Industrial / OT networks use firewalls extensively, as do enterprise networks, but at IT/OT interfaces, best practice demands at least one layer of unidirectional gateway technology. This advice can be confusing to security practitioners who assume that a unidirectional gateway is some sort of “unidirectional firewall.” In this eBook we define what is a firewall, review firewall principles, introduce unidirectional gateways, and compare the effectiveness of these two network perimeter protection technologies at the IT/OT interface. We conclude that unidirectional gateways are much stronger than firewalls, are simple to deploy, and reduce perimeter protection operating costs quite dramatically at the boundary between control-critical and business-critical networks.
Andrew Ginter is the VP of Industrial Security at Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.