Encrypted communication and authorized access
/MBS implements the BACnet network security architecture in a router for the first time
Krefeld, March 14, 2016 - MBS GmbH is presenting the innovative BACnet router UBR-02 at the Light + Building trade fair in Frankfurt. The network security mechanisms of the BACnet protocol have been integrated into the latest new development from the Krefeld-based specialist for industrial and building automation. "This is our response to the increasing desire of users to use their company-wide IT structures for BACnet communication," explains Nils-Gunnar Fritz, CEO of MBS GmbH.
Protect building automation infrastructure
For cost reasons, more and more building operators want to fall back on their company networks for comprehensive BACnet data exchange. This is not without risks, as it also opens up access to the building automation infrastructure for unauthorized persons. Until now, however, encryption and user-related authentication were not provided for in the BACnet protocol. After the standard for data exchange between devices from different manufacturers was recently expanded to include corresponding security mechanisms, MBS responded by adding security functions to the tried-and-tested BACnet router UBR-01 based on the protocol specifications.
Avoid manipulation with tunneling
Like the UBR-01 model, which is still available, the new UBR-02 model routes packets between the media MS/TP (RS485), Ethernet and IP, which can be interconnected to form a common BACnet network. With two network connections, the UBR-02 can now connect two separate IP areas for the first time. The new router also has two RS485 interfaces and can therefore also be connected to two BACnet MS/TP bus systems simultaneously. Using the security architecture, the new router is thus able to tunnel the comprehensive data exchange. If several UBR-02s are connected to each other, communication between network segments can be encrypted and data access can be authorized.
In contrast to existing approaches to securing communication via VPN (Virtual Private Network) or VLAN (Virtual Local Area Network), BACnet users can use the UBR-02 without support from the IT department.
"With the UBR-02, BACnet users have the opportunity for the first time to implement high security requirements for comprehensive data communication with little effort," emphasizes Fritz. "Not only does the local BACnet traffic continue to take place with the existing devices. At the same time, comprehensive data exchange can be handled cost-effectively via the company-wide network."