| The industrial control network security is very important in daily work life.And with the development of the Internet, the Ethernet is widely used in the industrial network, so it's easy to be attacked by viruses and hackers. Many widely used industrial control protocols in the process are not verified, or firewall friendly. So researching on the industrial control protocol firewall technology to improve the security level of the network is of great value.Regarding to the issues discussed above, the essay designed a model of the industrial firewall based on the PacketFilter and Pfil in FreeBSD, and implement the Modbus and OPC modules. It mainly focused on the following function modules: 1) The capture module is used to capture the data packet and determines its life cycle. 2) The filter module is used to filter the packets according to specific rules, focusing mainly on the basic packet filter function. 3) The protocol processing module is used to analyze different industrial control protocols. It filters the packets based on a whitelist. 4) The configuring module is used to configure the firewall. 5) The log module is used to log all the filtering and configuring actions.It is proved that the firewall system is qualified to all the functions as designed. It improves the security level of the industrial network by analyzing the industrial control protocols and filtering all the packets by specific whitelist rules.It overcomes the weakness of the industrial protocols using nowadays such as non-verified and firewall unfriendly, and has potential practicality. |
PDF Full Text Request