Industrial Communications Handbook August 2016

vice, pretending it was the original sender of the traf- fic. A stateful firewall picks this up because it moni- tors the actual connection and not just the packets individually. A properly configured firewall is set with a gener- al policy to deny any traffic passing through it, with specific rules created for each traffic stream that needs to be allowed. These rules should be as tightly specific as possible. For example, if two individual devices in a subnet need internet access to an online server, make the rule from only those two devices’ IP addresses to the server’s address on the Internet, rather than the entire subnet to the Internet. If they only talk over a single TCP port, set that port as an- other restriction. This makes it harder for anyone to find access through a loophole in the rules. Modern firewall packages come with various other services, each of which needs to be licenced separately. This allows users to pick and choose the specific security options they want to integrate and use on their systems, and can include services such as built in anti-virus checkers, which check all in- coming files, or traffic managers which can be con- figured with a set of rules determining which web- sites can be accessed from inside a secure network. Other services include monitoring of outgoing con- nections to see which devices are performing what services and actions. Whilst many of these features are meant more for corporate environments, they are becoming useful for mission-critical networks as well. 5.6 Virtual Private Networks Another important feature of firewalls is their ability to function as a VPN server. A VPN, or Virtual Private Network, is exactly what the name implies. It is a virtual connection between another router or an end device, and the firewall or VPN server. This creates a virtual network connection that is private: it requires authentication (username and password) to connect to, and encrypts all traffic travelling across it. A VPN can be created over an unsecure network such as the Internet and sensitive traffic can be sent across it without fear of this traffic being intercepted. These days VPNs are popular for civilian use to obscure Internet activities and to bypass various geographic

fact Your PC, tablet or Android smartphone as a full featured and cost-effective HART communicator ProComSol – DD based communication package • Easy-to-use and reliable combination of Smart communicator software and USB or Bluetooth HART modem (>80m range) • Extended functionality: easy updating, multi-function and documentation capability

• Complete HART configurations using device DD: all parameters, including methods

industrial communications handbook 2016 KROHNE South Africa 8 Bushbuck Close, Corporate Park South Randjiespark, Midrand, Tel.: +27 113141391 Fax: +27 113141681, John Alexander, j.alexander@krohne.com, www.za.krohne.com

31