The hottest industrial firewall is checked layer b

  • Detail

Industrial firewalls guard the safety of industrial control networks layer by layer

industrial automation promotes the integration of industrial control networks into standardized Ethernet networks. Of course, it has achieved intelligent production and brought many conveniences such as real-time monitoring and remote management to factory managers. However, it also means that the industrial control network portal is open and the possibility of malicious attacks is increased. Therefore, it is inevitable to establish an industrial control network defense mechanism

the industrial control network adopts the communication protocol defined by the operator, and the network environment is closed. However, with the rise of the awareness of intelligent production, coupled with the popularity of Ethernet and the sharp decline of connecting costs, the closed industrial control network is gradually integrated into the open Ethernet network. However, once the industrial control network is opened, it may allow interested people to sneak in. In order to avoid the disturbance of the production line, the industrial firewall should be added to the industrial control network

in-depth management and strict management to ensure the safety of industrial control network

in balance, firewall is by no means a new technology, and its protection strength is becoming stronger. However, liuhongyi, director of product planning division of nexcom network communications division, pointed out that the application environment of industrial control network is very different from that of enterprise network. If you want to maintain the safety of industrial control network, you need to use industrial firewall for in-depth management and strict management

Liu Hongyi explained that the enterprise network architecture covers three levels: intranet, plant network and control network. The industrial firewall protects the industrial control network located in the inner layer. Its purpose is to control the normal operation of the factory. The data flow is small, but they are all control and monitoring parameters required for operation, and the data value is very high. Therefore, the industrial firewall needs to be able to support various fieldbus communication protocols such as PROFINET, disassemble the data packets layer by layer, deeply analyze the packet structure and content, and ensure that the surface of the sealing film should have the legitimacy of a suitable smooth package, that is, the so-called deep management

in contrast, for a fixture with a small experimental force, the commercial firewall does not support fieldbus communication protocol, and packet detection focuses on packets such as mail, page and file transmission, which is not suitable for industrial control networks

take the automobile assembly line as an example, each robot arm produced is a network node, which operates according to the control parameters. If the packet contains suspicious action control parameters, requiring the manipulator to perform actions other than the standard operating procedures, the industrial firewall can block the continuous transmission of the data packet after receiving the data packet and conducting in-depth packet analysis, so as to help the manufacturer take precautions, avoid the production line from being tampered with due to action control parameters and producing a large number of defective products, thus causing huge financial losses to the car factory

the strict management of industrial control network security is because the production equipment has limited purposes and only executes specific applications. Therefore, the industrial firewall uses the white list setting to block all applications that are not in the list. On the contrary, the commercial firewall is the unified export of enterprise networks. The Royal DSM group of the Netherlands is based on technology. The procedures are diverse, and the blacklist mechanism is implemented to block only the applications listed on the list. The release standard is relatively wide, so the industrial firewall can more effectively protect industrial control networks

in addition, virtual private network (VPN) encrypted channel is an important function that industrial firewall needs to support. As the industrial control network is connected to the Ethernet network, the information transmission will go through the open network environment. In order to ensure the integrity and correctness of the field data retrieved from the remote, a private channel is set up on the public network and encrypted before data transmission. Even if the data is eavesdropped, it is difficult to be maliciously cracked and tampered

withstand severe tests and firmly ensure productivity

industrial automation has multiple applications. There are many desert oil fields scorched by high temperatures, steel plants bursting from Mars, and wind power plants mixed with sea breeze and salt fog. Industrial firewalls need to implement strong design to maintain constant operation in high temperature, high humidity, and high salt environments. Moreover, the production equipment attaches great importance to efficiency and vigorously implements the high-end strategy, which can be stable. There are strict requirements for downtime. In special and critical processes, even machine downtime is not allowed. The industrial firewall naturally also needs to have high availability, with a backup mechanism. In case of accidental failure of the industrial firewall, it can switch quickly in a very short time to protect the safety of the industrial control network

the smart factory adopts standardized Ethernet to realize real-time monitoring and remote management, which is of great value to improve the efficiency of production and management, and can not be damaged by any malicious attack. After major events such as the horror of Iran's nuclear power plant in 2010, users have been alert to the safety of industrial equipment. In the process of safeguarding the productivity value of equipment, the industrial firewall, which is most expected to play a key role, naturally has a bright future

Copyright © 2011 JIN SHI