Modbus hardening

Modbus hardening refers to the process of enhancing the security and reliability of Modbus communications between devices over a network by implementing various protective measures. This includes configuring the Modbus systems to minimize vulnerabilities, applying access controls, using encryption, segmenting networks, upgrading firmware on the devices, as well as monitoring and logging. Modbus hardening is about making the serial communication between devices over a network more secure against cyber threats.

Hardening can involve implementing various security measures, such as:

• Access control

  Update the Services > Modbus Gateway > Gateway servers > Access control list settings to only allow access to the Modbus service on the specific network interfaces, firewall zones, and source IP addresses that you expect the Modbus queries to come from. See Configure the Modbus gateway for more information.

• Encryption

  Further lock down access to the Modbus gateway service on the EX50 by configuring it to establish a VPN tunnel, then update the access control list as mentioned above to only allow access to the Modbus service through the VPN connection.

• Network segmentation

  Use a separate firewall zone for the network interface(s) and/or VPN tunnels that the user will be accessing the Modbus gateway service through to ensure that the Modbus access is separate from other network traffic

• Monitoring and logging

  Utilize Digi Remote Manager or an external logging service to monitor the activity on your Digi router

• Firmware upgrades

  Keep your firmware current so your EX50 has the most recent security patches and bug fixes.

Note To see how you can implement security measures for you Modbus gateway service, see Use case | Secure your Modbus gateway service.