We Can Learn From Industrial Firewall Architecture


Andrew Ginter  has an interesting presentation (Director of Industrial Security – Waterfall security Solutions)


Notice how in an ICS (Industrial control System)  environment there are firewalls seperating different networks from the plant floor (the device floor has PLC’s)

But let me dispel some notions here, an ICS environment includes this


Picture from threatpost.com  which looks like a control room (with many montiors)

But firewalls are designed to protect this(in an ICS environment):




picture from speres.com


The thing with an ICS environment where there is one PLC (Programmable Logic Controller) there are usually others right next to them on the factory floor (assembling or filling stuff)

PLC control


I am just trying to get you some background when you do look at the pdf by Andrew Ginter


Here are 3 snippets  which help understand the firewall in the environment




Notice what could happen when trust is broken, by a successful hack of an account on the ICS host





And once that happens your network is wide open, and the various firewalls mean nothing.




So our logging systems must keep in mind all the various potential attacks that can come at us. we must keep in mind the general idea that with a specific attack and connection the hacker can perform functions before being found from inside the network.


Firewalls are designed to protect inside network from the outside, but today’s attacks can come from anywhere inside as well.





One thought on “We Can Learn From Industrial Firewall Architecture”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.