April 17, 2019 | English | Tech skill level: Medium
How to secure your industrial network from unauthorised devices and unsolicited requests using spoofing and perimeter protection.
Perimeter protection and spoofing protection are vital layers of defence against cyberattacks. Using a configuration management tool, such as WeConfig NCM, perimeter firewalls are relatively simple to implement. However, these physical and logical shells can be bypassed, with infections brought inside the protected barrier by people residing on the trusted network. In addition, some intrinsic weaknesses to the IP stack specifications (not containing integrity checks) make it possible for an attacker to intercept communications unnoticed by masquerading devices to look like they are existing and legitimate devices (spoofing).
In an industrial control system, where data flows are known and static, Westermo WeOS devices can monitor outgoing traffic at the boundary, and bad or unknown connection requests can be logged to an intrusion detection system. When new WeOS devices are connected to the network, the validity of the device can be checked. By implementing port identification, using 802.1x over RADIUS, failed authentication attempts, which provide a good indication of a potential attack, can also be logged.
In this Webinar, Westermo’s Cyber Security Product Manager Niklas Mörth and Network Applications Expert Dr. Jon-Olov Vatn will explain why perimeter protection must include outgoing traffic monitoring and port authentication.
Duration: 46 minutes.
This session was the third webinar in a series of webinars where Westermo’s Cybersecurity and Network Applications Experts discuss the fundamentals of industrial cybersecurity. Read more about the series of cybersecurity webinars and watch the other sessions on demand