Why hardware-based remote access solutions are more secure


remote access security

In order to protect facilities, systems, equipment and networks from external attacks, a strong state-of-the-art security posture is needed when it comes to remote connectivity. Implementing remote access to machines via hardware gateways rather than via "remote desktop connection" solutions allows for greater control of this connectivity, without having to worry about the constant updating of individual drivers, operating systems and software. In this blog article, we explain why choosing remote access via dedicated industrial gateways is the most secure choice!




1. It restricts access to the machine network (WAN/LAN Network segregation)

 

Network segregation limits remote access only to the devices connected to the LAN of the industrial gateway. In this way, access to the factory network is prevented. Remote operators can only reach devices connected to the devices on its LAN side, but do not get access to the factory network, on the WAN side. On the contrary, a person connecting remotely through a remote PC might be able to access to the whole Factory Network (no LAN segregation) which can represent a security vulnerability. 

 



LAN Segregation - IT Approved


IIoT Security Challenge

2. Remote desktop solutions carry several risks; unlike dedicated industrial gateways 

 

Using a software-based, remote desktop solution for industrial connectivity can imply several risks. For example, an on-site PC may be used in totally unrelated contexts (other files, folders, programs may be stored on that PC). This can then unintentionally give access to confidential information to external parties using it for maintenance purposes. In addition, PLC or HMI programs are stored on the on-site PC itself and can easily be copied without authorization. All of the above is not possible with an hardware gateway placed inside the machine's panel. 

 

3. Industrial remote access gateways often enable avanced user and access management 

 

Industrial remote access solutions such as Ewon's provide traceability. A login report can be made available to account administrators to verify which users logged into which equipment, when and for how long. This report can be a valuable tool to ensure that security policies are followed. In addition, when authenticating (using: user/password), it is possible to add a second layer of security with a key sent by SMS that changes with each login (multi-factor authentication). All of this is not necessarily possible with a remote desktop solution 

 



download reports and logs from ecatcher


Security - Encryption

4. You can leverage the most advanced hardware security technologies

 

By choosing solutions like Ewon's, you can leverage the most advanced technologies in embedded hardware security. For example, the new generation of Ewon gateways, namely the Cosy+, includes a dedicated secure element chip (which is certified CC EAL6+) that serves as a root-of-trust to deliver state-of-the-art, end-to-end security. This type of advanced technology puts security at the heart of the device and keeps you at the forefront of security. 

 


Do you want to benefit from the efficiency of such a cutting-edge solution without spending hours configuring it?

Discover the Cosy+ range! 


All of the above is fully integrated in Ewon's new generation industrial gateway, the Cosy+. It is the new standard of secure remote access, offering multiple connectivity options for successful deployment in any situation. Capitalizing on the success of the Cosy 131, Cosy+ is the latest evolution in industrial remote access, resulting from the implementation of the most advanced security technologies in hardware devices.


Discover the Cosy+ range 

PLC-connected-Ewon-industrial-remote-connectivity-solutions