With mbNetfix the user can define exactly which data traffic is allowed between the network segments

Protecting production networks effectively

"Never touch a running system" is widely used in the automation environment. To make the production network more secure in spite of missing updates, the experts recommend the systematic isolation of individual network segments – for example with the use of the mbNETFIX industrial firewall.
In traditional IT, regular security updates for computers and other devices in the network are usual. The operating systems and anti-virus software are continuously checked for necessary updates and, if available, updated without delay. The user oftenly doesn't notice it. Such automatic update processes are not feasible for systems used in manufacturing and production. On the one hand, the most important thing is the high availability. An industrial PC that moves a tool or material through a machine at several meters per second cannot even stop the process for a few seconds to install software updates. On the other hand, some software in production, such as the runtime of a SoftPLC, is only released up to a specified service pack. The user must then wait whether or until the manufacturer will provide an update.

Isolating network segments

In order to achieve an effective protection against attacks from outside, the user can isolate network segments with the mbNETFIX industrial firewall - and only allow a defined data traffic. By creating secure zones, the user not only defuses the update problem, but also protects device panels and controllers that do not have any security mechanisms of their own.

Security by design

The industrial firewall is configured simply by learning mode. Here the firewall allows unlimited communication and records all connections. The user then decides which connections are allowed and which are not wanted among the IP devices and are therefore blocked on the basis of the recorded packet table. The firewall concept is based on "Security by Design". Even during design and development, possible threat scenarios are analyzed and appropriate protection is provided. In order to keep the attack vectors as small as possible, a web interface for configuration was deliberately omitted. Instead, the firewall is configured locally via the USB port. For IT experts, an SSH interface is also available, which can be optionally activated. ds
Loading... Loading...