DPI
A firewall is simply a device that monitors and controls traffic flowing in or between networks. The problem with this simple scheme is that it is very black and white. You either allow a certain protocol or you block it. Fine-grained control of the protocol is impossible.
Clearly the firewall needs to dig deeper into the protocols to understand exactly what the protocol is being used for. And that is exactly what Deep Packet Inspection does. After the traditional firewall rules are applied, the firewall inspects the content of the contained messages and applies more detailed rules.
For example, a Modbus DPI firewall determines if the Modbus message is a read or a write message and then drops all write messages. Good DPI firewalls can also “sanity check” traffic for strangely formatted messages or unusual behaviours (such as 10,000 reply messages in response to a single request message). These sorts of abnormal messages can indicate traffic created by a hacker trying to crash a PLC and need to be blocked.
Articles
- Next Generation Cyber Attacks Target Oil And Gas SCADA
- Safety and Security: Two Sides of the Same Coin
- NERC CIP Compliance
- Defense in Depth
- Securing critical industrial processes in real-time
- Cyber Security Threats: Expert Interview with Eric Byres, Part 1
Blog Posts
- Securing Offshore O&G Platforms - Advanced Threats need Advanced Firewalls
- Enough Clucking – Start Fixing the SCADA Security Problem
- Securing Control Systems with System Integrators
- Air Gaps won’t Stop Stuxnet’s Children
- Easy-to-use Schneider ConneXium Tofino Firewall Advances SCADA Security
- Making SCADA Security Simple with the Schneider ConneXium Tofino Firewall
- SCADA Security Zeitgeist 2012
- Why SCADA Firewalls Need to be Stateful – Part 1 of 3
- SCADA Security & Deep Packet Inspection – Part 1 of 2
- Fixed Configuration Firewalls, Safety Systems and Reduced Human Error
- Securing SCADA systems from APTs like Flame and Stuxnet – Part 2
- SCADA Security and Deep Packet Inspection – Part 2 of 2
- Digital Bond Testing Proves Tofino Hardens Vulnerable SCADA Protocols
- Awesome SCADA Security Operations Centre
- Why SCADA Firewalls Need to be Stateful – Part 3 of 3
- Why SCADA Firewalls Need to be Stateful – Part 2 of 3
- Defense in Depth: Layering Multiple Defenses - Part 2 of 2
- Protecting Siemens S7-1200 PLCs against Security Vulnerabilities, Part 3/3
- Summing up Stuxnet in 4 Easy Sections - (plus Handy Presentation)
- Jeff Smith’s Practical SCADA Security
- DNP3 Vulnerabilities Part 2 of 2 – Why DPI Firewalls Might be Industry’s Only Hope
- Cyber Security for Water Systems – No Voodoo Required!
- ISA Recognizes Eric Byres for Leadership in SCADA Security
- Your ICS Security Strategy: Learn How and Where to Start
- The iPhone is coming to the Plant Floor – Can we Secure it?
- Why VLAN Security isn't SCADA Security at all
Press Releases
- Belden Assists Schneider Electric to Secure Critical Industrial Automation Systems
- Tofino Undergoes Advanced Cyber Security Testing Performed By Digital Bond
- Honeywell selects Tofino™ Modbus Read-only Firewall to Secure Critical Safety Systems
- Security breakthrough for OPC-based industrial automation
- Tofino™ Enforcer revolutionizes Modbus TCP/IP security
Videos and Presentations
- What Does Stuxnet Mean for Industrial Control Systems?
- Modbus TCP Enforcer Deep Packet Inspection
- Virus Prevention Using Deep Packet Inspection
- Deep Packet Inspection for SCADA and Process Controls