The Security Risks You Need to Know about the Industrial Switch

Research data shows that 22% of customers believe that when purchasing products and solutions such as industrial Ethernet switches, the most important concern is security, followed by stability (21%), speed (14%) and compatibility (12%). In addition, 7% of users pay more attention to whether the selected industrial Ethernet protocol is a national standard. With the networking of more factory-critical equipment, security has become the biggest concern for Ethernet applications. When assessing the level of security threats to their 'control system' network, a whopping 26% said their systems were vulnerable.

Today, let's take a look The Security Risks You Need to Know about the Industrial Switch:

1. Broadcast storm attack

When the industrial switch receives large-traffic broadcast data, multicast data, or unicast data whose destination MAC address is randomly constructed, it will be forwarded in broadcast mode. If the industrial switch does not support the flow control of flooded data, the network The bandwidth may be filled with these junk data, so that other users in the network cannot surf the Internet normally. Therefore, the switch needs to support rate limiting the flooded data received from each port.

2. Data attacks on the network

When a malicious user sends a very large amount of data to the router, and the data is sent to the router through the industrial switch, it also occupies most of the bandwidth of the uplink interface, so other users will also be very slow to access the Internet. Therefore, the industrial switch needs to limit the rate of each port in the inbound direction, otherwise malicious users can attack the network where he is located, thereby affecting all other users in the network.

3. Massive MAC address attack

Because the industrial switch uses the MAC address as an index when forwarding data, if the destination MAC address of the datagram is unknown, it will be forwarded in a flooded manner in the network. Therefore, malicious users can send a large amount of junk data to the network, and the source MAC addresses of these data keep changing, because industrial switches need to continuously learn MAC addresses, and the capacity of the MAC table of switches is limited. When the MAC table is full, the original MAC address will be overwritten by the newly learned MAC address. In this way, when the industrial switch receives the data sent by the router to a normal customer, it will forward the data in the network in a flooded manner because the record of the customer's MAC cannot be found, which greatly reduces the forwarding performance of the network. Therefore, industrial switches need to be able to limit the number of MAC addresses that each port can learn, otherwise the entire network will degenerate into a network similar to the HUB.

4. MAC spoofing attack

In order to attack the network and paralyze it, malicious users can also change their MAC address to the router's MAC address, and then send it to the industrial switch continuously. In this way, the industrial switch will update the record of MAC-X, thinking that MAC-X is located in the router. On the port connected to the malicious user, when other users send data to the router, the switch will send the data to the malicious user, so that the user who sends normal data cannot access the Internet normally.

Therefore, the industrial switch should have the function of binding the MAC to the port, otherwise malicious users can simply crash the network; or the switch needs to bind the source MAC address of the data that each port allows to enter the network, so that malicious users cannot pass the MAC address. Spoofing to attack the network.

5. ARP spoofing attack

Malicious users can conduct ARP spoofing attacks, that is, no matter which IP address they receive an ARP request for, they will immediately send an ARP reply, so that data sent by other users will also be sent to the malicious user's MAC address. Naturally, these users cannot function normally. go online.

Therefore, the industrial switch should implement the binding function of the port and the IP address, that is, if the received ARP request, ARP reply, and port data are different from the bound IP, these data can be discarded, otherwise the network will be paralyzed.

6. Loop attack

The user also installs an industrial switch in his own home, and deliberately connects both ends of a network cable to the switch to form a loop, and then uses the network cable to connect the switch to the switches in the network. In this case, the MAC address learning in the network will be disordered, and the industrial switch will generate errors when forwarding data, and the entire network will also crash.

Summary: The more powerful the function of the industrial switch, the more security risks, and its security issues are also getting more and more important. We must do a good job in these aspects to ensure that the follow-up development can be unimpeded.