SecurityBridge Firewall From Pilz Now Also Protects Automation Networks That Include Devices From Third-Party Suppliers – Open for Manipulation-Proof Communication
May 25, 2021
With its new firmware, the SecurityBridge firewall now offers comprehensive protection for industrial automation networks. Not only does it protect the configurable safe small controllers PNOZmulti and the automation system PSS 4000, it also now enables control over data communication between any other subscribers outside of the Pilz range. The SecurityBridge was developed in line with the secure development process in accordance with the standard IEC 62443-4-1 and also respects the principle of “Zones and Conduits”.
“Packet recording” has been added to the extensive diagnostic functions. This can be used to record data communication between subscribers from the secured controller network and the unsecured network. Recording can be restricted to specific communication relationships to enable you to analyse data more efficiently. That saves you valuable time during diagnostics.
Protect virtual access to your machine as well
Physical access to machinery is clearly defined in the Machinery Safety Directive. For example, a safeguard on a gate ensures that a person cannot move within the danger zone until the machine is in a safe state. The SecurityBridge firewall makes sure that on-site operation is not disturbed by access via the network and that only authorised persons have access to the plant via the network. As a firewall it monitors communication with the controller and controls the data flow. You can also use SecurityBridge to store user rights; these define which staff members may access which data.
For example, if a safety gate is open, SecurityBridge prevents access to the plant via the network. So SecurityBridge combines the benefits of a firewall with extensive knowledge of the product to be protected. As a result, your plant’s IT system is thoroughly protected.
This is how to use SecurityBridge
SecurityBridge can be connected upstream of the PNOZmulti base unit or PLC controller PSSuniversal PLC. It acts as a VPN server, through which it is possible to establish a virtual private network (VPN) to one or more client PCs (configuration PC). The connection between PC and device is therefore protected. Only users with the relevant permission can make changes to a project’s configuration. This prevents unauthorised access to the secured network. In this way, data transmission between the Client PC and SecurityBridge is safe from eavesdropping and manipulation.
SecurityBridge also controls the process data traffic and monitors the integrity of the safety system. Changes in the check sum indicate that there are changes in the PNOZmulti and PSS 4000 projects.
Benefits at a glance:
- – Protects against data manipulation through authentication and permission management
- – Increases the availability of the plant because only the necessary data (authorised configuration and process data) is transferred
- – Forwards process data with a low latency
- – Detects unauthorised changes to the project by monitoring the check sum (CRC)
- – Prevents unauthorised access because downstream devices are in a secured network
- – Configuration changes to a project can only be performed by users who have the relevant permission
- – Web-based user interface for easy configuration, diagnostics and maintenance
- – Connection to the central authentication system via RADIUS
- – Continuous updates, independently of the control system
- – Integral digital inputs and outputs to activate the VPN tunnel, for example
- – VPN server for building a VPN tunnel for safe transfer of data
- – USB interface for saving and restoring the configuration on a USB memory.
- – LED display for error messages and diagnostics