11
TLS – Transport Layer Security
TLS is a successor to SSL, using a wider variety of cryptographic algorithms for access security. It is
standardized by the Internet Engineering Task Force (IETF). It is a protocol that provides secure
communication over a TCP/IP connection such as the Internet. It uses digital certificates for
authentication and digital signatures to ensure message integrity, and can use public key cryptography
to ensure data privacy. A TLS service negotiates a secure session between two communicating
endpoints. TLS is built into recent versions of all major browsers and web servers. Although the TLS
and SSL protocols are not interoperable, TLS secure transport can back down to SSL 3.0 if a TLS
session cannot be negotiated.
MAC Addressing
Another aspect of network security can be used to block computers from accessing the network by
requiring the port to validate the Media Access Control (MAC) address against a known list of
approved MAC addresses. If there is an insecure access on a secondary device connected to a switch,
these levels of control allow authorized users to continue to access the network while unauthorized
packets are dropped.
Remote Security
The further afield the users who have a need to access an industrial network, the more critical it is that
the network design provide system-wide protection. Standards such as Remote Authentication Dial In
User Service (RADIUS 802.1x), Terminal Access Controller Access Control System ()
make user identity secure. For additional data security, Secure Shell (SSH) extend total system
security by shielding traffic running through the switch. Switch manufacturers assist in the support of
data security using these standards, but the implementation requires broader compliance than that
available at the individual switch.