Unidirectional Security Gateways are among the strongest practical security measures for industrial & OT networks, but many practitioners have the mistaken impression that they must give up remote access to enjoy unidirectional protections. In this time of quarantines and travel restrictions, when many sites are being pushed to deploy dangerous software-based remote access technologies, understanding strong unidirectional remote access options has become vitally important.
This webinar begins by surveying attack techniques and residual risks for “secure” VPN, RDP, jump host, two factor and other software-based approaches to OT remote access. We then explore a host of unidirectional remote access designs, including server replication, remote screen view, emergency bypass and control-critical WANs. We show how each of these is significantly stronger than traditional software-based solutions. We then review a couple of “unidirectional” anti-patterns – weak designs that are “unidirectional” in name only.
Access for untrusted third parties
Access for trusted insiders
Continuous remote access
Anti-patterns that are “unidirectional” in name only
75 minutes, including Q&A time
DCS network engineers
Enterprise risk managers
Andrew Ginter is the VP Industrial Security at Waterfall Security Solutions. He is the author of two books on industrial cybersecurity, a co-author of the Industrial Internet Consortium Security Framework and the co-host of the Industrial Security Podcast. Andrew spent twenty years leading the development of industrial control system and IT/OT middleware products at HP, Agilent and others, and another twenty years developing and deploying industrial control system products at Industrial Defender and Waterfall. At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites.