The mGuard is a tool that allows us to perform these functions,” Kolkebeck said.įollowing field trials, the mGuard appliances were used to provide protection from vulnerabilities through firewall, VPN, routing and trap functions.
We utilize network segmentation, VLANS, and centralized firewalls and were looking to introduce intrusion detection (IDS) and intrusion prevention (IPS) systems into our network. “We were implementing multiple measures into our SCADA network in order to actively monitor our system. CIFS Integrity Monitoring functionality can protect file systems against unexpected modifications of executable code, by Stuxnet-derived malware for instance, by sending alerts to administrators. Virtual Private Network functions provide for secure authentication of remote stations, and the encryption of data traffic. Configuration of specific user firewall rules can restrict the type and duration of access to authorized individuals, who may login and authenticate themselves from varying locations, PCs, and IP addresses. If required, the security of networked equipment may be further enhanced. The devices operate invisibly and transparently, monitoring and filtering traffic to the protected systems by providing a Stateful Packet Firewall according to rules that can be configured via templates from a centrally located server.Īnd with bi-directional wire speed capability, the devices will not add any perceptible bottlenecks or latency to a 100 Mb/s Ethernet network. No changes need to be made to the network configuration of the existing systems involved.
#MGUARD PROJECT WEBS MAC#
In “Stealth Mode” these products are completely transparent, automatically assuming the MAC and IP address of the equipment to which they are connected, so that no additional addresses are required for the management of the network devices. Previously, it would require a day’s time of an experienced IT technician, whereas now we can roll out a new VPN device in 10 minutes.” “By default, the mGuard is configured in its most secure configuration. “The ability for the mGuard to do AES-256 encryption along with its industrial design was key,” Kolkebeck said. They are network transparent and simple to install. The mGuard security appliances protect industrial automation networks. The company initially installed a dozen devices as a test bed. Rated IP 20 for mounting in factory enclosures, they can be installed and enabled by technicians, rather than network administrators.Īfter review of the technology, the United Water IT Department was receptive to the concept as it would allow process personnel to deploy and maintain their own networks, freeing up IT for other tasks. The hardened, industrial version of mGuard has been in production since 2005 and has proven effective in thousands of demanding installations.
#MGUARD PROJECT WEBS PATCH#
The devices are available in various industrial-rated designs for DIN-rail mounting, for 19-inch rack mounting in cabinets, as PCI cards or as dongle-style patch cords for roaming technicians. The system includes small, industrial-rated modules that incorporate router, firewall, encrypted VPN tunnels, filtering of incoming and outgoing connectivity, authentication and other functions to provide layers of distributed “defense-in-depth.” In early 2010, United Water was introduced to the mGuard® family of industrial network security devices from Phoenix Contact, created and developed by their subsidiary Innominate Security Technologies. United Water is working to improve security of its SCADA control networks. In the past, we had mixed results using office network-grade products that were expensive, required special skills to configure, and failed frequently.” “We needed a solution that was easy to configure, powered by 24 vDC, met our IT security standards, and could hold up to years of operation in a harsh environment. “We needed an industrial solution, particularly for our remote sites,” said Keith Kolkebeck, systems engineering project manager for United Water. The systems engineering group, corporate IT department and an outside consulting firm were involved in the project and the security product evaluations. In 2009, the company was proactively planning to increase the security of its SCADA control networks. United Water supports over 300 remote field sites company-wide. Over the past 30 years the company has used a variety of methods to connect to remote sites, including modems, leased lines, dry pairs, and licensed radio. United Water operates and manages water and wastewater systems that serve about 7 million people across the US.
0 kommentar(er)
