Question

Hello,

Could you help me to achieve the maximum security possible for the following set-up?

Lay-out:

I have some PLCs connected on the LAN port of a RUT360. The RUT is connected to the internet via the WAN port and with the 4G connection (as failsafe). Wifi connection is disabled.

Use:

I use the "Modbus TCP" package together with the "Data to server" for sending some variables to a MQTT cloud based broker, with TLS encryption. I use the RMS services for logging in the RUT device remotely and the RMS VPN Hub to update remotely the PLC software.

There is no need for any other connection.

I use the default firewall settings, but I have enabled everything from the attack prevention page.

Is there something more I can do?

Answer 1

Hello,

By default, your router is configured to reject any external traffic/connections, which are not allowed by some specific rules. Default configuration is set to only accept DHCP renew requests, reply to ping packets, and allow IGMP.

Adding a limit of HTTP(S)/SSH connections can be an additional step, when you know your network, and have a good estimate of a number of connections at a given instance, but these are excessive, if you want to have protection from remote connections as these are rejected by default and only apply for internal usage.

Having protection from TCP packets with certain combinations of flags enabled is good to have, just keep in mind that it requires additional processing capabilities and might reduce maximum achievable bandwidth.

The only change you can attempt is in Network -> Firewall page, where instead of having REJECT set for undesired traffic, which sends a reply to the connecting host, you can set DROP, which does not produce any reply to the sender.

Best regards,