Secure networks for critical infrastructure RADiflow addresses the emerging risk of cyber attacks on critical SCADA systems
Secure networks for critical infrastructure RADiflow addresses the emerging risk of cyber attacks on critical SCADA systems • SCADA security tool set integrated in ruggedized routers • Per port DPI (Deep Packet Inspection) SCADA Firewall • Encrypted IPSec VPN tunnels over Cellular & Fiber • Variety of interfaces (Serial, Cellular, Fiber, Cooper, TDM) l • Central cyber security management & monitoring tool Service Aware Key Capabilities Security • Detailed service-aware inspection of leading SCADA protocols: ModBus, IEC 101/104, DNP-3, IEC 61850 • Distributed per-port Deep-Packet-Inspection Firewall at each remote sites • Network Learning - For easy deployment of distributed Firewall rules • Central iSIM NMS - for managing distributed Firewall security devices Multi-access VPN • Supporting variety of network access interfaces with resiliency mechanisms • IPSec VPN tunneling to secure the application traffic when using untrusted network infrastructure • support for x509 certificates for secure key management • Integrated Dual-SIM 2G/3G/4G cellular modem as primary up-link or back-up Integrated Physical & Cyber security • Roll Base Access Control (RBAC) DPI firewall based on physical access • Firewall Rules per User - To allow full control of user’s operation in the network. • Restrict user access using two factor authentication synchronized with physical access control • Integrated with SIEM servers for consolidated security management Serial migration services • Legacy RS-232/RS-485 serial interfaces with an integrated protocol gateway to an IP-based SCADA network • Support for leading automation protocols: ModBus, IEC 101/104, DNP-3 and more • Transparent tunneling of Serial data-streams between multiple devices • Terminal server and Virtual COM-port models for direct connection of a computer to serial devices Applications Case Studies Smart Grid • SCADA firewall deployed in every sub-station to validate the critical distributed automation (DA) commands • Easy deployment using integrated cellular modem with VPN & 2 SIMs for mobile operator redundancy • Serial interfaces with protocol gateway for connectivity of legacy IEDs • Discrete relay I/O lines for remote monitoring and control of physical alarms Power Utility substation • Validating the SCADA application behavior between the control center & the substation RTUs • Optional IPSec encryption of backbone traffic when using non-secure links (wireless, leased lines, etc.) • Support for IEC61850 sub-station LAN traffic including GOOSE multicast messages & IP routing segmentation • Integrated serial interfaces with protocol gateway functionality for smooth migration of legacy IEDs Oil & Gas • Unified networking for SCADA & CCTV in remote sites using Serial, Ethernet and PoE • Distributed DPI firewall for ModBus TCP and Serial ModBus RTU flows • Remote management over Cellular & Fiber with VPN & resiliency mechanisms • Two factor authentication of remote users for secure maintenance Smart City • Cellular modem enables backup connectivity in case of failure in primary link • Validating the remote control of automation devices such as traffic lights • Up to 8 PoE+ ports to power CCTV cameras and radio equipment • Integration of cyber security events into the SOC (security operation center) RADiFlow portfolio Secure networks for critical infrastructure 1031 Secure Utility Gateway Power supply units: 106X44.7X120 mm (4.17,1.76,4.72 in.) 1X10/100, 1X100/1000 SFP, 2X Serial port, Cellular. 1 power input. 3180 Compact secure switch/router Dimensions (HxWxD) Interfaces Power Supply Units 148x72x123 mm (5.83,2.83,4.84 in.) 8/16x10/100TX, 2x100/1000 SFPs Optional: Serial ports, Cellular 1 (with 2 power inputs) 3700 Modular ruggedized switch/router Dimensions (HxWxD) Interface slots Power Supply Units 148x380x139 mm (5.83,14.96,5.47 in.) 7 (each with 4 Ethernet or Serial ports) 2 (each with 2 power inputs) iSIM Intelligent service management system • Distributed per-port DPI Firewall • Network Learning - For easy creation Firewalls rules • Anomaly behavior detection in the network • Remote Access using Two-FactorAuthentication, with full auditing • IPSec VPN over Cellular & Fiber with X.509 certificates • Syslog reporting to SIEM tools for integration of Physical & Cyber security • Secure management using SNMPv3, SSH and RADIUS Networking: • Ruggedized, industrial-grade hardware for extensive operating conditions • Environmental compliance according IEC61850-3, IEEE1613 • Variety of interfaces such as 100/1000 Fiber, 10/100 Copper and Serial RS-232/RS-485 • 2G/3G/4G Cellular modem using dual SIM for redundancy • L2 protection using ERP & Spanning tree • IP routing using OSPF, RIP, VRRP and VRF • IEEE1588v2 clock synchronization Contact us Headquarters Telephone: +972-77-5012702 [email protected] USA office Telephone: +1 (201) 8039350 [email protected] UK office Telephone: +44 (0) 1752 936195 [email protected] Ordering number: CT-BR03050 Dimensions Interfaces: Security:
© Copyright 2024