5-2 www. m oxa. com Introduction to Industrial Network Security and Routers 5 Industrial Network Security and Management Industrial Network Security and Management > The convergence of IT and industrial automation networks has created tremendous opportunities, but it has also introduced concerns related to network security. Security threats to industrial networks can originate either internally or externally and, if realized, cause significant damage to remote automation systems, compromise staff safety, and lead to production losses. EDR series routers use a Virtual Private Network (VPN) over a public network to provide secure remote access to field devices, and they use a firewall to protect mission-critical infrastructures and assets. The increasing complexity of industrial networks requires the segmentation of the network into different function zones. EDR series routers can also be used as Layer 3 routers for packet routing between WANs and multiple LANs. With the convergence of IT and industrial automation networks, data, voice, and even video are now being transmitted over the same medium; therefore, requiring high-bandwidth connections to prevent network congestion. The EDR series provides nonstop communications for industrial automation networks with gigabit bandwidth, making industrial control systems more reliable but at a lower total cost of ownership. The EDR series’ IPSec (Client/Server) and L2TP (Server) functions create secure, encrypted tunnels for secure remote access between industrial networks and remote locations, such as in water and wastewater, oil and gas, power, or intelligent transportation system networks. IPSec provides a secure tunnel between different LANs, such as a headquarters and remote sites, and an L2TP server provides secure communications between a roaming user and critical devices on the automation network. The EDR series provides firewall protection for critical network devices such as PLCs, RTUs, and DCSs, thereby enabling network isolation to avoid communications interruptions between devices. The high-performance firewall prevents unauthorized connections from connecting to critical devices without compromising the network performance of legitimate traffic. In addition, the EDR series can protect and isolate the network when broadcast storm packets accumulate from a malfunctioning device. Enable Secure Industrial Automation Networks Tailored Design for Industrial Applications VPN for Secure Remote Access Firewalls for Critical Infrastructure Protection Wizard for configurable WAN/LAN interfaces on ports Dual WANs for redundancy Built-in PacketGuard™ for Modbus TCP packet inspection ISP-A Internet WAN 1 (Primary) WAN 2 (Backup) 3G/4G Mobile Internet Field Site ISP-B Internet Introduction to Industrial Network Security and Routers �