Securing Insecure Legacy Devices

An Endpoint Termination Device may be used to secure an otherwise insecure legacy device.  An Endpoint Termination Device is a less-featured Trust Controller device (see the section “Towards a Secure Solution of OT Isolation” on this page). For example, an Endpoint Termination Device will differ by having less significant data collection capabilities, fewer ports, etc.

Critically, an Endpoint Termination Device supports the following: (as described in detail here)

  • The Inviter-Invitee Protocol
  • Secure Communication lines (supporting: rules; long-lived authentication)
  • PKI-enforced whitelisting (devices only talk to previously authenticated devices and no others)
  • “Trust Before First Use” (supporting instant authentication for TLS sessions)
  • IoT device groups and subgroups
  • Most of the features of a Trust Controller Device

The most valuable feature of an Endpoint Termination Device is that it can greatly enhance the security of an existing, insecure legacy (or otherwise insecure) device at a modest cost.

An Endpoint Termination Device may be used to provide authenticated and secure access to a legacy or otherwise insecure device.  Such an insecure device could be susceptible to a variety of security attacks, for example, man-in-the-middle, spoofing and others.  By connecting an Endpoint Termination Device directly to the insecure device in such a manner that the insecure device’s only connection to other devices (or other endpoints external to it) is through the Endpoint Termination Device, then the insecure device will benefit from the security provided by the Endpoint Termination Device.


An Endpoint Termination Device helps protect an insecure device against different attack vectors. For example: a bad actor accessing a remote network connection and then attempting to get into an enterprise or IT network; or a bad actor’s spoofing or compromising a PLC to get on an enterprise network.  Such attacks may be mitigated by the Endpoint Termination Device’s ability to limit network access from a compromised insecure device to only the device’s known, constrained PCL communication protocols.