Most discussions of firewalls as part of a defense-in-depth security strategy focus on deploying the firewall to control access to the industrial network. But taking the defense-in-depth concept to the next level suggests that outfitting any device connected to the Internet with its own firewall would provide an added layer of protection.
Icon Labs, a provider of embedded networking and security technology, now offers a product that can provide device-level firewall protection. The Floodgate Defender firewall appliance is placed between the Internet and the device and can be configured with the communication policies particular to the device it is protecting. According to Icon Labs, Floodgate Defender enforces the device communication policies, blocking attacks before a connection can be established with the target device.
“Floodgate Defender provides: rules-based filtering to define what packets are allowed and blocks packets at the lowest layers in the IP stack; stateful packet inspection to block packets on the state of connection as well as unapproved packets that originate from the network; and threshold-based filtering to block packet floods,” says Alan Grau, president of Icon Labs. He adds that Floodgate Defender also supports whitelisting and blacklisting by IP address, port or protocol.
Though Floodgate Defender can be retrofitted to existing devices that are or can be connected to the Internet, Icon Labs expects the device to garner a great deal of interest from OEMs who can use the device to embed security within their products.
Grau says that although retroactive security devices have been around for years, most have been designed for specific applications or around SCADA-specific protocols and are not intended for general-purpose use. But with the growing level of attacks on embedded devices, the need for this level of protection is becoming increasingly necessary. In our discussion, he cited a 2010 Columbia University Intrusion Detection Systems Lab study that shows a 102 percent annual growth in attacks on embedded devices. The study also shows that embedded devices are 15 times more vulnerable to attacks than enterprise systems because embedded systems typically don't have defense-in-depth applied, as do most enterprise systems.
“The device firewall concept is simple,” Grau says, “ you just control what the device talks to. Of course, authentication can handle a lot of this, but that can be hacked. By controlling who and what the device can talk to, you can prevent the vast majority of attacks before they get started.”
Floodgate Defender MSRP pricing starts at $995. Discounts are available for volume orders.