Next informations This website uses cookies to provide service and traffic analysis. By using this site you agree to this.
 

Cybersecurity


The intelligence of all our industrial switches and PLCs are CPU modules of our own production, have a uniform set of configuration tools. Therefore, the customer need not learn different configuration procedures for the different types of switches and PLCs.

As with the F version, CPU modules can be replaced at any time with a newer model. From the G version, the CPU module is based on the open-source OS Embedded Linux. The first available devices with these CPU modules are the IPLOG-GAMA controllers and the series of G Series switches.



Realized Applications

Secured Management

A common feature of all our switches and PLCs is compatibility with SIMULand.v4 and encrypted communications via SNMPv3 protocol. SIMULand and its graphical interface make available configuration for a wide range of users. In accordance with standard requirements, communication is exclusively secured by the AES encryption algorithm and the SHA1 hash algorithm against unauthorized changes of transmitted data.

Realized Applications

VLAN & QoS

We recommend that you separate all independent systems with virtual networks (VLANs) and assign them the appropriate priorities. The result is the coexistence of multiple systems on one network, without undue interference. Especially when using LAN-RING switches as transmission paths for the alarm system (I&HAS), this setting is necessary. Alarm systems are very sensitive to delays caused by data transmission over the LAN. The great advantage of LAN-RING switches in such a situation is the possibility to use separate VLANs and priorities for data coming over the LAN, but also from the RS485 buses and other inputs and outputs.

Ring Topology

One of the fundamental elements of the security system LAN-RING is the fast data forwarding to a back-up line. Since 2008, this function has been performed by LAN-RING.v1 protocol with a switchover time of 30ms from the time of the failure. Each ring in the system has a unique ID and one switch with the MASTER function (controls the ring). The higher port of the MASTER switch is normally set to a BLOCKING mode, hence preventing a loop. A port in BLOCKING mode receives only LAN-RING frames and blocks all other data (back-up line). If a failure occurs, the state of the blocked port changes to FORWARDING and starts to transmitting all data.

Realized Applications

RSTP - Mesh Topology

Topology MESH is used especially in larger systems. The pre-requisite of its proper functioning is mainly protection from the creation of loops which is mostly taken care of by RSTP or MSTP protocols. The advantage of its use basically as in any topology is traded off by the non-guaranteed network reconfiguration time in the case of a failure. It can, depending on the size of the network and the location of the failure and reception of the periodically sent BPDU frames (by default every 2 s), range from ms up to seconds. The 3rd generation of LAN-RING switches support general RSTP protocol. During development, we removed some imperfections resulting in a slower reconfiguration time of the network. Therefore, we call the resulting protocol RSTP-M. It is backward compatible with the standardized RSTP protocol.

EN50131-1 Compatibility

Switches are equipped with RS485 ports which can be used for the interconnection of intruder systems. A special way of processing data received via RS485, their protection via VLAN, and high QoS assignment ensure compatibility with EN-50131-1 standard for intruder systems. We verify this every 3 years in the testing laboratory.

Realized Applications

Source IP Addresses Filtering

Another way how to complicate an attacker\'s network is to limit management access based on host IP address or USB management with full remote administration exclusion.

The G-version of CPU with Linux

As the F version, CPU modules can be replaced at any time with a newer model. From the G version, the CPU module is based on open source OS Embedded Linux. The first available devices with these CPU modules are the IPLOG-GAMA controllers. They will then be used in a brand new series of G Series switches. We plan to produce them in concurrence with the F series.

Realized Applications

IEEE 802.1X Authentication

IEEE802.1X protocol is a very popular tool for user authentication. In standard implementations, it has weaker points. It is able to block access to the network for unauthorized users but that is all. In our implementation, we added an important feature that helps you to increase security. All unauthorized users are immediately reported via the SNMP TRAPS to the visualization software. So the potential attacker could be captured immediately and does not have time for network intrusion.

Realized Applications