Design And Implementation Of Firewall In Industrial Control Network Based On Linux

With the rapid development of global industrial information technology,various information systems under construction have become the key infrastructure in all countries,and are widely used in petrochemical,tobacco,fire,power,medicine and automobile and other industries closely related to our lives.So whether the control system in these industrial facilities can operate safely and stably is not only related to our daily life,but also to the industrial development of the country.How to ensure the safe and stable operation of industrial control system network has become an important issue for the development of industrial industry.As a kind of mandatory access control mechanism between networks or systems,firewall is an important technology in the field of network security,and is widely used in the current industrial field.Because of the openness of Linux source code and the experts who write Linux kernel source code,Linux has become a good platform for firewall research.In this context,it is of great significance and practical value to design a firewall which meets the needs of modern industry.The industrial firewall system software is divided into three parts: system configuration,protocol processing and log management.The system configuration includes system parameter management,user management,protocol rule management and data backup and restore.It monitors the change of operation mode and current protocol rule.When the operation mode is changed or the protocol rule is updated,it feeds back the message to the system in time,so as to manage the system more efficiently;Protocol processing realizes the data filtering of industrial protocol Modbus TCP,MODBUS UDP and IEC104 communication.Based on the in-depth interpretation of Modbus Ethernet and IEC104 protocol,this paper realizes the function of industrial firewall system through white list strategy and deep packet filtering technology;Log management records the relevant information of the system operation.This paper divides it into three kinds of information:operation log information,alarm information and event information.It determines whether to write the log file by judging the storage buffer.The design of unified security management platform uses Java Web technology and Java language as the development language to realize the management system of B / S architecture.It has the characteristics of simple maintenance,high efficiency and small size.It is suitable for embedded platform.Finally,the Java Web project is deployed to Tomcat server for users to access.The design of the whole scheme is carried out around the goal of management and control integration,real-time performance and high efficiency.The results of communication experiments show that the system has favorable interoperable and reliability.The embedded Linux platform of industrial firewall designed in this paper is built on the basis of Red Hat,which has good portability and is applicable to other network products.