Build Your Remote Automation System on an Ultra-Secure Network
Industrial engineers have come to realize that mission-critical remote automation systems must maintain extremely secure networking environments. However, industrial networks pose unique security challenges because many industrial networks use non-proprietary protocols to simplify integration and traditional field devices such as PLCs and RTUs are not designed to support firewall or anti-virus software.
Remote utility applications, such as water pumping or oil pipeline systems, are especially vulnerable because these applications usually cover wide geographic areas and must be monitored and managed remotely. These systems can’t simply cut off all remote access to maintain security, and must have some way to distinguish authorized from unauthorized access. Network security threats can originate internally or externally, and can cause significant damage to your remote automation systems, compromising personnel safety and causing production losses. To solve this issue, engineers must proactively implement a trusted network protection solution for critical automation systems.
Moxa’s Cyber Security Solution at a Glance
 |
|
|
|
|
|
Features
 |
Firewall/NAT/VPN/Router all-in-one |
|
High performance Gigabit copper/fiber combo port |
|
1 WAN |
|
10 VPN |
|
Features
|
Firewall/NAT/VPN/Router all-in-one |
|
High performance Gigabit copper/fiber combo port |
|
2 WAN/1 DMZ |
|
25 VPN |
|
Features
|
Turbo Ring, Turbo Chain, RSTP/STP, and MSTP for network redundancy |
|
TACACS+, SNMPv3, IEEE 802.1X, HTTPS, and SSH to enhance network security |
|
Easy network management by web browser, CLI, Telnet/serial console, Windows utility, and ABC-01 |
|
 |
|
|
Moxa’s EDR-G902 and EDR-G903 series industrial VPN/Firewall secure routers excel as industrial VPN servers that integrate firewall, NAT, and rugged router functionality on one device. Users can build secure tunnels for utility remote access service through IPSec VPN Server/Client technology. In addition, the EDR-G902 and EDR-G903 series support wide operating temperature, high performance, and easy-to-use features. These new products are ideal for mission-critical remote automation applications, such as water pumping stations, oil pumping stations, power substations.
Moxa's Secure routers include the following cyber security features:
- Firewall: Controls network traffic between different trust zones.Network Address Translation (NAT), which shields the internal LAN from unauthorized activity from outside hosts, is included.
- Virtual Private Networking (VPN): VPNs are designed to provide users with secure communication links when accessing a private network from the public Internet. Uses IPSec (IP Security) for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
Moxa’s EDR-G902 series is a high performance secure router with advanced cyber-security functions. For example, the VPN (Virtual Private Network) and IPSec functions allow the creation of encrypted private tunnels over the public network to facilitate secure remote access for authorized users. The firewall function can isolate the automation network, and restricts unauthorized network access.
The EDR-G903 series industrial VPN/Firewall secure router provides enhanced functionality with 2 WAN and 25 VPN tunnels. Moxa also offers a Layer 2 industrial Ethernet switch portfolio to create a comprehensive security solution.
How a Secure Router Protects Pumping Station Control Networks?
| Pumping stations are usually a complex collection of distributed devices including sterilization equipment, ground and elevated storage tanks, and well and booster pumps. A pumping station usually covers wide geographical areas, and thus adopts a SCADA system for remote management. Since these utility systems play such vital roles, protection of the whole system network cannot be overlooked. |
|
| Three Major Security Challenges: |
| • |
Data transmission needs to be highly encrypted to prevent from malicious attacks, or unauthorized access. |
| • |
Video Surveillance, which is widely deployed in pumping stations, is sensitive to network delays. So, the network needs to support adequate processing capability to handle the additional security functions, while maintaining a smooth video streaming. |
| • |
A backup or redundant network connectivity is required to ensure a highly reliable network performance |
|
Secured Automation Network for Water Pumping Stations
| • |
IPSec and L2TP VPN pass-through for secure connections over the Internet |
| • |
Routed mode or bridge mode firewall |
| • |
Easy-to-use PolicyCheck and SettingCheck firewall functionality |
| • |
-40 to 75°C operating temperature (T models) |
|
Check out our white paper
on cyber security issue |
 |
|
|
