Introducing the EDS-(G)4000 Managed Switches That Strengthen Your Network Resilience

The EDS-4000/G4000 Series industrial-managed Ethernet switches represent a new chapter in industrial networking. With a reliable, easy-to-use design and heightened security features, these managed switches strengthen your network resilience to tackle common networking challenges.

Why Moxa EDS-(G)4000 Industrial Managed Switches?

 Secure Network Connectivity

• The World's 1st IEC 62443 certified networking devices by IECEE
• Hardened devices with embedded security functions

Easy Management and Maintenance

• The intuitive interface of MX-NOS and MXview simplifies network operations
• Modular power design simplifies installation and maintenance

Robust Design for Harsh Environments

• Multiple certifications for the railway, marine, power, ITS, and similar applications
• Robust power design including isolated redundant power inputs

High‑performance Capabilities

• 2.5 GbE bandwidth for highly efficient Ethernet networks
• 90 Watts IEEE 802.3bt PoE enables power-intensive applications
• Intelligently integrated with smart fiber/PoE management features for remote diagnostics

Networking Evolved Moxa EDS-(G)4000 Industrial Managed Switches

For more details visit: Moxa Inc. | Networking Evolved

(Courtesy of MOXA)

A Tiny but Mighty Ethernet Switch

 

As the manufacturing industry continues to evolve and improve, the requirements of network infrastructure constantly change when refurbishing or expanding facilities. When these changes take place, there are often space constraints for installing products in existing cabinets or machines.

To keep up with changing connectivity requirements while saving you time and effort, the EDS-2000-EL Series unmanaged switches include 5- and 8-port Ethernet options, with the 5-port model only measuring 18 x 81 x 65 mm. In addition, a robust design allows you to continue to meet your demands for flexibility, reliability, and continuity.

When to Use

• Space Matters: Network refurbishment couldn’t be easier with the EDS-2000-EL switches, which offer more connection options with a smaller footprint.
• Durability Matters: You can enjoy the install-and-forget durability of EDS-2000-EL switches that has been proven by a six-month accelerated life test.**
• Latency Matters: With microsecond-level latency, the EDS-2000-EL switches ensure your MES applications can respond faster.

Where to Use

Compact machine: Easy integration into machines

Control Panels: Suitable for compact electronic control panels

Harsh environments: -40 to 75°C operating temperature range available

EDS-2000-EL Series

Industrial Unmanaged Ethernet Switches:

• 5 or 8 Ethernet port options
• SC/ST fibre models are available for the EDS-2008 Series
• Supports 12/24/48 VDC input
• Microsecond-level latency
• High EMC resistance
• QoS and BSP*** DIP switch configuration

(Courtesy of MOXA)

Securely Connect to Devices with a Serial or Console Port

Connect older equipment without compromising security

When you connect older serial devices and equipment to an Ethernet network, it’s important to take steps to minimize potential cybersecurity risks. That’s why we design our NPort 5000A and 6000 device servers in full compliance with IEC 62443-2 security standards and offer additional tools and resources to protect against unauthorized users.

Protect Against Unauthorized Access

1. User Authentication and Authorization

A common security vulnerability in industrial systems is devices that are still using the default manufacturer’s login and password. Our firmware requires administrators to change this password during configuration.

2. Security Hardening Guide

Our step-by-step security hardening guide helps you configure the NPort to minimize exposure to cybersecurity threats. You’ll see exactly which services are unnecessary and can be disabled for your use case.

3. Communication Integrity

Configuration access is protected through the support of secure protocols TLS 1.2, HTTPS, and SNMPv3. Insecure protocols (e.g., HTTP) are disabled by default.

4. Network Access Control

Additional functions such as IP address allowlist help you further limit network access so unauthorized users cannot make changes to device settings.

Tools to Monitor and Take Action

1. Security Advisories and Patches

You can subscribe to our Security Advisory page to make sure you are notified of any new vulnerabilities that have been discovered. We will provide mitigation guidance as well as links to download security patches and updated firmware as needed.

2. Visibility for Network Administrators

Our MXview network management suite provides easy visibility of your network topology and supported network devices. You’ll be able to see your NPort’s security status and set up user-defined s notifications and alarms, so you can respond before an unauthorized user is able to wreak havoc.

3. Device Management

Our MXconfig utility and CLI configuration tools are great timesavers when you need to manage a lot of NPorts and other supported network devices. In a few steps, you can back up or restore settings on each device, or update each device’s firmware to take advantage of any security patches.

4. Important

While Moxa’s NPort helps you securely connect your serial device to your network, remember that protection against security threats can only be partially addressed by secure product design and features. You must also consider your network architecture, maintenance practices, and other factors.

Featured Products

NPort 5000A Series

Security Features:

• Password protection
• CRC code check
• Security hardening guide
• Optional disabling of unused services
• Telnet access is disabled by default
• HTTPS and SNMPv3 for configuration access
• Access Control List (ACL)
• MXconfig and CLI tool configuration
• Syslog (remote or local)
• MXview-supported device
• Security advisory subscription service
• Nessus vulnerability report by request

NPort 6000 Series

Security Features:

• Password protection
• RADIUS/TACAS+ authentication
• Customizable user privileges
• CRC code check
• Security hardening guide
• Optional disabling of unused services
• Telnet access is disabled by default
• HTTPS, SNMPv3, and SSH for configuration access
• Accessible IP list
• Access Control List (ACL)
• MXconfig and CLI tool configuration
• Syslog (remote or local)
• MXview-supported device
• Security advisory subscription service
• Nessus vulnerability report by request
• IEC 62443-4-2 self-assessment report by request

 (Courtesy of MOXA)

Moxa Solutions Can Safeguard the Perimeter of the OT Network

Cybersecurity incidents are on the rise, and industrial control systems are being targeted more than before. In recent incidents where IT systems were compromised, we have noticed that asset owners had no choice but to shut down all systems to avoid the further spread of damage. With OT and IT converging, it becomes essential to build a robust first line of network defense to secure industrial control systems and networked infrastructure.

Start with Moxa’s EDR Series of Products

Moxa’s EDR Series of firewall/NAT/VPN/switch/routers combine advanced security features with high-performance to safeguard your industrial applications. Key security features in all of the EDR Series of Security Routers include Network Segmentation (including access control, protocol filtering, and white/blacklisting), Secure Remote Access (Virtual Private Networking), and Network Address Translation.

Network Segmentation

Remote connections have become an essential part of industrial communications. However, despite the convenience of remote desktop protocols, connection security is often overlooked. It is important to build secure remote access channels to strengthen edge security while ensuring stable connection throughput. Virtual Private Networks, not only can be used to protect your data over the public Internet, but they can also be used to protect, control access, and isolate critical internal OT assets.

Traditional Use Case: Protect internal networks from external threats (normal Firewall mode).

Modern Use Case: Use the same firewall filtering, whitelist/blacklist, & access control internally to create logic segmentation (no changes to IP addresses).

Secure VPN

Consider IP addresses a gateway to your critical assets. Network Address Translation can be used to protect internal assets (segmentation), but it can also be used to reuse & simplify machine IP addresses, typically used in production cells & pods. By using NAT internally, to simplify internal production machinery IP addresses, the time to deploy new equipment and/or replace equipment can be greatly reduced.

Virtual Private Networks (VPNs)

Traditional Use Case - Create private networks over public infrastructure.

Modern Use Case – Authenticate and encrypt traffic on internal networks where access control to the network could be easily compromised.

Network Address Translation (NAT)

Industrial networks started out as predominately flat networks and were originally intended to ensure low-latency data communication and to maintain the availability of all systems. These same OT networks are now a key security concern, as they are vulnerable to many of today’s common malware attacks. It is important to perform proper network segmentation to minimize risk without compromising performance. By deploying firewalls like the Moxa EDRs as a “transparent firewall”, OT networks gain many of the traditional benefits of segmenting internal networks with additional firewalls, but without the need for adding the complexity of changing your IP network addressing scheme.

Traditional Use Case: Hide internal IP address from external view & conserve IP address space.

Modern Use Case: Internally create pod/cells of equipment with the same addresses for faster deployments/replacements.

(Courtesy of MOXA)