The special advantage of the Easy Protect Mode is that the operating personnel doesn’t need to assign an IP address to the product. The security routers work completely transparently, like a passive Ethernet cable. In the same way, industrial network cells can also be protected subsequently – and it’s easy, simple, and quick to do so (figure 2). Figure 2 shows how a production network can easily be segmented using an FL mGuard 1100 running in Easy Protect Mode to increase the level of protection of the application. It will still be possible for the production server to access all machines and retrieve values. Nevertheless, accessing other production areas via the machine, via the notebook computers used by the service technicians, or via an external modem that belongs to a machine building company and is connected to the machine, will no longer be possible. If a machine was infected by malware, only one subsegment, not the entire production network, would fail. Thus, the risk can be considerably reduced simply by means of two inexpensive and quick-to-install components (figure 3). Figure 3 shows another example. In this case, the data from a control cabinet are transmitted to a server. When in Easy Protect Mode, the FL mGuard 1100 prevents persons from accessing the built-in network components inside the control cabinet from the outside. The controller or other components mounted in the control cabinet can, however, still establish a secure VPN tunnel to a central server from within the control cabinet and send as well as receive data accordingly. In this way, the level of protection can be improved easily and quickly by installing an FL mGuard 1100 in Easy Protect Mode, even one without a built-in VPN functionality. Even very complex communication networks can be mapped The security router brings another advantage with its integrated Firewall Assistant. This assistance function makes it easier for the user to configure the firewall. It is not necessary for the personnel in charge to have any skills regarding topology, protocols, ports, or similar. When they activate the Firewall Assistant, suggestions for suitable firewall rules are automatically created on the basis of the incoming and outgoing data traffic. Depending on their needs, users can then decide whether or not to follow those suggestions. In this manner, even more complex communication relationships can be mapped in a short period of time, and, more importantly, without the support of an IT department. The third assistance function of the FL mGuard 1100 is the Test Mode. This function identifies undefined communication relationships, reports them to the user, and suggests complementary firewall rules. Thus, the firewall rules can be expanded very precisely at a later point in time, and the availability of the machine will still be ensured. A solid cybersecurity baseline protection The protection of industrial networks has proven to be essential. However, many industrial users aren’t IT security experts. They need a firewall that has been optimized for their field of application and is easy to work with. The new FL mGuard 1100 series provides this target group with three supportive firewall functions: Easy Protect Mode, Firewall Assistant, and Test Mode. Without extensive product training, any employee can now equip their company’s industrial networks with solid cybersecurity baseline protection. Photos: Phoenix Contact Products, solutions, services Phoenix Contact offers to its customers a wide range of cybersecurity products. Its services and training courses enable automation systems that are designed to operate securely. Their quality is continously enhanced and verified by independent third parties. Product offerings with coordinated IT security functions round out the portfolio. These IT security functions can either be integrated into devices, for example, controllers, or they come as dedicated IT security products such as the FL mGuard series firewall and VPN routers. Phoenix Contact is one of the first companies in Germany to have been certified by TÜV SÜD in accordance with the IEC 62443-4-1 and -2-4 series of standards for IT security. This confirms that the company n develops secure by design products in compliance with the IEC 62443-4-1 process, and n designs secure automation solutions in compliance with the IEC 62443-2-4 process. The certifications emphasize Phoenix Contact’s strategy of offering standardized IT security in products, industry solutions, and consulting services to ensure the future-proof operation of machines, systems, and infrastructures. WORLD OF INDUSTRIES 2020 9