Ethernet-based systems have been widely deployed in industrial settings since the early 2000s, when businesses started to integrate digital communications into their production processes. The explosive development of office-based Ethernet networks and network technology had a role in this evolution. Manufacturers in varying industries wanted to have the increased level of digital data, sensor information, and data from devices like PLCs and intelligent servo drives. This information gives operators better control over the production process.
Despite the numerous advantages that these Ethernet-based systems could offer, some drawbacks were present. Whilst unmanaged Ethernet switches provide greater simplicity and lower costs, they also pose the risk of loss of network visibility and network control. They can also be susceptible to security breaches and cyber attacks as a result of vulnerable devices on the network. The solution to this is to shift to managed Ethernet switches.
The Risks of Unmanaged Ethernet Switches
As industrial Ethernet networks grow and become more complex, the focus on security becomes increasingly important. This includes having visibility of what is being connected to the network, whether it has the right permissions and if it presents any risk of infiltration of malware.
Security
Unmanaged switches lack the software layers found in managed switches, which are essential for exerting precise control over network traffic flow and regulating the connection of devices. In unmanaged switch scenarios, anyone can easily connect a PC to the switch, gaining access to the network segment and potentially discovering entry points into broader sections of a manufacturer’s operational technology (OT) or information technology (IT) infrastructure.
Numerous hacker groups and online criminals consistently focus their efforts on the industrial components of corporate networks. This is partly due to the fact that many of these networks still rely on unmanaged Ethernet switches, which present vulnerable entry points that can be exploited.
The solution
Managed Ethernet switches are known for their ability to offer what is commonly referred to as “defence in depth”. This concept has been integrated and formalised in the ISA/IEC 62443 series of standards, which establish requirements and processes for ensuring the electronic security of industrial automation and control systems (IACS). These standards not only establish best practices for security but also provide a framework for evaluating the effectiveness of security measures.
By adhering to these standards, managed industrial Ethernet switches incorporate multiple layers and features that work in tandem to provide the highest level of protection against potential risks. When someone seeks to add a device or PC to a system equipped with a managed network switch, these overlapping security layers may encompass advanced password encryption capabilities, MAC (Media Access Control) security, customisable password length, and multi-level user access control. Furthermore, managed Ethernet switches can be easily configured to automatically disable user or port credentials after a predefined number of unsuccessful access attempts.
Lack of network control
Unmanaged Ethernet switches struggle with traffic control primarily because they lack the advanced features and capabilities that managed switches possess. Some of the reasons for this include:
- A lack of configuration options – unmanaged switches operate without any configuration. This means they cannot implement features such as QoS (quality of service), which is used to prioritise traffic based on certain criteria. This is essential for managing and controlling traffic effectively in an industrial environment, and to ensure that certain applications don’t monopolise network resources.
- Limited traffic management – unmanaged switches are unable to control bandwidth allotment, apply traffic shaping, or manage traffic flows. As a result, they cannot optimise network performance for applications that need various amounts of bandwidth, including real-time control systems or video streaming.
- Inability to segment networks – it is difficult to separate different types of traffic or isolate devices for security or performance reasons with unmanaged switches as they cannot build VLANs (Virtual Local Area Networks) or isolate network segments. Traffic management is hampered by this inability to segregate traffic.
The solution
It’s crucial that communication data packets are transmitted from the source to the target device to reduce network delays and subsequently raise the amount of determinism on any network. The processing of crucial communications is delayed when packets are forwarded to destinations where they are not required.
Managed switches give automation engineers exceptional control over these kinds of issues. For example, in a large machining department with multiple machine tools networked together, each work cell may have multiple devices within each tool – such as variable frequency drives (VFD) – generating high volumes of network traffic.
That VFD data may be useful for preventive maintenance and system performance tracking, but it may not be necessary for that data to also be passed up to the PLC in the work cell. Managed Ethernet switches like the Red Lion NT5000 have sophisticated access control lists that automation engineers can use to define that – for a specific MAC address – the broadcast would never traverse the link that goes to the PLC.
This same feature can also be used to limit what additional devices or network links can be connected to a particular uplink port. That can also help ensure a given work cell or automation network segment has its traffic properly managed.
The Importance of Industrial Data
Many manufacturers understand that their industrial data is their most important asset. There are obvious benefits to investing in managed industrial Ethernet switches in Industry 4.0 as companies implement or upgrade their industrial networks to fully capitalise on the speed and power of industrial Ethernet systems.
With cutting-edge capabilities to reduce cybersecurity concerns, they provide industrial users with easier, more dependable access to all of that priceless data. They also give plant managers crucial visibility and greater control over their industrial networks.
Easy Implementation with Red Lion Managed Ethernet Switches
It might seem complicated and time-consuming to manage these types of network security and traffic features. However, a large number of top-tier industrial Ethernet managed switches, like the ones provided by Red Lion have been created for quick, simple, practically “plug-and-play” installation and configuration. An administrator can quickly configure the Red Lion NT5000 Gigabit Managed Ethernet Switch, for instance, using the quick start wizard, which walks them through switch configuration for fast deployment.
Additionally, it supports text-based configuration files, making it simple to transfer the configuration from one device to new NT5000 devices that are connected to the network.
This is particularly helpful in industrial settings where integrating managed Ethernet switches is frequently delegated to controls or automation engineers, whose educational backgrounds and training may not be entirely grounded in Ethernet network configuration tasks and procedures.
It can be as simple as turning on the switch, adding an IP address, and configuring the managed Ethernet switch to comply with all password and network security requirements for that area of the network. The latest generation of switches come pre-configured and many platforms feature simple graphical user interfaces that include a logical view showing:
- Active ports.
- Power supply.
- Temperature and contact relay status.
- Colour-coded gauges for port traffic and event tracking.
These features, combined with diagnostic tools, enable quicker analysis and isolation of network faults to assist maximise network uptime, allowing administrators to swiftly identify and address any network interruptions in real-time.
Recommended Products
Red Lion NT-5008 Industrial Ethernet Switch
Designed to keep your network connected and protected, Red Lion’s N-Tron series NT5000 switches provide ease of use, reliability, and security features to maximise operating performance and system uptime.
Ease of use features:
- Modern graphical web interface
- Configuration wizard
- Switch logical view
- Graphical dashboards
- Cabling diagnostics
- Full command line interface
Security features:
- HTTPS, SSH, SSL
- IEE 802.1X port and user authentication (RADIUS)
- MAC port security
- SNMPv3
- Port/user lock after failed attempts
- Password encryption
Switch management features:
- IGMP v1, v2, v3 auto configuration
- SNMP v1, v2, v3
- Port mirroring
- Event log/syslog
- Network time protocol (NTP)
- 802.1Q tag VLAN and port VLAN
- IEEE 801.2p QoS and port QoS
- DHCP client
- Text-based config file
- N-View 2 monitoring and firmware management software
Red Lion NT24K-8TX-PT Industrial Ethernet Switch
Red Lion’s N-Tron® series NT24k®-8TX compact managed Gigabit Ethernet switch features eight 10/100/1000Base-T(X) ports providing a reliable and secure communication network to equipment in harsh environments.
Features and benefits
- 8 Copper Ports (Eight 10/100/1000Base-T(X) copper ports)
- Smart Plug-and-Play Operation (IGMP auto-configuration, MDIX auto-sensing cable, simple network ring configuration, backup and restore via recovery card or XML)
- 10 to 49 VDC Redundant Power Inputs (Keeps network running in the event of a power supply failure)
- -40° to 85°C Wide Operating Temperature
- Robust Remote Monitoring
- N-Ring & N-Link™ Network Ring Technology
