Automation Systems How to Protect Windows-Based Automation Systems Against Malware

Author / Editor: Ingo Hilgenkamp / Dr. Jörg Kempf

After the appearance of Stuxnet, Duqu, and Conficker, also in the process industries new industrial security solutions are required to reliably protect against malware without requiring updates and issuing false alarms. For PC-based automation systems, conventional antivirus solutions can only be used with difficulty or not at all. Learn, how to detect even the newest viruses, worms, and trojans.

Related Vendors

Dangerous file types can be simply selected.
Dangerous file types can be simply selected.
(Picture: Phoenix Contact)

Security concepts known from the office environment are only infrequently found in the production environment or not at all. These solutions provide the required functions for the users and the process while at the same time securing this process as well as the user data. Today, a well-configured hardware firewall, which is systematically installed at the communication nodes, is an integral part of every local network.

The topic here is however not the firewall integrated in some operating systems which the user activates in the hope that his systems are protected against malware so that functions and processes can run disturbance-free.

Rather, the focus is on dedicated systems which, especially in the case of hacker attacks, can still respond with their own resources. These systems ensure interruption-free communication, avoid malfunctions, and ensure that the machine or plant remains operational.

Blocking Protocols and Ports Generally Not Possible

A firewall decides whether a data packet should be transferred or not based on configured rules. These rules are based, for instance, on MAC addresses of the sender or receiver as well as IP addresses, port numbers, or protocols. The firewall devices from Phoenix Contact’s FL M Guard product line can provide even individual processes with defined bandwidths, and also limit the number of ICMP packets (pings) or ARP requests. However, a firewall cannot prevent the propagation of malware, i.e. viruses, worms, and trojans.

This is because malware is frequently propagated via the protocols, which in the core are based on the CIFS/SMB (Common Internet File System/Server Message Blocks). Data communication based on this protocol family cannot be effectively filtered as transfer is realized blockwise, employing a complex technique.

Blocking is also not possible, as the protocols are used in almost every system in the Windows environment. As a consequence, communication connections via protocols and ports, which machines and plants actually use, cannot be filtered using firewalls, even if there is a risk of malware infecting the system.

Subscribe to the newsletter now

Don't Miss out on Our Best Content

By clicking on „Subscribe to Newsletter“ I agree to the processing and use of my data according to the consent form (please expand for details) and accept the Terms of Use. For more information, please see our Privacy Policy.

Unfold for details of your consent