Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety rule configuration method of firewall without IP

A configuration method and firewall technology, applied in electrical components, transmission systems, etc., can solve the problems of difficult implementation of firewall management and configuration, change of control network topology, installation and management defects, etc., to achieve good real-time performance, clear process, and traffic less effect

Active Publication Date: 2017-06-27
四川电科智造科技有限公司
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current industrial network is mainly protected by traditional firewalls. Such firewalls usually have IP addresses for accurate detection and rule configuration. However, firewalls with IP addresses can be detected by scanning tools in the local area network. The firewall itself may be used as a Attack objects, and then attack the entire control network; and a firewall with IP will change the topology of the entire control network in the access network, and has defects in installation and management
In order to better protect the effect, it is usually set to the mode without IP. At this time, the management configuration of the firewall is difficult to achieve by relying on traditional technologies.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety rule configuration method of firewall without IP
  • Safety rule configuration method of firewall without IP
  • Safety rule configuration method of firewall without IP

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0045] figure 1 It is the schematic diagram of deployment without IP firewall.

[0046] In this embodiment, a brand-new industrial firewall management and security rule configuration method is provided. All industrial firewalls no longer have IP addresses. The processing, non-IP communication module and the firewall management configuration system cooperate with each other to form a complete set of security rule configuration methods based on the non-IP industrial firewall.

[0047] Such as figure 1 As shown, when deploying a non-IP firewall, the non-IP firewall should be set between the industrial network and the protected device, and there must be a non-IP industrial firewall upstream of the protected device, because the firewall is in a non-IP mode, and the firewall management system cannot Send data packets directly to it. The firewall management system sends data packets with the IP address of the protected device as the destination address. At this time, it must pass t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a safety rule configuration method of a firewall without an IP. A firewall without an IP is deposited at the front end of a protected device, a firewall management system does not direct send data to the firewall without an IP when sending a detection data packet and configuring the data packet, and sends data to the protected device, and the data is captured by the firewall to perform identification and processing to complete the safety rule configuration. In order to perform accurate identification of the data packet, the safety rule configuration method of the firewall without an IP takes a special port as a first feature, takes a customized protocol header as a second feature and performs corresponding process aiming at the type of the identified data packet.

Description

technical field [0001] The invention belongs to the technical field of industrial control system information security, and more specifically relates to a method for configuring security rules without an IP firewall. Background technique [0002] With the continuous integration of industrialization and informatization, information, network, and Internet technologies are gradually applied to the field of industrial control, and the industrial control system is gradually breaking the previous closedness. The current industrial network is mainly protected by traditional firewalls. Such firewalls usually have IP addresses for accurate detection and rule configuration. However, firewalls with IP addresses can be detected by scanning tools in the LAN, and the firewall itself may be used as a Attack objects, and then attack the entire control network; and a firewall with IP will change the topology of the entire control network in the access network, and has defects in installation ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0263H04L63/20
Inventor 辛晓帅邹见效郑宏何建
Owner 四川电科智造科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products