Binary Armor sits in-line between the device to be protected and the open network. The High (protected) network is a dedicated line to a single physical device, often a Programmable Logic Controller (PLC) or Remote Terminal Unit (RTU). If the Binary Armor is being used to protect more than one device, the connection would be to a dedicated switch. The Low (assumed unprotected) network can be a Local Area Network (LAN) or Wide Area Network (WAN) such as the internet. Since the protected devices are not connected directly to the Low network, all operators on that network interact with only the Binary Armor. In this manner, Binary Armor acts as a bridge, inspecting every byte passing between two otherwise air-gapped networks. All messages sent to the RTU must pass through and be approved by the Binary Armor, ensuring the protection of the high network.
This lab demonstrates the following Binary Armor features:
- HTTPS Wrapping: Securely encrypting an HTTP server with NSA specification TLS 1.2 to prevent man-in-the-middle, replay attacks, and data/password theft.
- Override Only: A built in state that requires Two-Factor Authentication for securing high-risk assets.
- Process Enforcement: State-based rules for safe commands require operators to follow only safe operation procedures for the device.
- Customizable Logging: Creation of custom logs and alarms for valid actions, detected attacks, and traffic auditing.