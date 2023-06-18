Von:

Markus Irle,

Vice President Firewall & Security,

LANCOM Systems

Stadtwerke Rodgau was hit in February and Stadtwerke Karlsruhe at the beginning of March – utilities are repeatedly the target of cyber attacks. The good news: The critical infrastructure provided by both municipal utilities could be protected. Nevertheless, there is no end in sight to attacks on KRITIS IT.

In the worst case, successful attacks on supply networks can impair basic services, with serious consequences for citizens. Network security therefore plays a crucial role. If modern Next Generation Firewalls are in use, the effort for attackers is significantly higher and the probability of an infrastructure failure is lower.

threat to public safety

Attacks on IT networks can cause great damage to the network and the data processed over it. In the case of so-called KRITIS, the situation is even more complex and the need for action correspondingly greater, since successful attacks not only impair the availability of services and result in financial losses, but can also pose a threat to public safety if the control networks are impaired.

In the worst case, the common good is affected when entire supply networks are paralyzed. It is all the more important to protect networks, prevent unauthorized access and ward off attacks.

Various network attacks

Network security is one of the integral components to protect IT infrastructures against unauthorized access, damage and loss, be it on a technical or organizational level. The aim of all measures must be that the network remains confidential, has integrity and is available. One of the most important tasks of network security is the identification and defense against a wide variety of network attacks:

Distributed Denial of Service (DDoS) attacks aim to overload a network or service with countless requests. As a consequence, it is no longer possible to respond to legitimate requests and the service is no longer available. In phishing attacks, users are deceived and sensitive information such as passwords or account information is stolen.

A malware infection occurs when malicious software is injected into a network with the aim of stealing data or compromising the network. In man-in-the-middle attacks, the perpetrator penetrates and manipulates the communication between two parties. An Advanced Persistent Threat (APT) is a complex network security attack that lasts for a long time and requires a lot of effort. The intruder initially moves undetected and can then set up further harmful structures after manipulating the user rights.

Consequences of a successful attack

The motivation of the perpetrators can vary: at best, the intruders just want to browse the web and show that they have managed to gain access. It becomes even more critical if, for example, accounts are plundered with the stolen data or industrial espionage is carried out. And in the worst case, data is manipulated or even the entire operation is paralysed.

The dangers are manifold. A secure IT network depends on the implementation of security policies and procedures. The permanent monitoring of network activities, a comprehensive risk analysis and regular security audits play an important role.

In addition to encryption technologies, security and password guidelines and security training, modern firewalls are an important component of a holistic security strategy.

Firewalls act as a barrier and filter

The task of a firewall is to prevent unauthorized access to the network and to maintain the security of data and systems. The firewall acts as a link between the individual network segments and guarantees the enforcement of the security rules. This means that the data traffic is checked and filtered to ensure that the data streams comply with this set of rules. Only employees with the appropriate authorization can use certain information, data or services.

In order to prevent network attacks, firewalls check, for example, IP addresses, port numbers, protocols and applications right down to the content of the individual data packets and then decide whether a data packet is allowed or blocked.

Firewall selection criteria

Various criteria must be taken into account when selecting a firewall. First, it must have all the features and configuration options to withstand the demands of the critical infrastructure, including intrusion detection and prevention, VPN support, application control, content filtering, and anti-malware functions.

Another aspect is their scalability. The infrastructure of municipal and utility companies can change over time – the firewall should be able to cope with this and adapt accordingly. In order to ensure efficient and fast work, it should be coordinated with the network in terms of data volume, number of users and changing data volume in order to also master throughput peaks.

UTM-Firewalls

So-called UTM firewalls (Unified Threat Management) offer a great deal of relief. It is an “all-in-one” solution that combines security features from a single security solution on a common platform, including anti-virus and SSL inspection. In practice, this means that individual security mechanisms no longer have to be set up in different systems at great expense. Tailor-made security guidelines are implemented in just one device via a uniform operating concept.

Cloud-powered, automated security

Another criterion is monitoring and configuration: A firewall should be as easy as possible to configure, manage and monitor. Automated processes that contribute to more effective firewall use and help to avoid incorrect configurations can provide support – cloud-based firewall management is playing an increasingly important role here.

In addition to a graphic operating concept, the management of network security solutions from the cloud is required, so the conventional, manual, error-prone and time-consuming firewall configuration is no longer necessary. VPN connections between the various utility company locations can be easily set up via the cloud. KRITIS structures in particular often have a large number of locations and distributed infrastructure components. If configurations, for example of content filters, anti-virus functions and application management, are applied centrally and automatically to the locations, this makes the work of the IT administrators much easier.

Security “Made in Germany” with certification

The manufacturers themselves, and not just their solutions and features, should be critically examined when making the selection. Digital sovereignty is becoming more and more important when choosing a provider. A good indicator of the integrity of a technology provider are seals of trust: The ITSmiG mark (“IT Security Made in Germany”) is only awarded to manufacturers with their headquarters in Germany who are free from third-country influence and who guarantee the trustworthiness and data protection conformity of their solutions.

They are committed to highly secure encryption and backdoor freedom in their products. Only under these conditions can they reliably protect against data leakage, manipulation or sabotage.

Conclusion

Cyber ​​criminals also take advantage of technical progress, which leads to ever-increasing demands on corporate security, data protection and the availability of IT systems. Network security is becoming an ever greater challenge.

A correctly configured Next Generation UTM firewall can significantly increase the level of protection in combination with other IT security components.

Cloud-based firewall management offers KRITIS many advantages that contribute to more security, flexibility and efficiency because manual misconfigurations can be prevented and threats can be quickly identified and eliminated

If certified solutions from European providers are used, suppliers are digitally sovereign and all the prerequisites for reliable protection against data leakage, manipulation or sabotage are met. (sg)

