Industrial communication isolation gap with double-channel ferrying function

Abstract

The invention discloses an industrial communication isolation gap with a double-channel ferrying function. The industrial communication isolation gap comprises a safety end processing unit, a non-safety-end processing unit and a ferrying unit. The circuit of the safety end processing unit, that of the non-safety-end processing unit and that of the ferrying unit are all independent of one another and three units are communicated by USBs (Universal Serial Bus); the ferrying unit adopts a double-channel ferrying form; double channels are two independent one-way channels; one channel is a request channel, takes charge of carrying out one-way requesting from a non-safety end to a safety end and is used for configuration requesting and label requesting; the other channel is a data channel, takes charge of carrying out one-way transmission from the safety end to the non-safety end and is used for process data transmission and state data transmission. The isolation gap is used for an industrial control network and an upper layer information network to realize one-way transmission of process data under the condition of physical isolation, can perform functions of no maintenance of a tag and remote configuration, maintenance and management and brings great convenience to normal data acquisition and daily maintenance.

Description

Technical field: [0001] The invention relates to the technical field of computer network of an automatic information system, in particular to an industrial communication isolation network gate with dual-channel ferry. Background technique: [0002] Data acquisition and monitoring (SCADA), distributed control system (DCS), process control system (PCS), programmable logic controller (PLC) and other industrial control systems are widely used in the fields of industry, energy, transportation, water conservancy and municipal administration. Used to control the operation of production equipment. Once there is a loophole in the information security of the industrial control system, it will cause major hidden dangers to industrial production and operation and national economic security. With the development of computer and network technology, especially the deep integration of informatization and industrialization, industrial control system products are increasingly using general p...

AI Technical Summary

Problems solved by technology

[0005] (1) Since the firewall itself is implemented based on the TCP / IP protocol system, it cannot solve the loopholes in the TCP / IP protocol system

[0006] (2) The firewall is just a policy enforcement agency, it does not distinguish between right and wrong policies, let alone determine whether a legal policy is really the original intention of the administrator

From this point of view, once the firewall is controlled by an attacker, the entire network protected by it will be insecure.

[0007] (3) The firewall cannot distinguish which is normal and which is abnormal from the traffic, so it is vulnerable to traffic attacks

The higher the security requirements of the firewall, the more items that need to be inspected for data packets (that is, the functions of the firewall), and the more detailed the CPU and memory consumption will be, resulting in a decrease in the performance of the firewall and a slowdown in processing speed

[0009] (5) The firewall allows a certain service, but cannot guarantee the security of the service, it needs to be solved by application security

[0011] (1) OPC, the most widely used industrial communication protocol, is based on the DCOM mechanism, uses dynamic ports, and cannot penetrate firewalls

[0012] (2) The firewall cannot prevent the transmission of virus-infected programs and files

That is, the firewall can only control the network below the fourth layer, and has no way to deal with viruses and worms in the application layer.

[0013] (3) The firewall cannot prevent completely new threats, let alone prevent accessible man-made or natural damage

[0014] (4) The firewall cannot prevent threats caused by its own security vulnerabilities

[0015] (5) The firewall is not completely transparent to users, it is difficult for non-professional users to manage and configure, and it is easy to cause security holes

[0016] (6) It is difficult for the firewall to provide users with a consistent security policy inside and outside the firewall, and it cannot prevent attacks using flaws in standard network protocols, nor can it prevent attacks using server system vulnerabilities

[0017] (7) Since the firewall is set on the communication channel between the internal network and the external network, and implements the specified security policy, the firewall provides security protection, but also becomes the bottleneck of network communication, increasing the network transmission delay. If If there is a problem with the firewall, the internal network will be seriously threatened

These gatekeeper products do not support industrial communication protocols, such as OPC, Modbus, DNP3 and other protocols, so they cannot be applied to industrial network security

[0022] At present, there are also some industrial communication gateways on the market, which are used for one-way isolation. Their configuration and label maintenance need to be operated on the secure end and the non-secure end respectively, and remote management is not possible, which brings great difficulties to normal data collection and daily maintenance. big inconvenience

Images