IEC104 Security Proxy

for secure connection of IEC-60870-5-104 end devices

The Protocol IEC-608-5-104 has been used as a standard for connecting telecontrol systems, which are mostly not protected against attacks by a third party.  Safeguarding these unprotected systems can partly result in expensive workarounds. For this reason, the IEC104 Security Proxy has been designed to provide a secure and reasonably priced alternative.

The IEC104 Security acts as an independent unit between control system and IEC104 end devices. It sets up connections to the end devices as an IEC104 master and serves as an IEC-104 slave towards the control system. This mechanism prevents direct connections between control system and end devices. Thereby, the IEC104 Security Proxy also supports IEC104-conpliant, redundant connections to control systems and RTU´s.

The additionally implemented monitoring and filtering functions extend  the IEC104 Proxy application area.

A command line interface and a web interface will be used for the configuration of the IEC104 Security Proxy.

The high-performance hardware provides sufficient capacities for reliable communication-intensive process connections and high connection density. The robust, fanless device has an extended operating temperature range and, therefore, can be installed in harsh industrial environment.

By using the 19” Installation kit, the IEC104 Security Proxy can be inserted into 19” racks. Besides, the Installation kit enables the redundant power supply of the device.

Main functions

  • Protocol check for the correct implementation and application of the IEC104 Protocol
  • Filter for inbound and outbound objects
  • Monitoring mode
  • IEC104-compliant, redundant connections to control systems and RTUs
  • Migration of the IEC104 connections between an existing system and a new system
  • Simple integration of the IEC104 Security Proxies into existing installations
  • Prevention of (D)DoS attacks by using protocol check, filter and additional safeguarding measures
  • Encrypted communication to control system and RTUs
  • Statistics and alerting for each connection and each filter

Security

  • Hardened device components
  • Application of secure protocol variants (SSH/SSL, SFTP, HTTPS)
  •  Integrated firewall
  • Deactivation of unused interfaces
  • IEC104 fuzzing
  • Penetration test

For further information on the IEC104 Security Proxy please see:

» IEC104 Security Proxy Flyer

» IEC104 Security Proxy Data Sheet

 

 

Download

IEC104 Security Proxy