IT security for control cabinet air conditioning from Schwäbisch Hall

Balance between security and usability
IT security for control cabinet air conditioning from Schwäbisch Hall

By Sabine Kuch

providers on the topic

Stego Elektrotechnik provides a wide range of temperature and humidity control systems that protect electrical and electronic systems from moisture, cold or heat. Great value is placed on innovation and safety during development and manufacture. And so it is not surprising that Stego also relies on reliable IT solutions in the area of ​​network security.

In practice, the climatic conditions for electrical and electronic installations are not always ideal.  Stego Elektrotechnik tries to minimize the resulting risks and to optimize the operating conditions in systems.
In practice, the climatic conditions for electrical and electronic installations are not always ideal. Stego Elektrotechnik tries to minimize the resulting risks and to optimize the operating conditions in systems.

(Image: Negro Elkha –

At Stego Elektrotechnik, an in-house core team has been working together with external IT experts for several years on the continuous improvement and strengthening of IT security, thus combining local company knowledge with external expertise. The team led by Christof Peikert is familiar with the network structures that have grown over the years, both in the office and in the production network.

A challenge that many companies face: Monitoring and control systems have been in use for many years without continuous security updates. Either such patches are not available, changing the software is not without risks, or it can invalidate existing certifications. When connected to an IP network, these machines pose a security risk. There are also insecure connections and limited visibility. This makes IT security for OT systems a challenge. In addition, companies are increasingly replacing proprietary communication protocols with the globally used and accepted network protocols Ethernet and TCP/IP. However, this improved connectivity means that industrial facilities are more vulnerable to cybercriminals.

NAC as central security and management system

The fundamental step in providing a secure IT infrastructure at Stego was the implementation of a comprehensive Network Access Control (NAC) solution. Networks are thus protected against the intrusion of unwanted devices by a central security authority. This enables targeted defense and ensures a quick and complete overview of all devices for transparent and efficient network management. The IT team is also pleased with the time savings that can be achieved through reduced administrative tasks.

End of double data maintenance

One of the most dangerous and at the same time unpopular tasks is double data maintenance. Information required and processed by multiple systems must be consistent to avoid errors and incidents.

READ:  More Database Security Right from The Start

Christof Peikert: “The interface to Baramundi was a key factor in the selection of Macmon. End devices that are managed in the Management Suite require secure access to the company network. Information is exchanged in a targeted manner within the applications via the common interface. This reduces numerous administrative processes, lowers the error rate through automation and increases Stego network security. Automating these processes reduces the workload for our IT team.”

The Management Suite supports the IT department in managing and automating tasks such as installing, distributing, inventorying, protecting or backing up end devices. The modular functions reduce the effort for time-consuming routine processes that were previously done manually.

At the same time, the entire life cycle of all end devices used in the company can be managed – from the classic Windows client to the mobile end device. In addition, the solution supports the monitoring and control of the network, including the associated infrastructure. Which end devices are to be accessed when and where, and what type of access these are, is implemented with a high degree of automation.

The following scenarios are covered by the integration:

  • The integration of both products enables direct data exchange: both for automated care and for automated response to devices that do not meet the security requirements of the company.
  • New device: As a rule, new end devices are first included in the Management Suite in order to load them with the necessary software and prepare them for productive use. The integration allows the immediate transfer of end device information such as MAC address and host name to the NAC solution for notification, so that the necessary access is granted automatically.
  • Managed Endpoint: While initially only very limited access rights may be granted, the NAC solution can also be informed about the completion and commissioning of the end device. In this way, the productive devices are automatically moved to zones with more extensive access options as soon as a corresponding configuration status is reached.
  • end of life The life cycle of end devices also plays a major role in data maintenance. Discarded or temporarily deactivated end devices can be removed directly in the NAC application via the administration. Access is blocked immediately and misuse is made impossible.
READ:  Phishing Has Become Professionalized and Is Part of Everyday Corporate Life

Network security is realized by:

  • Topology: Convenient and automatic visualization of all network components for a complete network overview. Constructive handling of requirements from audits and revisions.
  • advanced security: Collection of the end device operating system, domain and name for clearer identification – in connection with NAC, the information is used to detect, defend against and localize attacks.
  • Network Access Control: Comprehensive overview of all devices in the network, live inventory management, immediate alerting of unknown devices and initiation of automatic countermeasures.
  • VLAN manager: Effective and time-saving management component for easy introduction and automated operation of static and dynamic VLAN concepts.
  • 802.1X: Authentication using the RADIUS server using MAC address, username/password, AD account or certificate; extended mixed operation with SNMP and 802.1X.
  • Guest service: The guest portal offers the intelligent and flexible management of any third-party device through a granular guest ticket system for controlled, temporary LAN and WLAN access, including a sponsor and BYOD portal.

At Stego, the allocation of network access is currently handled by the IT department. In the next stage, employees are enabled to create vouchers themselves. In addition to security aspects, this new process also saves time for the Stego IT team.

Christof Peikert draws a conclusion: “We are a globally operating company and also active in China, among other places. In recent years, the number of attacks on our network has increased, which we have been able to fend off satisfactorily. When designing and implementing our IT security strategy, we must always attach importance to the balance between maximum security and usability for our employees. We opted for an NAC solution from Macmon secure, which offers many synergies through its numerous technology partnerships, for example through the exchange of information with other security solutions. We gain visibility and control over our network and can save valuable time by automating processes.”