Secure networks for critical infrastructure RADiflow addresses the emerging risk of cyber attacks on critical SCADA systems

Secure networks for critical infrastructure
RADiflow addresses the emerging risk of
cyber attacks on critical SCADA systems
• SCADA security tool set integrated in ruggedized routers
• Per port DPI (Deep Packet Inspection) SCADA Firewall
• Encrypted IPSec VPN tunnels over Cellular & Fiber • Variety of interfaces (Serial, Cellular, Fiber, Cooper, TDM)
l
• Central cyber security management & monitoring tool
Service Aware Key Capabilities
Security
• Detailed service-aware inspection of leading SCADA
protocols: ModBus, IEC 101/104, DNP-3, IEC 61850
• Distributed per-port Deep-Packet-Inspection Firewall
at each remote sites
• Network Learning - For easy deployment of distributed Firewall rules
• Central iSIM NMS - for managing distributed Firewall
security devices
Multi-access VPN
• Supporting variety of network access interfaces with
resiliency mechanisms
• IPSec VPN tunneling to secure the application traffic
when using untrusted network infrastructure
• support for x509 certificates for secure key
management
• Integrated Dual-SIM 2G/3G/4G cellular modem as
primary up-link or back-up
Integrated Physical & Cyber security
• Roll Base Access Control (RBAC) DPI firewall based on
physical access
• Firewall Rules per User - To allow full control of user’s
operation in the network.
• Restrict user access using two factor authentication
synchronized with physical access control
• Integrated with SIEM servers for consolidated security
management
Serial migration services
• Legacy RS-232/RS-485 serial interfaces with an integrated
protocol gateway to an IP-based SCADA network
• Support for leading automation protocols: ModBus, IEC
101/104, DNP-3 and more
• Transparent tunneling of Serial data-streams between
multiple devices
• Terminal server and Virtual COM-port models for direct
connection of a computer to serial devices
Applications Case Studies
Smart Grid
• SCADA firewall deployed in every sub-station to validate
the critical distributed automation (DA) commands
• Easy deployment using integrated cellular modem with
VPN & 2 SIMs for mobile operator redundancy
• Serial interfaces with protocol gateway for connectivity
of legacy IEDs
• Discrete relay I/O lines for remote monitoring and
control of physical alarms
Power Utility substation
• Validating the SCADA application behavior between the
control center & the substation RTUs • Optional IPSec encryption of backbone traffic when
using non-secure links (wireless, leased lines, etc.)
• Support for IEC61850 sub-station LAN traffic including
GOOSE multicast messages & IP routing segmentation
• Integrated serial interfaces with protocol gateway
functionality for smooth migration of legacy IEDs
Oil & Gas
• Unified networking for SCADA & CCTV in remote sites
using Serial, Ethernet and PoE • Distributed DPI firewall for ModBus TCP and Serial
ModBus RTU flows
• Remote management over Cellular & Fiber with VPN &
resiliency mechanisms
• Two factor authentication of remote users for secure
maintenance Smart City
• Cellular modem enables backup connectivity in case of
failure in primary link
• Validating the remote control of automation devices
such as traffic lights • Up to 8 PoE+ ports to power CCTV cameras and radio
equipment
• Integration of cyber security events into the SOC
(security operation center)
RADiFlow portfolio
Secure networks for critical infrastructure
1031
Secure Utility Gateway
Power supply units:
106X44.7X120 mm (4.17,1.76,4.72 in.)
1X10/100, 1X100/1000 SFP,
2X Serial port, Cellular.
1 power input.
3180 Compact secure switch/router
Dimensions (HxWxD)
Interfaces
Power Supply Units
148x72x123 mm (5.83,2.83,4.84 in.) 8/16x10/100TX, 2x100/1000 SFPs
Optional: Serial ports, Cellular
1 (with 2 power inputs)
3700 Modular ruggedized
switch/router
Dimensions (HxWxD)
Interface slots
Power Supply Units
148x380x139 mm (5.83,14.96,5.47 in.)
7 (each with 4 Ethernet or Serial ports)
2 (each with 2 power inputs)
iSIM
Intelligent service management system
• Distributed per-port DPI Firewall
• Network Learning - For easy creation
Firewalls rules
• Anomaly behavior detection in the network
• Remote Access using Two-FactorAuthentication, with full auditing
• IPSec VPN over Cellular & Fiber with X.509
certificates
• Syslog reporting to SIEM tools for
integration of Physical & Cyber security • Secure management using SNMPv3, SSH and RADIUS
Networking:
• Ruggedized, industrial-grade hardware for
extensive operating conditions
• Environmental compliance according
IEC61850-3, IEEE1613
• Variety of interfaces such as 100/1000 Fiber,
10/100 Copper and Serial RS-232/RS-485 • 2G/3G/4G Cellular modem using dual SIM for
redundancy
• L2 protection using ERP & Spanning tree
• IP routing using OSPF, RIP, VRRP and VRF
• IEEE1588v2 clock synchronization
Contact us
Headquarters Telephone: +972-77-5012702
[email protected]
USA office
Telephone: +1 (201) 8039350
[email protected]
UK office
Telephone: +44 (0) 1752 936195
[email protected]
Ordering number: CT-BR03050
Dimensions
Interfaces:
Security: