ICS Firewall Deployment


radiflow-security

We take it as a given that it’s essential to deploy firewalls inside ICS networks. However, it is less clear why and which properties should such firewalls have: should they be stateful? DPI? Signature-based? In this post I will try to shed some light on the topic.

Consider a typical ICS network, with a main control center that communicates with multiple remote sites. Each remote site contains several field devices, such as PLCs and IEDs. For the sake of simplicity, let’s say that the remote sites communicate only with the control center, using a trusted private VPN between the gateways.

It’s safe to say that without appropriate protection, the ICS network described would be open to numerous cyber-attacks. We can divide these attacks into several types, according to their source and destination:

  1. Field-to-Field attacks: Attacks from one compromised remote site or field device to another remote site.
  2. Center-to-Field attacks –…

View original post 500 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s