September 22, 2022

Industrial firewall with an easy-to-implement solution to isolate network components

01-09-2022 | W&T | Submarines and systems

W&T has added the Microwall Bridge to a line of industrial firewalls with an easy-to-implement solution for isolating network components throughout continuous operation – without having to touch sensitive IP configuration.

The practical implementation of network segmentation in growing structures is usually difficult: connecting the networks of huge CNC machining centers to a complex global system via various terminals, including the smallest on-board devices such as sensors , actuators or switches. Since conventional segmentation is achieved using routers at the IP level, it almost always requires tedious reconfiguration of the basic IP settings of all components involved. If the necessary access data is available, there is always an extremely high risk of error and the resulting troubleshooting inevitably leads to a production stoppage.

To stop such shutdowns and protect such components whose access parameters have been lost, the device offers a quasi plug-and-play solution in two stages: First, the devices to be protected or function groups are aggregated at the physical level using Ethernet switches. The uplink to the surrounding main network remains intact during this phase, so the only loss occurs when the network cable is actually plugged in. Then it is switched to the uplink for the main network. The web interface is used to release the required communication connections between the main network and the isolated network. The IP configuration of the affected devices remains unchanged.

The IP-transparent security enhancement minimizes the otherwise common risk of abandonment through its minimal integration effort. It also provides a very simple emergency fallback in the event of a device failure. The device protects vulnerable systems from malware and unwanted access, including older machines or systems such as services with known security vulnerabilities. Whitelist-based filtering rules provide that only explicitly enabled communications take place.


Source link