Can You Tunnel Remote Data Without Opening the Firewall?

3 min read

Sep 7, 2016 1:00:00 PM

The more regulated your industry, the more likely it is that you have a cybersecurity team that is extremely vigilant about gaps in security.  Traditionally, remote OPC tunneling has generally always required that network firewalls have at least one port open for data transfers to work successfully.

But what if you work in one of these highly regulated industries and your IT/cybersecurity department won't allow you to open any firewall ports for remote data sharing?

This blog post will discuss why it's important for a tunneler solution to support alternatives to the traditional methods of tunneling with open firewall ports to ensure network integrity.

Secure Data Transfer without Open Firewall PortsIf you've clicked on this post then you probably need to share data remotely in your control system but have strict security protocols for your network.  Network security is certainly an important topic and becoming more and more prevalent in discussions of industrial control systems.

If you have remote locations between which you need to share data, above and beyond traditional tunneling, it's likely you would need VPNs or WANs or even proprietary hardware systems for connecting the various remote sites.  Introducing those technologies can be either extremely complicated or expose your network to cyber attacks, when not properly secured.

Currently in the process of choosing a tunneling solution?  Learn more about cyber security considerations and other variables in our free whitepaper "25 Considerations when choosing a tunneling solution".

Since most tunneling solutions would require at a minimum one open firewall port for transfer (even when using SSL encryption, this can still be a vulnerability), it's entirely possible that your IT or cybersecurity department wouldn't even consider such a solution.  If you're considering a tunneling solution then, as a first step, make sure to find out everything you can about the tunneling solution with respect to the methods it uses for a secure tunneling connection.  Find out from the vendor if firewall ports have to be opened, if a VPN connections or WAN are going to be necessary to even make the connection.

But if the tunneling solution could alternately transfer the data without requiring any open firewall ports, VPNs, WANs or other potentially complex or vulnerable components, your IT or cyber security team would likely be more inclined to evaluate implementing the solution.  Some tunneling solutions have the ability to make outbound only secure socket connections - no open inbound ports provides no attack surface for hackers or other cyber threats to exploit.

And, above and beyond open ports, what about write access to your data.  Does the tunneling solution provide you with the ability to define read/write access and limit write access to only certain parties based on user credentials?  Consider whether or not you require that level of flexibility when it comes to your control data and ask your vendor what options they provide.

Cybersecurity in industrial control is a topic that has been discussed and will continue to be discussed into the foreseeable future.  For the most secure, reliable sharing of remote data, make sure to select a tunneling solution that provides the lowest level of exposure possible for your industrial network.

Cybersecurity, however, is just one consideration when choosing a tunneler - learn about the other variables you should be considering in the free whitepaper “25 Considerations when choosing a tunneling solution”.

Download 25 Considerations when choosing a tunneling application

Win Worrall
Written by Win Worrall

Software Toolbox Technical Blog

We're engineers like you, so this blog focuses on "How to" appnotes, videos, tech team tips, product update announcements, user case studies, and other technical updates.  Subscribe to updates below. Your feedback and questions on posts are always welcomed - just use the area at the bottom of any post.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all