What is Port Security?
Port Security is a security feature on managed Switches that defines which devices may connect via a specific port, based on their MAC address. It prevents unauthorised or unwanted devices from gaining access to the network.
In OT networks, port Security is a crucial tool for restricting network access to known, trusted devices, such as PLCs, HMIs or Drives.
π§ How does port security work?
- A switch port is configured to allow connections only from specific MAC addresses
- When an unknown device is connected to that port, the switch can:
- MAC addresses can be:
- Entered manually (static)
- Learned automatically (dynamic) and limited in number
- Stored temporarily (sticky MAC)
Port security prevents physical attacks such as βhot-swappingβ an HMI for a laptop.
π Use of port security in OT networks
- Protecting fixed devices such as PLCs and IO modules from replacement or tampering
- Detecting unauthorised laptops or access points
- Restricting network access in production environments with a fixed topology
- Used together with VLAN and ACL for layered network security
- Monitoring violations via SIEM or SCADA integration
Port security is particularly valuable in zones 0-2 of the Purdue Model, where reliability and integrity are essential.
π Port security vs. 802.1X
| Aspect | Port security | 802.1X |
|---|---|---|
| Authentication | Based on the MAC address | Based on a user account (via RADIUS) |
| Complexity | Simple, quick to implement | More complex, requires a RADIUS infrastructure |
| Security | MAC addresses can be spoofed | Stronger security with certificates or passwords |
| Use in OT | Widely used, including in older equipment | Less common, mainly in modern IT/OT integrations |
π Security considerations
- Combine port security with ACL, VLAN and Firewall for layered protection
- Use sticky MAC for convenience and consistency, but export the lists for auditing
- Monitor violations via Syslog, SNMPv3 or SIEM
- Be careful during maintenance: replacing devices can lead to a lock-out
- Consider temporary exemptions via RBAC or a Remote Access policy
Port security is a low-effort yet effective measure against physical access to the network.
π In summary
Port Security restricts access to switch ports based on MAC addresses, and is essential for stable, secure industrial networks. It prevents unwanted connections and provides a robust first line of defence in your OT infrastructure.