Software upgrades industrial Ethernet security

Edited by the Engineeringtalk editorial team Apr 5, 2005

GarrettCom Europe has released a major software upgrade for its 6K range of managed Industrial Ethernet switches.

GarrettCom Europe has released a major software upgrade for its 6K range of managed Industrial Ethernet switches.

Installed in all new 6K switches and freely downloadable from the GarrettCom website for easy self-installation, the software substantially enhances network security as well as improving network management functionality.

The software, called MNS-6K Version 3.1, provides a rich range of management and security options based on SNMPv3, 802.1x (aka Radius), TACACS+, Address Table and ARP Table functionality.

SNMP (Simple Network Management Protocol) provides management and configuration functions and is the de facto network management standard for Industrial Ethernet networks.

Version 3 includes three new provisions for security - authentication, privacy and access control.

Using SNMPv3, security policies can be tailored to the needs of the user with options to restrict the sending and receiving of messages, authenticating and encrypting/decrypting messages, and controlling access to managed objects.

With v3 "masquerade" threats or message modification attempts are effectively recognised and eliminated.

Remote Authentication Dial-In-User Service (Radius) is a client/server security protocol whereby security information is stored in a central location known as the Radius server.

Radius clients (such as the GarrettCom 6K switches) communicate with the Radius server to authenticate users, offering the following advantages: tight security, flexibilty, simplified management and extensive logging.

Radius defines a mechanism for port-based access control that makes use of the physical access characteristics of IEEE802 LAN infrastructures.

It is particularly useful for providing security where users have wireless access and provides a means of authenticating and authorising users and devices attempting to attach to LAN ports that have point-to-point connection characteristics.

It also prevents access to that port in cases where the authentication and authorisation fails.

Network security is also boosted by Terminal Access Controller Access Control System (TACACS+), which provides access control for switches, network access servers and other networked computing devices via one or more centralised servers.

TACACS+ provides separate authentication, authorisation and accounting services for flexible, easy installation and use.

GarrettCom MNS-6K Version 3.1 software also offers additional management tools, including Address and ARP Tables, which allow the user to see which devices are actually connected to which ports on the switch and in the event of a fault help determine where in the network the fault has occurred.

There is also an enhanced upgrade command facility that allows the user to configure an initial 6K switch, then by downloading and storing this configuration to quickly upload this to other switches later, reducing installation time on large multi-switch network installations and making re-starts simple.

Doug Thompson, MD of GarrettCom said: "We take network operations - particularly security - very seriously and are keen to play our part in ensuring Industrial Ethernet networks are not exposed to unnecessary risk".

"Our strategy is to provide end users with a set of customisable tools that can bring network infrastructures under much tighter discipline and we are able to do this essentially free-of-charge by utilising standardised technology".

"Our switches remain easy to install, use and maintain as well for the same reasons".

"As a consequence, there is now no excuse for allowing networks to be hacked, equipment to be attacked or for networks to run inefficiently".