News

Securing the Network

Dec 22, 2023

Securing the Network

Protect Edge Gateway from Intrusion

Written by:  Jon Tandy, Product Application Engineer

 

As the security threat landscape continues to evolve, you need an edge gateway that can give you peace of mind. The Elecsys Industrial Data Gateway (IDG) products provide not only robust support for host system and field device protocols, but they also enable users to increase the security of SCADA and IIoT systems.

 

Some customers protect their edge gateways and other control equipment within multiple layers of security zones in a private IT network. For others, the edge gateway may be exposed to less secure corporate networks or the Internet via cellular and other communication channels. Either way, the possibility exists for bad actors to intrude into a control network by using brute force methods of hacking a device password. In a previous story, we discussed a device management solution to help customers manage regular updates of their gateway passwords.

 

If a malicious intruder were able to gain access to your edge gateway, they may be able to leverage that access for deeper penetration into the corporate network. The Elecsys gateways provide many firewall options for preventing or limiting brute force attacks and unwanted connections to available TCP or UDP ports on the gateway. For instance, you can:

  • Block connections to any open port, except from an allowed white list of source IP addresses.
  • Block repeated password login attempts, by locking out a user for a period of time if they fail to log in successfully too many times in a row.
  • Report password intrusion attempts to a remote syslog server.
  • Utilize certificate or public key authentication for a more secure login than with a simple password.
  • Use an encrypted outbound client protocol for data (such as TLS-encrypted MQTT) to eliminate exposed holes in the field gateway firewall, as opposed to a traditional server protocol (such as Modbus poll-response).

 

For customers who are not yet taking full advantage of robust data security in your edge gateway, please contact Elecsys to see how we can help improve the integrity of your control network.

 

Jon Tandy

Product Application Engineer, IDG

+1 (913) 890-8887

jon.tandy@lindsay.com