Andrew Ginter has an interesting presentation (Director of Industrial Security – Waterfall security Solutions)
Notice how in an ICS (Industrial control System) environment there are firewalls seperating different networks from the plant floor (the device floor has PLC’s)
But let me dispel some notions here, an ICS environment includes this
Picture from threatpost.com which looks like a control room (with many montiors)
But firewalls are designed to protect this(in an ICS environment):
picture from speres.com
The thing with an ICS environment where there is one PLC (Programmable Logic Controller) there are usually others right next to them on the factory floor (assembling or filling stuff)
I am just trying to get you some background when you do look at the pdf by Andrew Ginter
Here are 3 snippets which help understand the firewall in the environment
Notice what could happen when trust is broken, by a successful hack of an account on the ICS host
And once that happens your network is wide open, and the various firewalls mean nothing.
So our logging systems must keep in mind all the various potential attacks that can come at us. we must keep in mind the general idea that with a specific attack and connection the hacker can perform functions before being found from inside the network.
Firewalls are designed to protect inside network from the outside, but today’s attacks can come from anywhere inside as well.