Industrial control firewall implementing method for supporting filtering IEC 104 protocol

An IEC104, implementation method technology, applied in electrical components, transmission systems, etc., can solve the problems of packet filtering firewalls without industrial control protocols, affecting the promotion and application of proxy firewalls, and consuming CPU resources, so as to ensure legality, enhance security, The effect of improving filtration efficiency

Active Publication Date: 2015-04-22
TRANSCEND COMM BEIJING +1
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the traditional packet filtering firewall works at the network layer and the transport layer, and determines whether to allow the data packet to pass through according to factors such as the IP source address, IP destination address, TCP source port number, TCP link status or their combination of the data packet. , this method is not applicable to the IEC104 protocol; and the packet filtering firewall does not target the commonly used industrial control protocols
In addition, the proxy firewall works at the application layer and completely controls the session. For a specific application layer protocol, by establishing a special proxy service program for each application service, although it can monitor and control the communication flow of the application layer, its speed It is slow and consumes too much CPU resources, which affects the promotion and application of proxy firewalls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control firewall implementing method for supporting filtering IEC 104 protocol
  • Industrial control firewall implementing method for supporting filtering IEC 104 protocol
  • Industrial control firewall implementing method for supporting filtering IEC 104 protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention is illustrated below in conjunction with accompanying drawing.

[0028] like Figure 1-3 As shown, the present invention provides a kind of industrial control firewall implementation method that supports filtering IEC104 agreement, it is mainly by arranging an IEC104 module in the kernel of firewall, realizes the filtering of industrial control agreement IEC104 agreement, because IEC104 module directly works in kernel, to Data filtering such as function code, device number, offset address, and register value of IEC104 protocol messages improves the filtering efficiency and realizes the content filtering function that can only be realized through proxy mode, avoiding the consumption of CPU resources by proxy mode .

[0029] The IEC104 module of the present invention is a section of code edited with a programming language inside the industrial control firewall. Firewall users can set filtering rules for the IEC104 protocol through the management int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control firewall implementing method for supporting the filtering IEC 104 protocol. According to the method, an IEC104 module is arranged in a firewall kernel to conduct filtering processing on a data package, filtering and validity check of the industrial control IEC 104 are achieved, validity, effectiveness and integrity of an industrial order are guaranteed, and filtering efficiency is improved; besides, the content filtering function originally achieved only by an agent mode is achieved; resource consumption of a CPU by the agent mode is avoided; furthermore, firewall administrators are divided according to different permission, two identity identification modes are adopted when the administrators have access to a system, and system security is enhanced.

Description

technical field [0001] The invention relates to the field of industrial control firewalls, in particular to a method for realizing a high-performance industrial control firewall supporting filtering of the IEC104 protocol. Background technique [0002] With the increasing demand for information security in the field of industrial control, firewalls are becoming increasingly important; in view of the particularity of the field of industrial control, filtering some commonly used industrial control protocols, such as IEC104 protocol, is an essential function of industrial control firewalls. [0003] Due to the large communication capacity of Ethernet and the good openness of TCP / IP protocol, Ethernet has been unanimously considered as the future development direction of intra-station LAN of substation automation system. The IEC104 protocol is a standard for transmitting the application service data unit (ASDU) of IEC101 with the network protocol TCP / IP. This standard provides t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227
Inventor 汪义舟杨国文原江平
Owner TRANSCEND COMM BEIJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap