We Can Learn From Industrial Firewall Architecture

https://ics-cert.us-cert.gov/sites/default/files/ICSJWG-Archive/F2012/D1_PM2_Tr1_Ginter_wf-13-ways-icsjwg-2012-d2.pdf

Andrew Ginter  has an interesting presentation (Director of Industrial Security – Waterfall security Solutions)

Industrialnetworkarchitecture

Notice how in an ICS (Industrial control System)  environment there are firewalls seperating different networks from the plant floor (the device floor has PLC’s)

But let me dispel some notions here, an ICS environment includes this

monitorsfromthreatpost

Picture from threatpost.com  which looks like a control room (with many montiors)

But firewalls are designed to protect this(in an ICS environment):

 

Electricalcontrols-plc

 

picture from speres.com

 

The thing with an ICS environment where there is one PLC (Programmable Logic Controller) there are usually others right next to them on the factory floor (assembling or filling stuff)

PLC control

 

I am just trying to get you some background when you do look at the pdf by Andrew Ginter

 

Here are 3 snippets  which help understand the firewall in the environment

demonetwork

 

 

Notice what could happen when trust is broken, by a successful hack of an account on the ICS host

 

hackedADserver

 

 

And once that happens your network is wide open, and the various firewalls mean nothing.

hackedicsservicer

 

 

So our logging systems must keep in mind all the various potential attacks that can come at us. we must keep in mind the general idea that with a specific attack and connection the hacker can perform functions before being found from inside the network.

 

Firewalls are designed to protect inside network from the outside, but today’s attacks can come from anywhere inside as well.

 

 

 

Advertisements

One thought on “We Can Learn From Industrial Firewall Architecture”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.