Performance impact of commercial industrial firewalls on networked control systems

Abstract: The connection of control and process networks to company infrastructures and the Internet, besides offering undeniable advantages, also imposes the adoption of adequate security countermeasures. Specialized firewalls, able to recognize and inspect traffic concerning peculiar communication protocols such as Modbus, which are commonly adopted in industrial applications, are beginning to spread on the market. However, several industrial control systems (ICSs) must satisfy critical performance and timing requirem… Show more

“…In particular, we are interested in measuring the time needed to perform the transformation from (f w 1 ,f w 2 ) to ( f w 1 , f w 2 ) in a realistic scenario and getting some estimations of its impact on the filtered traffic in terms of packet filtering delay. To this purpose a test-bed was setup in our Industrial Informatics Laboratory (I 2 Lab), also leveraging past experience with firewall modeling, characterization and performance evaluation [3], [28], [35].…”

“…For the same reasons, neither the introduction of new h/w FWs nor the dynamic instantiation of virtual FWs is feasible in these scenarios, as the system must often work 24/7 and cannot be stopped or reconfigured on the fly. Thus deployed FWs can become bottlenecks in heavy traffic load conditions [3], [28]. On the other hand, the technique proposed in this paper does not rely on the availability of special h/w.…”

A Formal Model and Technique to Redistribute the Packet Filtering Load in Multiple Firewall Networks

“…In particular, we are interested in measuring the time needed to perform the transformation from (f w 1 ,f w 2 ) to ( f w 1 , f w 2 ) in a realistic scenario and getting some estimations of its impact on the filtered traffic in terms of packet filtering delay. To this purpose a test-bed was setup in our Industrial Informatics Laboratory (I 2 Lab), also leveraging past experience with firewall modeling, characterization and performance evaluation [3], [28], [35].…”

“…For the same reasons, neither the introduction of new h/w FWs nor the dynamic instantiation of virtual FWs is feasible in these scenarios, as the system must often work 24/7 and cannot be stopped or reconfigured on the fly. Thus deployed FWs can become bottlenecks in heavy traffic load conditions [3], [28]. On the other hand, the technique proposed in this paper does not rely on the availability of special h/w.…”

A Formal Model and Technique to Redistribute the Packet Filtering Load in Multiple Firewall Networks

“…Moreover, we suppose that these malicious Modus/TCP packets cannot contain other function codes which are different with the four categories of function codes used in the simulation control system, and these packets only change the function control process. The major reason of such assumption is that the malicious packets containing other function codes can be easily filtered by the applied industrial firewall [11,32]. Besides, we generate 60 malicious function code sequences in each experiment.…”

Function-Aware Anomaly Detection Based on Wavelet Neural Network for Industrial Control Communication

“…Therefore, the security states in industrial control systems have attracted extensive attention, and both academia and industry start to research on the vulnerabilities and security mechanisms to protect industrial control systems. In these researches, communication control [5,6] and intrusion detection [7,8] are very effective security mechanisms, which have been successfully applied in various critical infrastructures, such as petrochemical plants and water distribution. Furthermore, one of common features is that they may adopt the white-listing rule setting to identify or prevent misbehaviors.…”

Clustering-Based Self-learning Approach for Security Rules in Industrial Communication Protocol