INSYS updates security on industrial routers

INSYS updates security on industrial routers

July 9, 2013 - INSYS extended the functional range of its industrial routers with security features included in firmware update 2.11. The firmware follows the current recommendations of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) and the white paper of the German Association of Energy and Water Industries (Bundesverband der Energie- und Wasserwirtschaft, BDEW).

Routers which not only allow for remote access but also establish connections for data transfer pose a potential threat to application and network security. These devices are often installed in remote locations, such as photovoltaic systems which cannot be sufficiently protected against physical access. Of all bad scenarios, theft of the router is the least to worry about. A much greater danger is the possibility of professionals gaining access to company IT networks, disrupting these and stealing or even manipulating data.

Even before the update, INSYS icom’s routers were equipped with a wide range of security features, including VPN functionality (encryption, mutual authentication) and a firewall (white list). If a router is reset to factory settings, previous configurations and log files can no longer be accessed or changed. After a certificate is integrated, it can never be read out again. Moreover, users can define access options to the configuration interface: local configuration can be disabled completely.

With the firmware version 2.11, INSYS icom adds many new security functions established in the IT world to its routers. Key features are the prevention of unauthorised access to the device and the sending of user-specific messages via email, SMS, or SNMP in case of security-critical events. These events include unsuccessful dial-in attempts, plugging in or unplugging cables at the switch, unsolicited traffic, or changes to the configuration. Additionally, INSYS icom routers feature a MAC firewall that blocks data packets from unknown devices.