W&T Microwall:

The Gigabit Microwall from network specialist Wiesemann & Theis sets the tone for a new series of easy to use security products for industry and manufacturing. This miniature firewall isolates potentially susceptible or untrustworthy devices and machines in their own network segments. Communication with these secure islands in the network is limited to situations absolutely needed for operation. Attacks on open TCP or UDP ports as well as undesired data connections are effectively prevented.

Perimeter firewalls analyze the incoming data traffic and filter emails, malicious Internet sites or connection attempts from the outside at the interface between local network and internet. If an attacker does succeed in infecting a computer within the network, he can from there move freely in the network.

An impressive example of this was the WannaCry crypto-worm from 2017, which paralyzed hospitals and universities and even the displays at the Frankfut train station. WannaCry spread via a weak point in the software which enables file access to other computers in the Windows network. Any computer with this weakness was directly accessible by its neighboring computer. This meant WannaCry could spread in no time at all to the affected networks.

Effective protection against this type of attacks is accomplished by subdividing networks into individual segments which are permitted to exchange on very limited data with each other. The interface points monitor and control permissible data traffic. A worm which spreads within one of these segments can damage the directly neighboring systems. But in most cases it is unable to move beyond segment borders.

The IT group for medium-size and larger comporate networks sees to it that the network is divided into segments for the various departments. Then say the network segment for management is separated from that of R&D or production.

With the introduction of the Microwall Wiesemann & Theis uses a similar approach: instead of setting up just segments for entire departments, systems which are susceptible or untrustworthy are isolated in their own network segment using the Microwall. This includes for example IoT devices and smart home assistants - but also CNC milling machines or old control computers.

Each function unit is assigned its own network segment - a secure island. Data traffic which is allowed with this segment is limited to only situations absolutely necessary for operations. If a milling machine for example receives production data on TCP port 9000, the Microwall only allows connections through this port. Now if an attacker tries to exploit a weakness in another service, Microwall already prevents and logs this connection attempt. But devices which are on the same island may continue to communicate with each other unhindered.

The Microwall is a 2-port firewall router. Configuration is uncomplicated and uses a web-based user interface. After setup the configuration interface can be permanently disabled, so that physical access to the device is required for a new configuration. The Microwall is available now for a net price of 398.00€. Commercial users may test the product for a period of four weeks at no cost.

Wiesemann & Theis was founded in 1979 by Reinhard Wiesemann and Rüdiger Theis. The company produces microcomputer and network technology products from their location in Wuppertal with 50 employees. In 2001 Wiesemann & Theis introduced the Web Thermometer, the first temperature sensor to have a network interface which is compatible with Industry 4.0 and the Internet of Things, representing more than 15 years of experience at this industrial forefront.