Protecting the Industrial Network

Secure Remote Internet Maintenance
Fast, high quality service for machinery and production equipment installed worldwide would be inconceivable without remote tele-maintenance service. Service costs are significantly reduced, particularly during the warranty period. In the past, two hurdles existed: security concerns regarding unauthorized operators dialing into the network, and problems with antiquated modem connection technology. The Internet and VPN-based connections are increasingly replacing dial-up modems, and new industrial network security modules are providing tailored solutions efficiently and economically.

Secure and economically scalable Internet-based remote service solutions are available today. This is critical because modern machinery and equipment is increasingly embedded with powerful software and firmware. The downside is that problems with software can be responsible for a majority of machine outages. Service requests and software updates will therefore be central functions of the remote tele-maintenance service. Previously used analog modem technology is no longer adequate.

The main reasons for the transition from modem to Internet-based remote services are simple. The keywords are cost, availability, security, bandwidth and stability.

For international and long-distance service requirements, the costs of modem-based remote service connections are significant. The availability of analog telephone lines in the industrial environment is declining, and modems are increasingly incompatible with modern telecommunications facilities. In addition, there are growing concerns that modems can be utilized as "backdoors", providing a security risk to networked systems. As a result of security policies, plant managers are increasingly banning modem technology from their networks. And lastly, the very limited bandwidth and unsatisfactory stability of dial-in analog phone lines to distant regions of the world often prevents truly efficient customer support and no longer meets the requirements of an up-to-date remote services offering.

Increased Security Requirements
The growth in networking of complex industrial machinery, process equipment and high speed production lines has increased the requirements for the security and performance characteristics of Internet-based remote service solutions. All parties share the need for network security, and so it is important that access authentication, confidentiality and integrity be established by the use of Virtual Private Networks (VPNs). Ideally, these properties need to be established and ensured "end-to-end" between the Remote Service Center and the client equipment.

Remote service providers want a single, scalable solution with central management capability, which can be retrofitted to systems already in the field, with no interference to the hardware or software of the plant equipment itself. To connect many hundreds or even thousands of customer systems to a service center, it is necessary to consider and overcome potential IP address conflicts within private networks. Network managers place great value on the demonstration of a secure solution with minimal interference to their network and firewalls. They value remote service availability, but also value their control over the timing of remote service connectivity, on an "as required" basis. The successful proof of security and safety is best achieved by the use of transparent, open standards such as the leading VPN standard, IPsec (Security Architecture for the Internet Protocol).

For the rest of the paper click here.

This technical paper details Innominate's technical security solutions, along with four examples from industry.