p e e d w o h ur t e k c a is yo deep p
? n o i t c inspe
r a long nomously fo to u ons a n ru considerati gned to out security ologies desi h n it h w c e d it te e n sp ry g e ta prie rity d n desi nse of secu s were ofte rates on pro ty d a false se lder system m (ICS) ope o te e poor securi a st se re is e sy c h l T th n o . o n tr ty ti o n ili la o b re o c l a is ra a w e ri is ln rd h st a T u vu n ind urity ctory. re and h a cyber sec within the fa The softwa es open to re isolated c persists. e service life. vi ill w e st d s s m se e m e e st ese sy make th trol syst n ld o u c o l a w ri t a st because th u th d lnerabilities ess within in numerous vu with a lack of awaren d le oup situation, c
A
design
Traditional firewalls based on access control will not help always be sufficient to secure an ICS Network. Transactional information in industrial protocols exists in the application layer. An example is Modbus/TCP where Modbus function information is carried in the application payload. Traditional insecure serial based protocols such as Modbus and DNP3 are riding on open standards such as TCP/IP, which multiplies the security risk by having more devices and protocols running across a network.
“Deep packet inspection evaluates the contents of a packet using configured rules to determine what to do with these packets in real time.�
Think of an envelope in snail mail. You can recognise it as an envelope, and you can even see who it is from and where it is going. This could be mapped to a standard firewall where you can limit the IP address by source and destination, and even port information, but that is as complex as it gets. In terms of this example, the content inside the sealed envelope, such as a friendly letter, is where the real information lies protected; this is where DPI really occurs. In terms of a firewall with DPI technology, this is what is actually happening. The firewall looks at the specific letters, if you will, in that packet on the wire. But how does a signature-based system (such as Snort) differ from a truly protocol-specific DPI engine?
06
Tofino Xenon
Deep packet inspection (DPI) of traffic is needed to secure the ICS. Deep packet inspection evaluates the contents of a packet using configured rules to determine what to do with these packets in real time.
