With the new Conditional Firewall functionality, pre-defined situational firewall rule sets can literally be activated at the push of a button. By various simple triggering events, asset operators can thus switch between firewall rule sets for different operating conditions, e.g., when different connections shall be allowed or denied during production, maintenance, or remote servicing situations.
Given the threat to industrial systems by ever more targeted attacks with malware, there is also increased user interest in the mGuard Integrity Monitoring functionality. This option provides for the surveillance of industrial PCs against potential infections and manipulations and has been further improved in its usability. Besides physical mGuard appliances, all of the functions mentioned are also available in another showcased new software product, mGuard eVA, the embedded Virtual Appliance for Windows PCs.
Background Information
The classic OPC protocol has been criticized long time for the IT security deficits and notorious firewall unfriendliness it inherited from Microsoft's DCOM model. Also, while OPC communication via routers is allowed, the masquerading or rewriting of addresses by network address translation (NAT) often desired for the integration of machinery and equipment into upper level networks has not been feasible without the help of additional OPC tunnels so far.
With OPC Unified Architecture (OPC-UA), a newer generation of OPC based on updated foundations is available which avoids the above deficits. However, the penetration of the market and installed base with this new technology is progressing slowly. Particularly in existing brown field plants, OPC classic will continue to be deployed for many years to come. Without add-on products, conventional firewalls will remain ineffective for OPC, resulting in poor network security of these applications.