Media Relations for a Connected World
Icon Labs Embedded Security Solutions featured in Electronic Design Magazine
Isolation at the network level also can help secure a device. Firewalls, VPNs, and intrusion detection systems are all part of a developer’s repertoire. They often are incorporated into the OS or an OS distribution.
Another approach is to put these features into a separate physical or virtual device. This simplifies the host environment and is really the only alternative to protecting legacy environments. It does not protect the legacy system if an attack can make it onto the system, but limiting access to the system can go a long way in protecting it. Isolation can be very effective if there is a dedicated VPN link between the device and an isolated network.
Virtualization allows each inclusion of virtual firewall. A VM will have access to a network through another VM that acts as a firewall. Physical firewalls are common, with smaller ones targeting embedded and legacy systems.
Icon Labs’ Floodgate Defender is a firewall targeting this space (see “Securing Embedded Devices” at electronicdesign.com). It can restrict communication between network ports and addresses so a host device can only communicate with other whitelisted devices within the network. Secured with McAfee Application Control, it incorporates intrusion detection and prevention support. Logging and alert messaging allows a large group of devices to be managed.
Zilog’s ZGate reference design puts Icon Labs technology on an 8-bit eZ80Acclaim microcontroller (Fig. 2). This type of system is intended for customization by developers who would incorporate the chip into an embedded system offloading the network security support.