Remote access to systems

To avoid security risks, a VPN connection must have robust features such as multi-factor authentication, encryption, firewall, centralized management of user access 

In addition, there is the area of application of the VPN connection. Access to (decentralized) systems or central infrastructure areas must be carefully approved so that the door is not left open unintentionally.

OT security

From an OT security perspective, a VPN should be able to handle different protocols such as OPC UA, Modbus and DNP3 to enable seamless communication between different devices and systems.

IT security

From an IT security perspective, a VPN should have centralized management and monitoring capabilities to ensure that all network traffic is secure.

Multiple plants and locations

When it comes to a VPN for multiple users, facilities and locations, proper network segmentation is key to preventing cyberattacks from spreading to the entire network.

Detection of VPN access anomalies

This is also essential. By detecting anomalies in users, access times, duration, data volume and activities, it is possible to determine at an early stage whether there is a potential risk that requires action.

Multi-factor authentication

First and foremost, a secure VPN should have user authentication and authorization to ensure that only authorized personnel can access the network. However, this is not enough with a user name and password, further authentication is absolutely essential; it is common to use an authenticator app to enter a 2nd code.

Role-based access management

Access authorizations for functions must be subdivided and differentiated according to roles. With this basic requirement, both centralized user management with corresponding roles and privileged access to facilities and systems can be implemented cleanly via PAM.

Centralized administration of users

Ideally, user administration for access via VPN is carried out by the company's central user administration system (e.g. Azure AD). With synchronization (e.g. Azure Sync), the users of the software that performs access management via VPN are automatically synchronized and updated.

Industrial firewall

In addition, a VPN should have an industrial firewall to block unauthorized access and protect against cyber threats.

Access definition at the level of destination IP address, port and protocol is absolutely essential for managing multiple users, assets and locations.

Access to the system must be simple, intuitive and fast

Despite all the security precautions, remote access via a VPN connection should be as intuitive, simple and fast as possible for employees and external service providers. As many end devices as possible with operating systems that are used by users for remote access should be supported.