Method for automatically establishing Ethernet communication safety rules

Abstract

The invention relates to a method for automatically establishing an Ethernet communication safety rule. The steps are as follows: 1, a safety device is connected to a network; 2, the safety device acquires a data packet in the Ethernet passively; 3, the safety device sends the acquired data packet to a protocol analysis module; 4, the protocol analysis module analyzes the content of the data packet, acquires information of the type of a communication protocol, and determines whether the communication protocol is an industrial communication protocol or not; 5, if the communication protocol is the industrial communication protocol, key information in the data packet is analyzed and extracted; 6, the extracted information is sent to a rule auxiliary generation guide module; and 7, the rule auxiliary generation guide module receives the information and forms the safety rule after judging the information is complete. The method provided by the invention form the safety rule according to data information in actual communication, enables setting of the safety rule to be targeted, not missing and convenient for labor saving, and ensures the real-time performance of transmission and the integrity of data in an industrial network.

Description

technical field [0001] The invention relates to the field of communication security, in particular to a method for automatically establishing Ethernet communication security rules. Background technique [0002] When firewalls currently on the market are deployed on a network, it is first necessary to configure rules for the firewall. The firewall rule configuration process is very troublesome. Before configuration, you must first collect a large amount of network information, such as which devices are in the network, which devices’ communication packets are allowed to pass, and which devices are denied to pass, etc.; after collecting and sorting out information, you need to add it to It is in the list of firewall rules, but it is easy to make mistakes when adding rules. Once the rule configuration is wrong, some legal communication packets may be blocked, affecting normal communication. In industrial networks, its impact is even greater, because in industrial networks, need ...

AI Technical Summary

Problems solved by technology

The firewall rule configuration process is very troublesome. Before configuration, you must first collect a large amount of network information, such as which devices are in the network, which devices’ communication packets are allowed to pass, and which devices are denied to pass, etc.; after collecting and sorting out information, you need to add it to It is in the list of firewall rules, but it is easy to make mistakes when adding rules. Once the rule configuration is wrong, some legal communication packets may be blocked, affecting normal communication. In industrial networks, its impact is even greater, because in industrial networks, need Ensure real-time transmission and data integrity

Images