Remote Access Support

Error message

  • Notice: Undefined variable: links in nebb_recent_blogs() (line 270 of /home/62/w143230/nebbd7/sites/all/modules/custom/nebb_custom/nebb_custom.module).
  • Warning: Invalid argument supplied for foreach() in nebb_preprocess_page() (line 185 of /home/62/w143230/nebbd7/sites/all/themes/nebb/template.php).

NRAS is a service delivered together with a hardware firewall for your production environment. This service helps you connect the control system to Internet or your intranet (securely). This service brings both internal experts/administrator and vendors closer to the production facility when needed. In normal operations, you are still able to completely disconnect the outside world as you desire.

Connectivity challenge

For decades, control systems have been secured since they have traditionally been disconnected from the outside world. Physical access control has therefore been the obstacle for all kinds of threats. This also means that you need to be at the plant to control or do periodical maintenance on the control system.

Modern control systems are more complex and require to be connected to external networks for data exchange against production planning or reporting systems. These systems often require more expertise for implementation and upgrades, which means higher costs. To reduce this gap, you can save a lot in travel expenses by offering a secure remote connection between the engineers and your production environment.

To maintain the security, it is important to isolate the control system with a firewall, designed only to allow traffic that is considered safe and relevant.

Security

NRAS solution includes a hardware-based firewall and it is the bridge between your production environment and the outside world. This will be your gatekeeper and it is configured to meet your requirements for efficient production without compromising your system. This unit is scalable for a variety of different scenarios in small and mid-range control systems. Only market leading security products and technology is used in the service, to deliver the best possible protection.

External connections

The endpoint firewall will automatically contact Nebb secure HUB when Internet is available. External engineers must go through this HUB as an extra level of security to your environment. No direct link into your control system is available at any time. Our HUB will act as a secure gatekeeper in front of the main firewall for the control system.

Preparation and installation

Before installation, the customer and Nebb should do a survey to discover the current topology, configuration and requirements for the control system as-is. Based on this, an implementation plan is created and approved by the customer. This plan is the baseline for all the configuration of equipment for your system. A complete configured system will be sent to customer for installation.

Use

A correctly configured firewall would allow traffic that is defined as normal. All other traffic will be denied. External communication to a third party should only be available when service mode is enabled. This practice will isolate the control system as much as possible to ensure availability and reliability on your network.

Maintenance

NRAS service comes with a maintenance program to make sure all the security measures are in place and functional. We also upgrade the software on the endpoint towards Internet as soon as a relevant security update is available for your endpoint hardware. At least once a year, an audit (along with the customer) on the current security rule set is carried out together with the customer. Phone and mail support for technical questions is included in this program. That also covers changes in the list of authorized personnel for accessing your control system.

Benefits

  • No need for public IP addresses for your plant. The can be added on top of your existing network as an isolated secure subnet.
  • Restrict communication between corporate network and control system. Control and sensor equipment like PLC’s, drives and computers should not be kept busy talking to unknown devices. This might influence both speed and reliability on your control system.
  • We will make sure all the security updates for your endpoint are up to date and we will carry out the regular audit on the safety of the control system.
  • We will create all SSL keys with the trust from a third-party vendor. No need to purchase and maintain your own set of keys.
  • You are in control of when you want this service to be available. By default, we have no “override” possibility. All use of this service must be enabled from the inside.