Casting a Fortified Industrial Network with Moxa’s Solution

산업 자동화를 위한 네트워크 보안 달성

산업 자동화의 디지털화가 가속화됨에 따라, 사이버 공격의 위험이 증가하고 있습니다. 산업 네트워크는 IT와 OT 시스템을 통합하여 운영 효율성을 높이고 있지만, 이는 보안 위협에 노출될 수 있습니다. 산업 자동화의 운영 효율성을 높이기 위해 OT와 IT간 네트워크 통합이 필수적이며, 이는 보안 위협을 동반하므로 OT 시스템에서는 중단 없이 통신을 보호하는 보안 대책이 중요합니다. MOXA는 35년간의 산업 네트워킹 전문성을 바탕으로, OT 환경의 사이버 위협을 예방하고 대응하기 위한 견고한 보안 설계와 침입 방지 기능을 갖춘 신뢰성 높은 솔루션을 제공합니다.

  • Abnormal disconnections or intrusion threats may not be detected if the network status cannot be visualized.
  • Network devices lacking self-secure capabilities are vulnerable to attackers who can easily alter the configurations, such as disabling redundant features or enabling remote operation mode.

네트워크 상태 식별

management
Real-time Network Visibility

Solution: Real-time Network Visibility

  • 실시간 가시성으로 문제 해결속도를 높임
  • 내장된 대시보드를 사용하면 언제든지 네트워크 토폴로지, 트래픽, 인시던트 및 로밍 로그를 검토 가능
  • 네트워크 관리를 시각화하면, 네트워크가 중단 없이 원활하게 작동하도록 더 빠르게 대응 할 수 있음
  • Using unmanaged switches extensively on production lines increases the risk of intrusion
  • Unauthorized individuals can cause system instability by maliciously altering network settings through physical network ports
  • Unable to identify unauthorized remote connections within the network
  • Cyber attacks, such as ransomware, are spreading across the network

안전한 네트워크 인프라

management
Real-time Network Visibility

Solution: Secure Routers를 활용한 네트워크 세분화를 통한 공동방어

보완 영역과 통로 구성

  • Firewalls : 관리자가 네트워크 내에 통로를 설정하여, 허용된 트래픽과 패킷만이 한 영역에서 다른 영역으로 전송되도록 지원
  • NAT: 관리자가 외부 탐색으로부터 내부 네트워크 정보를 숨기기 위한 개인 로컬 영역을 설정하는데 도움을 줌
  • IPS: Windows 시스템에서 알려진 취약점의 악용을 방지하고 패치 업데이트를 지원하지 않는 레거시 windows 장치를 보호
  • IDS: 사이버 공격을 식별하고 이를 특정 영역 내에 격리할 수 있으며, IPS 패턴 매칭을 활용해 관리자에게 알림

네트워크 보안 제어

  • VLAN ID 또는 MAC 주소: 사용자 역할에 따라 데이터 및 네트워크에만 엑세스할 수 있도록 허용
  • IP 주소 및 포트: 네트워크에서 허용된 트래픽만 허용
  • 심층 패킷 검사: 각 패킷의 페이로드 내용을 검사하여, 네트워크를 통해 승인된 콘텐츠만 전송되도록 보장
Embedded Security Functions for Secure Deployment
Solution: Co-defense by Network Segmentation with Secure Routers

  • VLAN: Moxa’s devices help administrators restrict users access to only data and parts of the network necessary for them to perform their duties.
  • Port-lock: Limiting access to the network and ensuring only authorized devices can connect. This helps reduce the attack surface by preventing unauthorized or malicious devices from gaining access.


With Moxa’s SDS-3000 Series, you can ensure reliable and secure network performance for your industrial operations. Equipped with robust cybersecurity features, these switches provide peace of mind by safeguarding your critical infrastructure from potential threats. Visit the microsite to discover more about the SDS-3000 Series and access detailed guides on securing your industrial network, helping you maintain operational continuity and protect against evolving security challenges.

Ensure Data Integrity and Confidentiality
Ensure Data Integrity and Confidentiality

Ensuring the integrity of data transmission is a top priority when connecting serial devices to the network for various applications. The NPort® 6000 supports SSL and SSH protocols to encrypt data before transmitting over the network.

  • Networks without access restrictions allows rogue devices to join freely, opening doors to external parties.
  • A flat network with mixed traffic can cause poor privilege separation and inefficient traffic management.
  • Networks or industrial equipment such as PLCs can be targeted by DoS attacks
  • Unencrypted serial data converted to TCP/IP packets can be easily intercepted or tampered with by external parties.
  • Enabling unnecessary communication services on the device, such as remote connections, increases the potential for exposure to attacks.

보안 네트워크 엣지

Management

보안 엣지 솔루션의 핵심요소 2가지

신뢰할 수 있는 엑세스 및 네트워크 최적화

  • 포트 잠금으로 물리적 포트를 제한하고, 권한 있는 장치만 연결 허용
  • VLAN 및 QoS를 통해 트래픽 분리 및 중요 패킷 우선 처리로 대역폭 효율 극대화

안전한 데이터 전송

  • SSL 또는 SSH 기반 종단 간 암호화를 통해 데이터 수집 및 전달 전 구간의 보안 확보
  • Built-In Security by Design
    Moxa devices feature safeguard critical edge components.
  • Proven Cybersecurity Credentials
    Moxa is among the first globally to achieve both IEC 62443-4-1 and 62443-4-2 certifications.
  • Reliable Solutions
    Our secure products are engineered to minimize risk, maximize uptime, and protect network integrity in even the harshest environments.

요구 사항에 맞는 안전한 네트워킹 제품 찾기

  • 보안 매니지드 스위치
  • 보안 라우터
  • LAN 방화벽
  • 안전한 엣지 연결
Secure Switches
Ports
Security Features
Redundancy Protocols
Software Management
Industrial Certifications
MDS-G4000
MDS-G4000
RKS-G4028
RKS-G4028
EDS-G4000
EDS-G4000
EDS-500E
EDS-500E
SDS-3000
SDS-3016
Up to 4 10GbE + 24 GbE Up to 28 GbE Up to 6 2.5GbE + 8 GbE Up to 4 GbE + 24 FE Up to 16 GbE
HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot*1 HTTPS, SSL/SSH, ACL, IEEE 802.1X, Port Security, DHCP Snooping, Secure Boot HTTPS, SSL/SSH, ACL*2, IEEE 802.1X HTTPS, SSL, Port Lock
Turbo Ring, Turbo Chain, RSTP/STP, MRP, VRRP (L3 Model) Turbo Ring, Turbo Chain, RSTP/STP, MRP RSTP/STP, MRP
MXview One
IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2, ATEX*3, CID2*3 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613, EN 50121-4, NEMA TS2 IEC 62443-4-2 SL2, IEC 61850-3, IEEE 1613 (Class 1), DNV*4, ABS*4, NK*4, LR*4, EN 50121-4, NEMA TS2, ATEX*5, CID2*5, IECEx*5 IEC 61850-3, IEEE 1613, DNV*6, ABS*6, NK*6, LR*6, EN 50121-4*6, NEMA TS2*6, ATEX*6, CID2*6 -
  • *1. Only available for -4XGS models.
  • *2. Only available for 18 and 28 port models.
  • *3. Only available for the non-4XGS models.
  • *4. Only available for -LV and PoE models.
  • *5. Only available for -LV models.
  • *6. Only available for 10 and 18 port models.
Secure Routers
Ports
NAT
Firewalls
IPS/IDS
DPI
VPN
Routing Throughput (based on RFC 2544)
Redundancy Protocols
Software Management
Industrial Certifications
EDR-G9010
EDR-G9010
EDR-G9004
EDR-G9004
EDR-8010
EDR-8010
NAT-102
NAT-102
NAT-108
NAT-108
2 2.5GbE + 8 GbE*1 Up to 2 2.5GbE + 2 GbE (1/2 DMZ/WAN ports) 2 GbE + 8 FE*1 2 FE 8 FE
1-to-1, N-to-1, NAT loopback, Port forwarding, IP Twins Mapping*4
DDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports IP address, MAC address (Device Lockdown), Ports
Requires an additional license - -
DNP3, EtherNet/IP, IEC 60870-5-104, IEC 61850 MMS, Modbus TCP, Modbus UDP, Omron FINS, Siemens S7 Comm., Siemens S7 Comm. Plus, OPC UA, MELSEC communication protocol - -
Up to 250 IPsec VPN tunnels Up to 50 IPsec VPN tunnels - -
Max. 350K packets per second / 2 Gbps Max. 50K packets per second / 500 Mbps Max. 15K packets per second /100 Mbps
VRRP, Turbo Ring, Turbo Chain, RSTP/STP VRRP VRRP, Turbo Ring, Turbo Chain, RSTP/STP - -
MXview One, MXview Security*3, MXsecurity MXview One, MXview Security*3, MXsecurity MXview One, MXview Security*3, MXsecurity MXview One MXview One
IEC 62443-4-2 SL2, IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX*2, CID2*2, EN 50121-4*2, NEMA TS2*2, DNV*2, DNV IEC 61162-460 Edition 3.0*2, DNV security profile 2*2, IACS UR E27 Rev.1*2, IEC 60945*2 IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV IEEE 1613, IEC 61850-3 Ed. 2.0, ATEX, CID2, IECEx, EN 50121-4, NEMA TS2, DNV, DNV IEC 61162-460 Edition 3.0, DNV security profile 2, IACS UR E27 Rev.1, IEC 60945 EN 50121-4, NEMA TS2, ATEX, CID2 -
  • *1. Supports user-configurable DMZ/WAN ports.
  • *2. Only available for -LV models.
  • *3. An active MXview One license is required in order to activate the MXview Security add-on license.
  • *4. NAT-108 Series only.
LAN Firewalls
Ports
Firewalls
IPS/IDS
DPI
Software Management
Industrial Certifications
EDF-G1002-BP
EDF-G1002-BP
2 GbE (Gen3 LAN Bypass)
DDoS, Ethernet protocols, ICMP, IP address, MAC address, Ports
Enabled by default. IPS pattern update functionality requires an additional license.
DNP3, EtherNet/IP, IEC 60870-5-104, IEC 61850 MMS, Modbus TCP, Modbus UDP, Omron FINS, Siemens S7 Comm., Siemens S7 Comm. Plus, OPC UA, MELSEC communication protocol
MXview One, MXview Security*1, MXsecurity
NEMA TS2, EN 50121-4, CID2, ATEX, IECEx, DNV
  • *1. An active MXview One license is required in order to activate the MXview Security add-on license.
Key Features
NPort 5000/5000A Series
NPort 6100-G2/6200-G2 Series Secure Terminal Servers
MGate Series
ioThinx 4500 Series
Embedded Security Functions for Secure Deployment
User Authentication & Authorization
  • Password protection (length, character enforcement)
  • Password protection (length, character enforcement)
  • Authentication servers (RACIUS/TACACS+)
  • Customized privilege for different user groups
  • Password protection (length, character enforcement)
  • Password protection (length, character enforcement)
Device Integrity Check CRC code before update the device
Device Least Functionality
  • Security Hardening Guide
  • Unused services can be disabled
  • Telnet console default disabled
  • Security Hardening Guide
  • Unused services can be disabled
  • Telnet console default disabled
  • Security Hardening Guide
  • Unused services can be disabled
Communication Integrity
  • HTTPS (TLS 1.2 embedded with self-signed certificate)
  • SNMPv3
  • HHTTPS (TLS 1.2 embedded with self-signed certificate, also supports public certificate import)
  • SSH/SNMPv3
  • ECC 256 (RSA-4096)
  • HTTPS (TLS 1.2 embedded with self-signed certificate), also support public certificate import
  • SNMPv3
  • HTTPS (TLS 1.2 embedded with self-signed certificate, and can be exported)
  • SNMPv3
Network Access Control
  • Accessible IP List
  • Access Control List (ACL)
Securing Your Devices in Daily Maintenance
Configuration Management
  • GUI type of MXconfig
  • CLI type of MCC tools
Device Management
  • Syslog
  • Manageable via MXview Network Management Software
Vulnerability Management
  • Dedicated Cybersecurity Response Team for handling vulnerability
  • Perform Nessus Scan