A router, virtual private network (VPN) endpoint, and firewall device, the SEL-3620 Ethernet Security Gateway can perform secure and proxy user access for serial and Ethernet-based intelligent electronic devices (IEDs). The SEL-3620 helps create a user audit trail through strong, centralized, user-based authentication and authorization to modern and legacy IEDs. The SEL-3620 secures your control system communications with a stateful deny-by-default firewall, strong cryptographic protocols, and logs for system awareness. The SEL-3620 also manages protected IED passwords, ensuring that passwords are changed regularly and conform to complexity rules. The SEL-3620 supports enhanced security, enabling you to protect critical cyber assets with strong multifactor authentication technologies, such as RSA SecurID® using Remote Authentication Dial-In User Service (RADIUS). The SEL-3620 resists known and unknown malware attacks with exe-GUARD™ embedded antivirus technology. Powerful rootkit resistance, embedded Linux® mandatory access controls, and process whitelisting help mitigate attacks against the gateway itself and eliminate costly patch management and antivirus signature updates. The SEL-3620 supports NERC CIP v3 and v5 compliance efforts without needing Technical Feasibility Exceptions (TFEs). The SEL-3620 supports SEL-5827 Virtual Connect Client and SEL-5828 Virtual Port Service software. These applications are provided free by SEL to make remote SEL-3620 ports available for existing software and terminal applications on your PC, including those using Modbus TCP/RTU. The SEL-3620 is designed and built in cooperation with the U.S. Department of Energy National SCADA Test Bed and the following companies: Schweitzer Engineering Laboratories, Inc. EnerNex Corporation Tennessee Valley Authority Sandia National Laboratories OverviewApplicationsTraining Secured Proxy Access to Relays and IEDs Use the SEL-3620 to provide a central point of entry to critical cyber assets, including those from SEL and others, with user-based access control and detailed activity logs. IED Password Management Enforce strong passwords on IEDs, and have them automatically changed on a configurable schedule. Satisfy regulatory password requirements, and ensure that no weak or default passwords are in use. Substation Firewall Secure your substation network from malicious traffic with a powerful deny-by-default firewall. Manage status and configuration with an intuitive, menu-driven web interface. Use virtual local-area networks (VLANs) to segregate traffic and improve network organization and performance. IPsec VPN Integrate with existing IT and control systems over VPN tunnels that are secured using Internet Protocol Security (IPsec). Use X.509 certificates with Online Certificate Status Protocol (OCSP) to centrally manage VPN trust. Exe-GUARD Whitelist Antivirus Protect against known and unknown malware with embedded whitelist antivirus. Reduce patch cycles and resist zero-day attacks without additional settings. User Activity Reports Log and time-stamp user access events and every command. Integrate event records into existing log management systems using Syslog. Single Sign-On Log on to the SEL-3620, not individual IEDs. Users have a single account and password to remember—their own. Manage user accounts and group memberships centrally using Lightweight Directory Access Protocol (LDAP)-accessible systems, such as Microsoft® Active Directory®, or use RADIUS. RADIUS allows you to enhance security with multifactor authentication, such as RSA SecurID. Support NERC CIP Requirements Implement strong user-based access controls to the electronic security perimeter (ESP) while protecting IEDs with strong passwords and blocking shared or default accounts. Granular access controls limit users’ access to their assigned roles on individual IEDs. Industry-Vetted Security and Interoperability IRIG-B time synchronization receives and distributes the IRIG-B signal to maintain time synchronization. X.509 certificates ensure strong authentication for incoming connection requests. OCSP certificate revocation operates with standard certificate servers to centrally revoke certificates and prevent unwanted connections. HTTPS web interface allows convenient, secure setup and management, and eliminates the need for extra PC software. Syslog logs events for consistency and compatibility, and enables centralized collection. IPsec (RFC 4301, 4302, 4303) creates a secure VPN. Lemnos interoperability facilitates communications between Cisco® routers and Lemnos-compliant devices. Virtual Software Client Support Transform unsecured serial or legacy Ethernet communications on Windows® computers to cryptographically secure channels by using SEL-5827 Virtual Connect Client or SEL-5828 Virtual Port Service software. These applications are provided free by SEL to make remote SEL-3620 ports available for existing software and terminal applications on your PC, including those using Modbus TCP/RTU. Data are secured using SSH with SEL-3620 port groups, Master Ports, and serial ports. https://selinc/SEL-3620/
Posted on: Sun, 25 Jan 2015 02:25:18 +0000
Trending Topics
Recently Viewed Topics
© 2015