When designing an EtherNet/IP network, if it is integrated, security is a consideration. Two main avenues exist to secure the network. A firewall is the most secure option. Firewalls can monitor all communications to and from a Wide-Area Network like the internet. Unauthorized users can be stopped. Switches and routers, though, can aid in security.
Routers have the ability to limit activities by outside entities. For instance, a router may deny outside entities the ability to connect with certain machines and servers while allowing them to connect to the mail server. In this way, unauthorized users will be limited to damaging the e-mail system and not be allowed to bring down a whole production process.
Switches can be programmed in such a way that unused ports are turned off. This denies unauthorized users the ability to plug into unused ports and be on the network.