Floodgate Defender
Overview
Floodgate Defender™ is a compact firewall appliance providing drop in protection for networked industrial devices. Installation and configuration is done in minutes, providing instant protection against cyber-attacks from hackers, denial of service attacks, cyber-sabotage attacks, automated hacking bots, and other Internet-based threats.
A secure web interface allows configuration of customized communication policies. Floodgate Defender enforces these policies, dropping unwanted packets before they are passed to the target device, blocking attacks before a connection is even established.
Hackers Targeting Industrial Devices
Internet-based attacks are on the rise and an increasing number of these attacks are targeting industrial devices. Cyber-criminals, hacking bots, industrial or international espionage agents and even terrorist groups are now targeting industrial, military and utility systems.
Reported attacks against industrial devices include:
- Automotive manufacturing plant shutdown resulting from a cyber-attack Hackers breached SCADA systems in 3 different cities (based on an FBI report).
- Pipeline monitoring system that failed due to a DoS attack.
- Train system delays caused by hackers.
- Sewage spill caused by a control system that was hacked by an insider.
- Pacemakers, insulin pumps and other medical devices hacked by researchers.
- Printers that were hacked for corporate espionage.
Device Protection with Floodgate Defender
Firewall technology is the cornerstone of security for home and corporate networks. Any modern PC includes a firewall. Yet most industrial control devices have no firewall. Worse still, many of these devices have been in service for years and include no security features at all. Replacing or upgrading these systems is impractical and expensive.
Floodgate Defender adds security to existing systems without modifying the network, control systems, or legacy devices. Simply install Floodgate Defender in front of the TCP/IP connection of the device you want to protect, configure the filtering rules, and Floodgate Defender does the rest. With Floodgate Defender you can preserve the investment in your current systems without sacrificing security.
Protection from Cyber-Espionage and Cyber Terrorism
Floodgate Defender provides bidirectional firewall capability, allowing complete control of communication both to and from the target device. Bidirectional firewalling ensures the protected device only communicates with known, trusted IP addresses. Cyber-espionage attacks, data-stealing-malware and any other attacks that attempt to send data from the protected device are blocked. This feature can also be used to quarantine an infected or non-trusted device.
Cyber Terrorists are often highly sophisticated with deep knowledge of the target device, allowing their attacks to disable or bypass traditional security measures. By controlling all communication with the target device, Floodgate Defender can block sophisticated cyber terrorism attacks.
Protection from Insider Attacks
Insider attacks accounted for more than 20% of all cyber-attacks, according to a 2011 study. Just beause a device is located behind the corporate firewall does not mean it’s safe from attackers.
Floodgate Defender provides an extra layer of defense against insider attacks. Communication policies can be customized for each device, ensuring that non-authorized communication is blocked. Floodgate Defender allows industrial devices to be connected to the corporate network while protecting them from unauthorized users, even from users who have legitimate access to the corporate network. In addition, logging and reporting capabilies can be used to detect and investigate unauthorized access no matter where it originates.
Using Floodgate Defender
Floodgate Defender can be used to protect any device attached to the Internet or any other TCP/IP network. Floodgate Defender is installed between the device and the Internet and operates transparently; no modifications are required to either the network or to the device being protected. Floodgate will work with any network configuration. Floodgate Defender auto configures based on your network topology.
Blocking Attacks
Floodgate Defender uses a set of communication policies to filter packets before passing them to the device for processing. The communication policies define who the device is allowed to communicate with (IP address and MAC address filtering) and what communication is allowed (port and protocol filtering). When a hacker tries to access a protected device, Floodgate Defender recognizes that the source IP address is not a known, trusted IP address and drops the packets. The identified packets are not forwarded to the protected device and the attack is blocked before a connection is even established.
Floodgate Defender also recognizes and blocks common cyber attacks such as TCP SYN Flood attacks even if they originate from a trusted IP address.
Features
- Secured with McAfee Application Control to ensure the device itself remains secure.
- Filtering modes: rules-based filtering and stateful packet inspection.
- Secure web configuration interface.
- Log file and email alerts of security events.
- Supports user-defined or default policies.
- Protocols supported: Ethernet: TCP/IP, UDP/IP, & ICMP.
- Filtering modes: whitelist or blacklist.
- Filtering criteria: Ethernet MAC address, Ethernet frame type, IP address, IP protocol, TCP port number, UDP port number.
Hardware specifications
- Size: 4” x 4.5” x 1”
- Weight: 13 oz
- Operating temperature: 0–70 C
- Power input: 12 VDC (external power brick provided)
- Power usage: 8W full load, 1W standby, 6W low load
- 2 x 1000 BaseT Ethernet connections.
Logging and Alerting
Floodgate Defender generates email alerts when alarm conditions are detected. It also maintains a log of all packets that violate communication policies. These logs can be used for forensic investigation to determine the source of an attack.