IPsec

IPsec
IPsec (IP for “Internet Protocol” and sec for “secure”) is a group of protocols to ensure the integrity, confidentiality and authentication of data communications over an IP network.
IPsec is commonly used as a base for VPNs (Virtual Private Networks), encrypting IP packets and authenticating the source they come from.
- IPsec includes protocols to establish a mutual authentication between agents at the beginning of a session and negotiate the cryptographic keys to use during the session.
- It can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
- IPsec uses cryptographic security services to provide network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.
- As a part of the IPv4 enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end security scheme. Unlike internet security technology used above layer 3, as for example Transport Layer Security (TLS) and Secure Shell (SSH), IPsec can automatically secure applications at the IP layer.
- The flexibility of the IPsec is one of the reasons behind its popularity in commercial applications but comes with more problems due to its complexity. Maintenance is important to prevent critical system failures
- IPsec may be used in three different security domains: virtual private networks, application-level security and routing security. However, VPNs are the most common application of IPsec.
- When used in application-level security or routing security, IPsec must be coupled with other security measures to be effective, which complicates its deployment in these domains.

Ask us!
Cyber Security
IEC 62351 is a standard developed to handle the security of TC 57 series of protocols including IEC 60870–5 series, IEC 60870–6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series.
The different security objectives include the authentication of data transfer through digital signatures, prevention of eavesdropping and playback as well as spoofing, and intrusion detection.
IPsec (IP for “Internet Protocol” and sec for “secure”) is a group of protocols to ensure the integrity, confidentiality and authentication of data communications over an IP network.
IPsec is commonly used as a base for VPNs (Virtual Private Networks), encrypting the IP packets and authenticating the source where the packets come from.
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco to handle authentication, authorization, and accounting (AAA) services and was released as an open standard beginning in 1993.
It is an extension of its predecessor TACACS, encrypting the full content of each packet and provides granular control (command by command authorization) whilst operating over TCP.
OpenVPN is a virtual private network (VPN) protocol and software for both client and server applications.
It implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities enabling peer authentication using pre-shared secret keys, certificates or usernames/passwords.
Public key infrastructure (PKI) refers to a range of technologies for authenticating users and devices in order to secure the digital transfer of information for a range of network activities such as e‑commerce, internet banking and confidential email.
It includes a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
Expert Cyber Security
iGrid T&D enforces several layers of security measures guided by the propositions of the IEC 62351 standard to protect its devices from all kinds of threats.
Our hardened devices feature Role Based Access Control (RBAC) to avoid intrinsic risks such as security holes and unauthorized actions by authenticated users.
In addition to end-to-end encryptions via TSL/SSL, HTTPS, SSH and standard procedures for VPNs (e.g. OpenVPN), its communication can also be secured with network control methods such as firewalls, IP filters, ACL or TCP port blocks.

iGW‑S Substation Gateway

iRTU – With I/Os for Direct Data Acquisition
Compact and scalable bay controller which can act as IEC 61850 client or server, featuring configurable I/O boards for direct data acquisition, high-precision timestamping and an optional Ethernet switch for additional Ethernet ports.

iControl SCADA
High-performance SCADA for the visualization and control of substation data. It is able to run either in client/server or standalone modes, providing advanced functionalities such as hot-standby redundancy, automatic line coloring, events notification (via e‑mail and sms), SQL logging, and reports generation.
iGrid Solutions and Applications

Automation with IEC 61850
The IEC 61850 standard is enabling new oportunities for vendor interoperability and advanced substation automation. Find out how you can take advantage of IEC 61850 with easy-to-use and adaptable solutions for a simple migration or retrofit.

HV Substation Automation
Powerful substation automation systems often handle numerous communication protocols and media within one network, which can result in expensive and complex projects. Avoid these problems with interoperable technology and smart configuration tools.

MV Distribution Grid Automation
It is often difficult to find the exact solution you need in a MV application, leading to higher costs than necessary. With our scalable and adaptable solutions you will be able to only pay for what you really need, without comprimising on quality or security.

Photovoltaic Power Station
Using an open and scalable SCADA system to monitor and control a PV plant comes with many benefits on several levels. Find out how advanced communication technology affects PV operation, maintenance, system design, investment security, profits…