IT security for control cabinet air conditioning from Schwäbisch Hall

Balance between security and usability
IT security for control cabinet air conditioning from Schwäbisch Hall

03/01/2023

By Sabine Kuch

providers on the topic

Stego Elektrotechnik provides a wide range of temperature and humidity control systems that protect electrical and electronic systems from moisture, cold or heat. Great value is placed on innovation and safety during development and manufacture. And so it is not surprising that Stego also relies on reliable IT solutions in the area of ​​network security.

At Stego Elektrotechnik, an in-house core team has been working together with external IT experts for several years on the continuous improvement and strengthening of IT security, thus combining local company knowledge with external expertise. The team led by Christof Peikert is familiar with the network structures that have grown over the years, both in the office and in the production network.

A challenge that many companies face: Monitoring and control systems have been in use for many years without continuous security updates. Either such patches are not available, changing the software is not without risks, or it can invalidate existing certifications. When connected to an IP network, these machines pose a security risk. There are also insecure connections and limited visibility. This makes IT security for OT systems a challenge. In addition, companies are increasingly replacing proprietary communication protocols with the globally used and accepted network protocols Ethernet and TCP/IP. However, this improved connectivity means that industrial facilities are more vulnerable to cybercriminals.

NAC as central security and management system

The fundamental step in providing a secure IT infrastructure at Stego was the implementation of a comprehensive Network Access Control (NAC) solution. Networks are thus protected against the intrusion of unwanted devices by a central security authority. This enables targeted defense and ensures a quick and complete overview of all devices for transparent and efficient network management. The IT team is also pleased with the time savings that can be achieved through reduced administrative tasks.

End of double data maintenance

One of the most dangerous and at the same time unpopular tasks is double data maintenance. Information required and processed by multiple systems must be consistent to avoid errors and incidents.

Christof Peikert: “The interface to Baramundi was a key factor in the selection of Macmon. End devices that are managed in the Management Suite require secure access to the company network. Information is exchanged in a targeted manner within the applications via the common interface. This reduces numerous administrative processes, lowers the error rate through automation and increases Stego network security. Automating these processes reduces the workload for our IT team.”

The Management Suite supports the IT department in managing and automating tasks such as installing, distributing, inventorying, protecting or backing up end devices. The modular functions reduce the effort for time-consuming routine processes that were previously done manually.

At the same time, the entire life cycle of all end devices used in the company can be managed – from the classic Windows client to the mobile end device. In addition, the solution supports the monitoring and control of the network, including the associated infrastructure. Which end devices are to be accessed when and where, and what type of access these are, is implemented with a high degree of automation.

The following scenarios are covered by the integration:

• The integration of both products enables direct data exchange: both for automated care and for automated response to devices that do not meet the security requirements of the company.

• New device: As a rule, new end devices are first included in the Management Suite in order to load them with the necessary software and prepare them for productive use. The integration allows the immediate transfer of end device information such as MAC address and host name to the NAC solution for notification, so that the necessary access is granted automatically.

• Managed Endpoint: While initially only very limited access rights may be granted, the NAC solution can also be informed about the completion and commissioning of the end device. In this way, the productive devices are automatically moved to zones with more extensive access options as soon as a corresponding configuration status is reached.

• end of life The life cycle of end devices also plays a major role in data maintenance. Discarded or temporarily deactivated end devices can be removed directly in the NAC application via the administration. Access is blocked immediately and misuse is made impossible.

Network security is realized by:

• Topology: Convenient and automatic visualization of all network components for a complete network overview. Constructive handling of requirements from audits and revisions.

• advanced security: Collection of the end device operating system, domain and name for clearer identification – in connection with NAC, the information is used to detect, defend against and localize attacks.

• Network Access Control: Comprehensive overview of all devices in the network, live inventory management, immediate alerting of unknown devices and initiation of automatic countermeasures.

• VLAN manager: Effective and time-saving management component for easy introduction and automated operation of static and dynamic VLAN concepts.

• 802.1X: Authentication using the RADIUS server using MAC address, username/password, AD account or certificate; extended mixed operation with SNMP and 802.1X.

• Guest service: The guest portal offers the intelligent and flexible management of any third-party device through a granular guest ticket system for controlled, temporary LAN and WLAN access, including a sponsor and BYOD portal.

At Stego, the allocation of network access is currently handled by the IT department. In the next stage, employees are enabled to create vouchers themselves. In addition to security aspects, this new process also saves time for the Stego IT team.

Christof Peikert draws a conclusion: “We are a globally operating company and also active in China, among other places. In recent years, the number of attacks on our network has increased, which we have been able to fend off satisfactorily. When designing and implementing our IT security strategy, we must always attach importance to the balance between maximum security and usability for our employees. We opted for an NAC solution from Macmon secure, which offers many synergies through its numerous technology partnerships, for example through the exchange of information with other security solutions. We gain visibility and control over our network and can save valuable time by automating processes.”

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.

READ:  Five Tips for Staying Safe in A Hybrid Workplace

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.

The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.

If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.

right of revocation

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

(ID:49222845)