In traditional IT, regular security updates for computers and other devices in the network are usual. The operating systems and anti-virus software are continuously checked for necessary updates and, if available, updated without delay. The user oftenly doesn't notice it. Such automatic update processes are not feasible for systems used in manufacturing and production. On the one hand, the most important thing is the high availability. An industrial PC that moves a tool or material through a machine at several meters per second cannot even stop the process for a few seconds to install software updates. On the other hand, some software in production, such as the runtime of a SoftPLC, is only released up to a specified service pack. The user must then wait whether or until the manufacturer will provide an update.

Isolating network segments

In order to achieve an effective protection against attacks from outside, the user can isolate network segments with the mbNETFIX industrial firewall - and only allow a defined data traffic. By creating secure zones, the user not only defuses the update problem, but also protects device panels and controllers that do not have any security mechanisms of their own.

Security by design

The industrial firewall is configured simply by learning mode. Here the firewall allows unlimited communication and records all connections. The user then decides which connections are allowed and which are not wanted among the IP devices and are therefore blocked on the basis of the recorded packet table. The firewall concept is based on "Security by Design". Even during design and development, possible threat scenarios are analyzed and appropriate protection is provided. In order to keep the attack vectors as small as possible, a web interface for configuration was deliberately omitted. Instead, the firewall is configured locally via the USB port. For IT experts, an SSH interface is also available, which can be optionally activated. ▪ ds