Enabling Greater Security in Automation by Selecting the Right Industrial Managed Switches to Prevent Layer 2 Attacks in your Network

California, U.S.A., November 2017 – Ethernet Direct Corporation, a professional and primary provider of industrial networking and communication solutions shares some important factors on how to enable a greater security in industrial automation and how to prevent Layer 2 attacks in your networks.

The advent of Industrial Internet of Things (IIoT) platforms has made it possible for a proliferation of cloud networks which account for easy connectivity, easy data transportation and efficient automation. Industrial Ethernet is the ubiquitous communication standard in automation due to low cost, high bandwidth and highly reliable managed networks. Control engineers need to careful consider network security in order to prevent and protect the connected devices in the network. Industrial devices such as industrial managed Ethernet switch, firewall and gateway controllers can be referred to as the cyber security gatekeepers in automation. Cyber security would cover application security, information security, network security and operational security.

There are many Industrial managed switches available which offer “nice to have” features but not focusing on security. Ethernet Direct pioneers in Advanced Layer 2 Industrial managed switches by providing a full spectrum of management security features. In order to understand how important security would be, we need to first understand the possible network attacks listed as follows:

  • VLAN Hopping is a method of attacking networked resources on a virtual LAN by attacking host on a VLAN to gain access to traffic on other VLANs.
  • MAC Attacks is a method of flooding the CAM table.
  • DHCP Attacks such as DHCP Starvation (by broadcasting DHCP requests with spoofed MAC addresses) and Rouge DHCP server (a DHCP server set up on a network by an attacker which is not under the control of network administrator).
  • ARP Attacks by means of ARP spoofing, ARP cache poisoning, or ARP poison routing, which is a technique by which an attacker sends spoofed Address Resolution Protocol messages onto a local area network.
  • Spoofing Attacks by MAC spoofing or IP spoofing.

The new Husky series Industrial managed switches are engineered using the most advanced software technologies for added reliability and maximum security. Some of our switch security features are listed below which can be preventive measures against the above mentioned layer 2 attacks.

  • Port Security
  • IP Source Guard
  • ARP Inspection
  • Port & MAC based Authentication (IEEE 802.1X)
  • RADIUS / TACACS+ 3.0
  • ACL (Access Control Lists)
  • HTTPS / SSL / SSH V2

To understand more about the Advanced Security Ethernet Direct industrial Managed Switches, please e-mail sales@ethernetdirect-us.com or sales@ethernetdirect-tw.com

To get the latest Technical paper concerning “Security Features for the Next Generation Automation”, you can join our EDucational Link