Security Features in Industrial Managed Switches for the New Generation Automation

California, U.S.A., November 2017 – Ethernet Direct Corporation, a professional and primary provider of industrial networking and communication solutions shares the security features of a premium Industrial managed switch designed for the new generation automation.

Every organization can increase the security posture of their network infrastructure by implementing a secured Layer 2 part of the network management which is sometimes overlooked or not fully executed.

Ethernet Direct highlights some security features found in our Industrial managed switches.

  • User Privilege Levels Security

    The ability to assign different user account with different authorization levels in a click of the box. Privilege levels are assigned specifically to prevent unauthorized account or person to interfere with an organization’s network security.

  • Switch Port Security

    The simplest form of switch security is using port level security. When using port level security, the number of MAC addresses of the connected devices is controlled.

  • IP Source Guard

    IP Source Guard permits IP traffic from certain IP addresses, dropping the rest of IP traffic in order to prevent a form of Layer 2 attack known as IP spoofing attack. This feature will only allow the traffic as permitted by DHCP snooping table of that interface. If the user later puts a different static IP address, then that traffic will be dropped.

  • Address Resolution Protocol (ARP) Inspection

    The ARP Inspection is a security feature that protects the Address Resolution Protocol which is vulnerable to an attack like ARP poisoning. This feature checks all ARP packets on entrusted interfaces & it will compare the information in the ARP packet with the DHCP snooping database and/or an ARP access-list. If the information in the ARP packet doesn’t matter, it will be dropped.

  • Port & MAC Based Authentication (IEEE 802.1X)

    Not all devices support 802.1X authentication. IEEE 802.1X is a standard for port-based Network Access Control to provide an authentication mechanism to devices wishing to attach to a LAN or WLAN. The 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. An Ethernet switch is an authenticator which acts like a security guard to a protected network.

  • RADIUS/TACACS+ 3.0

    Terminal Access Controller Access-Control System (TACACS) is mainly used for Device Administration AAA (Authentication, Authorization and Accounting).

    Remote Access Dial-In User Service (RADIUS) is an IETF standard for AAA.

    As with TACACS+, it follows a client / server model where the client initiates the requests to the server. RADIUS is the protocol of choice for network access AAA.

  • Access Control Lists (ACL)

    An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.

  • HTTPS / SSL / SSH V2

    HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer. It is used to indicate a secure HTTP connection.

    SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

    SSH (Secure Shell) is a network protocol designed for securing remote access and communications over an unsecured network by using login and password authentication, eg. PuTTY .

    Above imply securing remote communications and data transfers.

To understand more about the Advanced Security Ethernet Direct industrial Managed Switches, please e-mail sales@ethernetdirect-us.com or sales@ethernetdirect-tw.com

To get the latest Technical paper concerning “Security Features for the Next Generation Automation”, you can join our EDucational Link