mGuard Cybersecurity now with OPC Inspector and Conditional Firewall

mGuard rs4000 3G – the newest mGuard security appliance model with an integrated switch and 3G cellular radio module for worldwide use. (PresseBox) (Hannover / Germany, ) At Hannover Messe 2014, Innominate will present the upcoming version mGuard 8.1 of its security appliance firmware with unique new functions for industrial cybersecurity. Its new module mGuard OPC Inspector masters the complex connection tracking of OPC dialogues across their changing ports and connection directions, thus enabling an effective control and filtering of OPC based on the stateful inspection firewall principle. For OPC communication via mGuard routers, even NAT methods such as masquerading or 1:1 NAT mapping can be used thanks to a special deep packet inspection technique - a true world first and little sensation for experienced OPC users.

With the new Conditional Firewall functionality, pre-defined situational firewall rule sets can literally be activated at the push of a button. By various simple triggering events, asset operators can thus switch between firewall rule sets for different operating conditions, e.g., when different connections shall be allowed or denied during production, maintenance, or remote servicing situations.

Given the threat to industrial systems by ever more targeted attacks with malware, there is also increased user interest in the mGuard Integrity Monitoring functionality. This option provides for the surveillance of industrial PCs against potential infections and manipulations and has been further improved in its usability. Besides physical mGuard appliances, all of the functions mentioned are also available in another showcased new software product, mGuard eVA, the embedded Virtual Appliance for Windows PCs.

Background Information

The classic OPC protocol has been criticized long time for the IT security deficits and notorious firewall unfriendliness it inherited from Microsoft's DCOM model. Also, while OPC communication via routers is allowed, the masquerading or rewriting of addresses by network address translation (NAT) often desired for the integration of machinery and equipment into upper level networks has not been feasible without the help of additional OPC tunnels so far.

With OPC Unified Architecture (OPC-UA), a newer generation of OPC based on updated foundations is available which avoids the above deficits. However, the penetration of the market and installed base with this new technology is progressing slowly. Particularly in existing brown field plants, OPC classic will continue to be deployed for many years to come. Without add-on products, conventional firewalls will remain ineffective for OPC, resulting in poor network security of these applications.

Kontakt

PHOENIX CONTACT Cyber Security AG
Rudower Chaussee 13
D-12489 Berlin

Bilder

Social Media