Secure Firewall for OPC Classic

Wednesday, June 3, 2015 @ 01:06 PM gHale

OPC Classic is a perfect example of a solid technology created long before security concerns came to the forefront and now with such a huge install base, there is no way manufacturers are going to pull it out.

Along those lines, Phoenix Contact understands the manufacturing mentality and they introduced today at its mGuard User Conference 2015 in Houston a new license for its FL mGuard security devices that can move closer to protecting OPC Classic applications.

Essential ICS Firewall Concepts
Router Software has Bug Issue
Misconfigured DNS Servers Vulnerable
Brute Force Attacks: Trawling for Passwords

While not a function of the traditional firewalls to offer protection for the protocol, users of mGuard firmware version 8.1 and beyond can now upgrade to the OPC inspector license.

OPC inspector firmware looks into the transmitted data packets, analyzing and modifying them as necessary.

OPC inspector can create firewall rules matching the ports and directions used by OPC traffic. It identifies and blocks all non-OPC traffic. It also permits the use of network address translation (NAT) procedures, such as masquerading or 1:1 NAT routing.

OPC Classic see wide usage across in the automation industry. Instead of using fixed TCP port numbers, OPC Classic negotiates new port numbers within the first open connection. This means that intermediary firewalls can only end up used with wide-open rules, greatly reducing the security and protection they provide. The mGuard OPC Inspector license counters this problem by using a deep-packet inspection for OPC Classic.