eWON Layered Security Approach |
© 2015 eWON Inc. This document is property of eWON Inc.
4
Security Vs Convenience and Acceptance
One of the key challenges with remote connections to industrial control systems is
balancing the needs of an engineer or PLC technician with the mandate by the IT
department to ensure network security, integrity and reliability. Finding a solution that
is readily accepted by both business groups has been a challenge for many years
and a source of frustration and inefficiency for all stakeholders. eWON understood
that maintaining network security was essential for IT acceptance. At the same time,
eWON realized users will never use solutions that are complex, difficult or interrupt
productivity. By balancing both the security and ease of use, eWON has created a
best-in-class Remote Access solution that works for both end users and IT managers.
The eWON Layered Security Approach
The integrated Talk2M and eWON remote access solution was designed with
simplicity and security in mind. To make the eWON and the devices behind it
remotely accessible, eWON routers make an outbound connection via UDP or HTTPS
to the Talk2M infrastructure. Using our VPN Client software, eCatcher, authorized
users are able to log into their Talk2M account and connect to their eWON devices
anywhere in the world.
While ease of use is important, the security, integrity, and reliability of eWON’s Talk2M
cloud infrastructure and its customers’ networks is eWON’s first priority. Using a
defense-in-depth approach based on guidelines set forth by ISO27002, IEC 62443-2-4
and NIST Cyber security Framework 1.0 and other publications, guidelines and
industry best practices, eWON developed a managed, hybrid, layered cyber
security approach to protect its devices, network and most importantly, its
customers’ industrial control systems.
eWON Hardware Devices
Network segregation, local device authentication, physical switch for enabling/disabling
access.
eWON industrial routers are the physical hardware component of eWON’s remote
access solution. The eWON units are typically installed in the machine control panel
with the machine connected on one side(LAN) and the factory network on the other
(WAN). When a connection needs to be established the eWON acts as the gateway
through which all traffic passes. When the eWON is first configured for VPN access,
