Today, it’s hard to get too much security—especially in industrial environments. Two new multi-port firewalls, the EAGLE20-0400 and 30-0402 were recently added to the Hirschmann EAGLE line. The primary advantage of these EAGLE products over other products is the increased number of ports. This means that in some scenarios a single device can be deployed, rather than multiple EAGLE20s, saving costs and space. Moreover, where there is a need for link speed greater than 100Mb/s, the EAGLE30-0402 provides with its Gigabit ports a better fit, thus delivering the highest level of network security. Read more
Engineers as well as IT staff in the process control and SCADA industries have varying levels of knowledge about industrial cyber security. We come across this regularly when talking to people at industry events or speaking with customers or partners. To help you, no matter where you are in the learning curve, we have recently released a five-part video series. Read more
DPI SCADA Security: Reviewing the Basics
In Part 1 of this series I explained DPI technology in detail. To review, the traditional IT firewall examines the TCP/IP and Ethernetheaders in the network messages it sees. It then makes decisions whether to allow or block a message based on this limited information.
DPI technology allows the firewall to dig deep into the SCADA protocols that sit on top of TCP/IP and Ethernet. The firewall then determines exactly what the SCADA protocol is being used for and makesbetter decisions on what should be allowed or blocked.
The example I gave in the last article was theseaway management company that used Tofino Modbus DPI firewalls to protect the PLCs runningits canal locks and bridges. By blocking all Modbus write messages(and programming messages), and allowing Modbus Data read messages, the company could improve the safety of the canal system for both the ships in the canals and the public usingthe draw bridges at the locks. Read more
I have talked repeatedly about something called Deep Packet Inspection (DPI) and why it is so important for SCADA / ICS security (for example, see Air Gaps won’t Stop Stuxnet’s Children). The trouble is, I have never described what DPI actually is. So in today’s blog I will back up and explain what DPI firewall technology is all about.
Some Firewall Basics
To understand DPI, it is first important to understand how the traditional IT firewall works. A firewall is simply a devicethatmonitors and controls traffic flowing in or between networks. It starts by capturing traffic passing through it and comparingthat traffic to a predefined set of rules(called Access Control Lists or ACLs). Any messages that do not match the ACLs are then discarded. Read more