Abstract
The use of firewalls is a common approach usually meant to secure Automation Technology (AT) from Information Technology (TI) networks. This work proposes a filtering system for TCP/IP-based automation networks in which only certain kind of industrial traffic is permitted. All network traffic which does not conform with a proper industrial protocol pattern or with specific rules for its actions is supposed to be abnormal and must be blocked. As a case study, we developed a seventh layer firewall application with the ability of blocking spurious traffic, using an IP packet queueing engine and a regular expression library.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Byres, E., Hoffmann, D.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. Technical report (2003)
Creery, A., Byres, E.: Industrial Cybersecurity For Power System And Scada Networks. In: 52nd Industry Applications Society Conference on Petroleum and Chemical Industry, pp. 303–309 (2005)
Pires, P., Oliveira, L.: Security Aspects of SCADA and Corporate Network Interconnection: An Overview. In: Proceedings of International Conference on Dependability of Computer Systems, DepCoS-RELCOMEX, Szklarska Poreba, Poland, pp. 127–132 (2006)
Krutz, R.L.: Securing SCADA Systems. Willey, Indianapolis (2006)
Treytl, A., Sauter, T., Schwaiger, C.: Security Measures for Industrial Fieldbus Systems - State of the Art and Solutions for IP-based Approaches. In: Proceedings of IEEE International Workshop on Factory Communication Systems, September 2004, pp. 201–209 (2004)
Dzung, D., Naedele, M., Hoff, T.P.V., Crevatin, M.: Security for Industrial Communication Systems. Proceedings of IEEE 93, 1152–1177 (2005)
Byres, E., Karsch, J., Carter, J.: NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks (February 2005)
P. C. Group, NISCC: Good Practice Guide: Process Control and SCADA Security (October 2005)
Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. NIST Special Publication (800-82) (September 2006)
Paukatong, T.: SCADA Security: A New Concerning Issue of an In-house EGAT-SCADA. In: 2005 IEEE/PES Transmission and Distribution Conference and Exhibition: Asia and Pacific, pp. 1–5 (2005)
Pollet, J.: Developing a Solid SCADA Security Strategy. In: Sensors for Industry Conference (Sicon/02), pp. 19–21 (2002)
l7 filter: Application Layer Packet Classifier for Linux (2009), http://l7-filter.sourceforge.net
Netfilter.org: Linux Netfilter (2009), http://www.netfilter.org
Franz, M., Pothamsetty, V.: Transparent Modbus/TCP Filtering with Linux (2004), http://modbusfw.sourceforge.net/
Modbus-IDA: Modbus Application Protocol Specification. Modbus-IDA (December 2006)
Bies, L.: Modbus Interface Tutorial. Technical report (2009)
Acromag: Introduction To Modbus TCP/IP. Acromag Incorporated (2005)
Modbus-IDA: Modbus Messaging on TCP/IP Implementation Guide. Modbus-IDA (October 2006)
Kobayashi, T.H., Batista, A.B., Brito, A.M., Motta Pires, P.S.: Using a Packet Manipulation Tool for Security Analysis of Industrial Network Protocols. In: IEEE Conference on Emerging Technologies and Factory Automation, pp. 744–747. ETFA (September 2007)
Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: Scada Malware, a proof of Concept. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 247–257. Springer, Heidelberg (2009)
Netfilter: Linux Netfilter Hacking HOWTO (2009), http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-4.html
Libipq: Libipq - Iptables userspace packet queuing library (2009), http://linux.die.net/man/3/libipq
Benvenuti, C.: Understanding Linux Network Internals. O’Reilly, Sebastopol (2005)
PCRE: Pcre - perl compatible regular expressions (2009), http://www.pcre.org
Perl: perlre - perl regular expressions (2009), http://perldoc.perl.org/perlre.html
Jamod: jamod (2009), http://jamod.sourceforge.net
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Batista, A.B., Kobayashi, T.H., Medeiros, J.P.S., Brito, A.M., Motta Pires, P.S. (2010). Application Filters for TCP/IP Industrial Automation Protocols. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-14379-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14378-6
Online ISBN: 978-3-642-14379-3
eBook Packages: Computer ScienceComputer Science (R0)