Design And Implemention Of Industrial Network Security Isolation And Information Exchange System

With the development of "Internet +" and "Industry 4.0" concepts,more and more traditional industrial control networks use the Internet communication protocols,such as TCP and UDP.At the same time,industrial network security problems are also frequent,Trojan horses,viruses and other issues have caused heavy losses.This paper designs and implements the industrial network security isolation and information exchange system,which is of great value to improve the security of industrial control network.This paper completes the design and implementation of the industrial network security isolation and information exchange system,the system works in FreeBSD operating system,uses Netmap technology to send and receive data packet,provides data packet filtering function and does deep analysis and filtration processing for two kinds of industrial protocols.The system studied in this paper is divided into four modules functionally,which are:1)the interception module is responsible for capturing data packets and passing data packets pointer to other modules for processing.Finally,packets are discarded or released according to the judgment result of the data packet;2)the filtering module is responsible for matching with the parsed packet information according to the whitelist configuration information,mainly judging the data packets from the protocol type,the IP address and the port number;3)the deep parsing and filtering of the industrial protocol module does deep analysis for Modbus-TCP and OPC protocols,check the packet format integrity and content legitimacy and make filtering decisions;4)the protocol stripping and recovery module will strip the header of protocols of each layer,only the necessary recovery information will be retained and sent to the other end after being encapsulated with a custom structure,and finally de-capsulate and restore the packet information.At the end of this paper,the function of each module of the system is tested and verified,and the result proves that the research in this paper can be applied to industrial control network for security protection.