Software Toolbox Technical Blog

2 min read

Can You Tunnel Remote Data Without Opening the Firewall?

Sep 7, 2016 1:00:00 PM


The more regulated your industry, the more likely it is that you have a cybersecurity team that is extremely vigilant about gaps in security.  Traditionally, remote OPC tunneling has generally always required that network firewalls have at least one port open for data transfers to work successfully.

But what if you work in one of these highly regulated industries and your IT/cybersecurity department won't allow you to open any firewall ports for remote data sharing?

This blog post will discuss why it's important for a tunneler solution to support alternatives to the traditional methods of tunneling with open firewall ports to ensure network integrity.


Secure Data Transfer without Open Firewall PortsIf you've clicked on this post then you probably need to share data remotely in your control system but have strict security protocols for your network.  Network security is certainly an important topic and becoming more and more prevalent in discussions of industrial control systems.

If you have remote locations between which you need to share data, above and beyond traditional tunneling, it's likely you would need VPNs or WANs or even proprietary hardware systems for connecting the various remote sites.  Introducing those technologies can be either extremely complicated or expose your network to cyber attacks, when not properly secured.

Currently in the process of choosing a tunneling solution?  Learn more about cyber security considerations and other variables in our free whitepaper "25 Considerations when choosing a tunneling solution".

Since most tunneling solutions would require at a minimum one open firewall port for transfer (even when using SSL encryption, this can still be a vulnerability), it's entirely possible that your IT or cybersecurity department wouldn't even consider such a solution.  If you're considering a tunneling solution then, as a first step, make sure to find out everything you can about the tunneling solution with respect to the methods it uses for a secure tunneling connection.  Find out from the vendor if firewall ports have to be opened, if a VPN connections or WAN are going to be necessary to even make the connection.

But if the tunneling solution could alternately transfer the data without requiring any open firewall ports, VPNs, WANs or other potentially complex or vulnerable components, your IT or cyber security team would likely be more inclined to evaluate implementing the solution.  Some tunneling solutions have the ability to make outbound only secure socket connections - no open inbound ports provides no attack surface for hackers or other cyber threats to exploit.

And, above and beyond open ports, what about write access to your data.  Does the tunneling solution provide you with the ability to define read/write access and limit write access to only certain parties based on user credentials?  Consider whether or not you require that level of flexibility when it comes to your control data and ask your vendor what options they provide.

Cybersecurity in industrial control is a topic that has been discussed and will continue to be discussed into the foreseeable future.  For the most secure, reliable sharing of remote data, make sure to select a tunneling solution that provides the lowest level of exposure possible for your industrial network.

Cybersecurity, however, is just one consideration when choosing a tunneler - learn about the other variables you should be considering in the free whitepaper “25 Considerations when choosing a tunneling solution”.

Download 25 Considerations when choosing a tunneling application

Win Worrall
Written by Win Worrall

Join Our Journey

Working in industrial automation since 1996, the Software Toolbox team has seen a lot. The level of automation system sophistication of our integrators and users has evolved, each driven by the demands of their market and clients.  Everyone's learning continues as technological change accelerates.

This blog is about sharing from these journeys.  From tips on implementing software, successes our clients have experienced, or new ideas and things to consider in your journey, we'll be sharing them here.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all