Design Of Industrial/Medical Safety Gateway Based On Linux Multi Protocol

With the rapid development of information and networking technology as well as a lot of common smart field instruments and an open TCP/IP technology used in industrial control network, industrial systems has been at serious security risk.According to diversification of industrial communication protocols which controls communications and industrial equipment, safety matters of industrial information become complex and difficult to solve. In order to protect the safety of industrial communication and instruction misuse, this paper proposed and implemented multi-protocol industrial safety gateway,which adopts Linux operating system. Based on running stability and greater customization Linux operating system, it uses Netfilter/Iptables mechanism, in whose subsystem mount point five callback function is registered and in the application layer analysis DNP3 protocol, GDW376.1 protocol, Modbus protocol 8 kinds of commonly industrial communication protocols are used to filter and process the gateway packet, which realizes that for each protected industrial equipment an configuration specific filtering policy is adopted to protect its safety communications and each IP filtering policy includes access control, control of communication protocol filtering access to port control,which results in proactive filtering data that doesn’t meet safe strategy. Meanwhile, by using of LAMP to build a B/S structure of the UI to configure the server as well as setting up three different permission administrators, each administrator will be able to familiarize themselves with the operating system and set configuration of all parameters of the security gateway through a browser, which can set specific security policies for each industry equipment, and view all operations as well as decentralized management of industrial equipment operating dynamic audit logs. All the policies and parameters of Upper Configuration UI module configuration, can ultimately provide specific communication protection for every industrial equipment protected through the gateway layer filtering module, database and audit modules.Finally, the whole system is tested, which proved that this design enabled inspections of eight kinds of industrial communication protocols, filtering, blocking and switching and only the data that meets all the established security policies can pass, which is in order to achieve specific security of the protected industrial equipment policies with the corresponding industrial protocol security, and generate audit logs.