CN103117993B - 用于提供过程控制系统的防火墙的方法、装置及制品 - Google Patents
用于提供过程控制系统的防火墙的方法、装置及制品 Download PDFInfo
- Publication number
- CN103117993B CN103117993B CN201210379873.9A CN201210379873A CN103117993B CN 103117993 B CN103117993 B CN 103117993B CN 201210379873 A CN201210379873 A CN 201210379873A CN 103117993 B CN103117993 B CN 103117993B
- Authority
- CN
- China
- Prior art keywords
- network
- service
- port
- address
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 238000004886 process control Methods 0.000 title claims abstract description 27
- 238000004458 analytical method Methods 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims description 130
- 238000003860 storage Methods 0.000 claims description 33
- 238000001514 detection method Methods 0.000 claims description 22
- 238000012369 In process control Methods 0.000 claims description 4
- 238000010965 in-process control Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 32
- 238000012545 processing Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 206010022000 influenza Diseases 0.000 description 5
- 230000002265 prevention Effects 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000001052 transient effect Effects 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 101000746134 Homo sapiens DNA endonuclease RBBP8 Proteins 0.000 description 1
- 101000969031 Homo sapiens Nuclear protein 1 Proteins 0.000 description 1
- 102100021133 Nuclear protein 1 Human genes 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000011248 coating agent Substances 0.000 description 1
- 238000000576 coating method Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003012 network analysis Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Testing And Monitoring For Control Systems (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201161540219P | 2011-09-28 | 2011-09-28 | |
| US61/540,219 | 2011-09-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103117993A CN103117993A (zh) | 2013-05-22 |
| CN103117993B true CN103117993B (zh) | 2018-01-26 |
Family
ID=47225296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210379873.9A Active CN103117993B (zh) | 2011-09-28 | 2012-09-28 | 用于提供过程控制系统的防火墙的方法、装置及制品 |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US9100437B2 (enExample) |
| JP (2) | JP6170660B2 (enExample) |
| CN (1) | CN103117993B (enExample) |
| DE (1) | DE102012109212B4 (enExample) |
| GB (1) | GB2495214B (enExample) |
| PH (1) | PH12012000283A1 (enExample) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102015205833A1 (de) * | 2015-03-31 | 2016-10-06 | Siemens Aktiengesellschaft | Einweg-Koppelvorrichtung, Anfrageeinrichtung und Verfahren zum rückwirkungsfreien Übertragen von Daten |
| US11363035B2 (en) * | 2015-05-22 | 2022-06-14 | Fisher-Rosemount Systems, Inc. | Configurable robustness agent in a plant security system |
| US10693859B2 (en) | 2015-07-30 | 2020-06-23 | Oracle International Corporation | Restricting access for a single sign-on (SSO) session |
| US10505982B2 (en) | 2015-10-23 | 2019-12-10 | Oracle International Corporation | Managing security agents in a distributed environment |
| WO2018057599A1 (en) * | 2016-09-21 | 2018-03-29 | Wal-Mart Stores, Inc. | System and methods for point to point encryption and tokenization in a hosted environment |
| CN106790393B (zh) * | 2016-11-25 | 2019-08-13 | 国信优易数据有限公司 | 一种数据定向传送系统 |
| CN106774248B (zh) * | 2016-12-08 | 2019-10-22 | 北京立思辰新技术有限公司 | 一种基于下位机的行为模式安全防护方法 |
| US11050730B2 (en) | 2017-09-27 | 2021-06-29 | Oracle International Corporation | Maintaining session stickiness across authentication and authorization channels for access management |
| US11134078B2 (en) | 2019-07-10 | 2021-09-28 | Oracle International Corporation | User-specific session timeouts |
| US20210092122A1 (en) * | 2019-09-23 | 2021-03-25 | Vmware, Inc. | Centralized capability system for programmable switches |
| WO2022118395A1 (ja) * | 2020-12-02 | 2022-06-09 | 日本電気株式会社 | ネットワーク制御装置、ネットワークシステム、ネットワーク制御方法及び非一時的なコンピュータ可読媒体 |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101543005A (zh) * | 2006-11-20 | 2009-09-23 | 英国电讯有限公司 | 安全网络体系结构 |
Family Cites Families (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3262689B2 (ja) * | 1995-05-19 | 2002-03-04 | 富士通株式会社 | 遠隔操作システム |
| US5828833A (en) | 1996-08-15 | 1998-10-27 | Electronic Data Systems Corporation | Method and system for allowing remote procedure calls through a network firewall |
| US5944823A (en) | 1996-10-21 | 1999-08-31 | International Business Machines Corporations | Outside access to computer resources through a firewall |
| US6754831B2 (en) | 1998-12-01 | 2004-06-22 | Sun Microsystems, Inc. | Authenticated firewall tunneling framework |
| US7440953B2 (en) * | 2001-01-25 | 2008-10-21 | Content Directions, Inc. | Apparatus, method and system for directory quality assurance |
| US20040006573A1 (en) * | 2001-06-18 | 2004-01-08 | Nomura Takashi | Data transmission apparatus, data transmission method, and data transmission method program |
| US20030028806A1 (en) | 2001-08-06 | 2003-02-06 | Rangaprasad Govindarajan | Dynamic allocation of ports at firewall |
| JP2004221879A (ja) * | 2003-01-14 | 2004-08-05 | Matsushita Electric Ind Co Ltd | 通信方法、通信プログラムおよび中継装置 |
| US20050138416A1 (en) | 2003-12-19 | 2005-06-23 | Microsoft Corporation | Object model for managing firewall services |
| US7761923B2 (en) * | 2004-03-01 | 2010-07-20 | Invensys Systems, Inc. | Process control methods and apparatus for intrusion detection, protection and network hardening |
| JP2007208693A (ja) * | 2006-02-02 | 2007-08-16 | Toshiba Corp | 通信装置、通信システム、通信方法および通信プログラム |
| US8407763B2 (en) * | 2006-04-28 | 2013-03-26 | Bae Systems Information And Electronic Systems Integration Inc. | Secure network interface device |
| US20070276950A1 (en) | 2006-05-26 | 2007-11-29 | Rajesh Dadhia | Firewall For Dynamically Activated Resources |
| DE102006056566B3 (de) | 2006-11-30 | 2008-05-08 | Siemens Ag | Netzwerk und Verfahren zum Aufbau einer Datenverbindung mit einem mobilen Endgerät |
| US8621552B1 (en) * | 2007-05-22 | 2013-12-31 | Skybox Security Inc. | Method, a system, and a computer program product for managing access change assurance |
| JP2009182574A (ja) * | 2008-01-30 | 2009-08-13 | Nagoya Institute Of Technology | ファイアウォール設定解析方式 |
| JP5141328B2 (ja) * | 2008-03-25 | 2013-02-13 | 富士通株式会社 | 中継装置及びコンピュータプログラム |
| US9521120B2 (en) | 2009-04-23 | 2016-12-13 | General Electric Technology Gmbh | Method for securely transmitting control data from a secure network |
-
2012
- 2012-09-26 PH PH1/2012/000283A patent/PH12012000283A1/en unknown
- 2012-09-27 US US13/628,964 patent/US9100437B2/en active Active
- 2012-09-27 GB GB1217300.1A patent/GB2495214B/en active Active
- 2012-09-28 DE DE102012109212.5A patent/DE102012109212B4/de active Active
- 2012-09-28 JP JP2012216412A patent/JP6170660B2/ja active Active
- 2012-09-28 CN CN201210379873.9A patent/CN103117993B/zh active Active
-
2017
- 2017-05-22 JP JP2017101066A patent/JP6306779B2/ja active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101543005A (zh) * | 2006-11-20 | 2009-09-23 | 英国电讯有限公司 | 安全网络体系结构 |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2017199380A (ja) | 2017-11-02 |
| GB2495214A (en) | 2013-04-03 |
| GB2495214B (en) | 2013-08-28 |
| DE102012109212B4 (de) | 2023-02-09 |
| GB201217300D0 (en) | 2012-11-14 |
| CN103117993A (zh) | 2013-05-22 |
| PH12012000283A1 (en) | 2014-04-28 |
| JP6306779B2 (ja) | 2018-04-04 |
| DE102012109212A1 (de) | 2013-03-28 |
| US20130081130A1 (en) | 2013-03-28 |
| JP6170660B2 (ja) | 2017-07-26 |
| US9100437B2 (en) | 2015-08-04 |
| JP2013073631A (ja) | 2013-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103117993B (zh) | 用于提供过程控制系统的防火墙的方法、装置及制品 | |
| Kim et al. | STRIDE‐based threat modeling and DREAD evaluation for the distributed control system in the oil refinery | |
| EP2822248B1 (en) | Methods and systems for use in analyzing cyber-security threats in an aviation platform | |
| CN105139139B (zh) | 用于运维审计的数据处理方法和装置及系统 | |
| De Souza et al. | Extending STPA with STRIDE to identify cybersecurity loss scenarios | |
| CN106059087B (zh) | 一种智能变电站脆弱性分析评估系统 | |
| US20090099885A1 (en) | Method for risk analysis using information asset modelling | |
| Lemaire et al. | A SysML extension for security analysis of industrial control systems | |
| Novak et al. | Common approach to functional safety and system security in building automation and control systems | |
| CN105991638A (zh) | 一种网络攻击路径分析与生成方法及系统 | |
| Kriaa et al. | A new safety and security risk analysis framework for industrial control systems | |
| CN110601889A (zh) | 实现安全反溯源深度加密受控网络链路资源调度管理的系统及方法 | |
| CN105847236A (zh) | 一种防火墙安全策略配置方法和装置、以及防火墙 | |
| Zahid et al. | A security risk mitigation framework for cyber physical systems | |
| CN111107108A (zh) | 一种工业控制系统网络安全分析的方法 | |
| Lemaire et al. | Extracting vulnerabilities in industrial control systems using a knowledge-based system | |
| Maidl et al. | Pattern-based modeling of cyber-physical systems for analyzing security | |
| Hollerer et al. | Safety and security: A field of tension in industrial practice | |
| Ginter | Secure operations technology | |
| Lee et al. | The Five ICS Cybersecurity Critical Controls | |
| CN113765780A (zh) | 一种基于物联网的便携式运维网关 | |
| CN105518663B (zh) | 不良行为人的自动阻挡 | |
| CN109756483A (zh) | 一种针对melsec协议的安全防护方法 | |
| Teumim | Industrial network security | |
| Falk et al. | System Integrity Monitoring for Industrial Cyber Physical Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |