CN106371359B - 过程控制网络的一键安全上锁 - Google Patents

过程控制网络的一键安全上锁 Download PDF

Info

Publication number
CN106371359B
CN106371359B CN201610808387.2A CN201610808387A CN106371359B CN 106371359 B CN106371359 B CN 106371359B CN 201610808387 A CN201610808387 A CN 201610808387A CN 106371359 B CN106371359 B CN 106371359B
Authority
CN
China
Prior art keywords
network
process control
devices
network device
communication ports
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610808387.2A
Other languages
English (en)
Chinese (zh)
Other versions
CN106371359A (zh
Inventor
特雷弗·D·史莱斯
罗伯特·肯特·胡巴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fisher Rosemount Systems Inc
Original Assignee
Fisher Rosemount Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fisher Rosemount Systems Inc filed Critical Fisher Rosemount Systems Inc
Publication of CN106371359A publication Critical patent/CN106371359A/zh
Application granted granted Critical
Publication of CN106371359B publication Critical patent/CN106371359B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/24Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using dedicated network management hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)
CN201610808387.2A 2008-09-25 2009-09-25 过程控制网络的一键安全上锁 Active CN106371359B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US10024008P 2008-09-25 2008-09-25
US61/100,240 2008-09-25
US12/475,889 2009-06-01
US12/475,889 US8590033B2 (en) 2008-09-25 2009-06-01 One button security lockdown of a process control network
CN200910177758.1A CN101686260B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN200910177758.1A Division CN101686260B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁

Publications (2)

Publication Number Publication Date
CN106371359A CN106371359A (zh) 2017-02-01
CN106371359B true CN106371359B (zh) 2019-07-05

Family

ID=41347821

Family Applications (4)

Application Number Title Priority Date Filing Date
CN201610808387.2A Active CN106371359B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁
CN201410138116.1A Active CN103888474B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁
CN200910177758.1A Active CN101686260B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁
CN201610808190.9A Active CN106411859B (zh) 2008-09-25 2009-09-25 传送过程数据的设备

Family Applications After (3)

Application Number Title Priority Date Filing Date
CN201410138116.1A Active CN103888474B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁
CN200910177758.1A Active CN101686260B (zh) 2008-09-25 2009-09-25 过程控制网络的一键安全上锁
CN201610808190.9A Active CN106411859B (zh) 2008-09-25 2009-09-25 传送过程数据的设备

Country Status (5)

Country Link
US (1) US8590033B2 (enExample)
EP (3) EP2611108B1 (enExample)
JP (1) JP5634047B2 (enExample)
CN (4) CN106371359B (enExample)
GB (2) GB2463791B (enExample)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007025892A1 (de) * 2007-06-01 2008-12-11 Phoenix Contact Gmbh & Co. Kg Werkzeugerkennung im Profinet
US8590033B2 (en) 2008-09-25 2013-11-19 Fisher-Rosemount Systems, Inc. One button security lockdown of a process control network
US8321926B1 (en) * 2008-12-02 2012-11-27 Lockheed Martin Corporation System and method of protecting a system that includes unprotected computer devices
US8549201B2 (en) * 2010-06-30 2013-10-01 Intel Corporation Interrupt blocker
US9525647B2 (en) 2010-07-06 2016-12-20 Nicira, Inc. Network control apparatus and method for creating and modifying logical switching elements
US8837493B2 (en) 2010-07-06 2014-09-16 Nicira, Inc. Distributed network control apparatus and method
US10103939B2 (en) 2010-07-06 2018-10-16 Nicira, Inc. Network control apparatus and method for populating logical datapath sets
DE102011006668B3 (de) * 2011-04-01 2012-09-13 Siemens Aktiengesellschaft Schnittstellenmodul für ein modulares Steuerungsgerät
JP5821576B2 (ja) * 2011-11-30 2015-11-24 株式会社バッファロー 中継装置および電子機器の起動方法
ES2530391T3 (es) 2012-05-31 2015-03-02 Siemens Ag Aparato de comunicación para un sistema de automatización industrial
US20140143864A1 (en) * 2012-11-21 2014-05-22 Snoopwall Llc System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware
US9177163B1 (en) 2013-03-15 2015-11-03 Google Inc. Data access lockdown
DE102013216501A1 (de) * 2013-08-20 2015-02-26 Vega Grieshaber Kg Messgerätezugangsvorrichtung, Feldgerät und Verfahren zum Steuern des Zugangs zu einem Messgerät
US9912612B2 (en) * 2013-10-28 2018-03-06 Brocade Communications Systems LLC Extended ethernet fabric switches
US20150161404A1 (en) * 2013-12-06 2015-06-11 Barrett N. Mayes Device initiated auto freeze lock
US20160036843A1 (en) * 2014-08-01 2016-02-04 Honeywell International Inc. Connected home system with cyber security monitoring
US9208349B1 (en) 2015-01-13 2015-12-08 Snoopwall, Inc. Securing data gathering devices of a personal computing device while performing sensitive data gathering activities to prevent the misappropriation of personal user data gathered therewith
US9686316B2 (en) * 2015-09-25 2017-06-20 Cisco Technology, Inc. Layer-2 security for industrial automation by snooping discovery and configuration messages
US10447722B2 (en) * 2015-11-24 2019-10-15 Bank Of America Corporation Proactive intrusion protection system
JP6759572B2 (ja) 2015-12-15 2020-09-23 横河電機株式会社 統合生産システム
JP6693114B2 (ja) * 2015-12-15 2020-05-13 横河電機株式会社 制御装置及び統合生産システム
JP2017163508A (ja) * 2016-03-11 2017-09-14 オムロン株式会社 マスタースレーブ制御システム、マスタースレーブ制御システムの制御方法、情報処理プログラム、および記録媒体
US9692784B1 (en) 2016-10-25 2017-06-27 Fortress Cyber Security, LLC Security appliance
EP3373544A1 (en) * 2017-03-07 2018-09-12 ABB Schweiz AG Automatic communication network system hardening
PE20200163A1 (es) * 2017-05-05 2020-01-21 Bosch Solua‡A•Es Integradas Brasil Ltda Sistema de gestion de mantenimiento de equipos
US11196711B2 (en) * 2017-07-21 2021-12-07 Fisher-Rosemount Systems, Inc. Firewall for encrypted traffic in a process control system
EP3439259B1 (de) * 2017-08-02 2019-11-27 Siemens Aktiengesellschaft Härten eines kommunikationsgerätes
US11038887B2 (en) * 2017-09-29 2021-06-15 Fisher-Rosemount Systems, Inc. Enhanced smart process control switch port lockdown
GB2567556B (en) 2017-09-29 2022-07-13 Fisher Rosemount Systems Inc Enhanced smart process control switch port lockdown
GB2568145B (en) 2017-09-29 2022-08-03 Fisher Rosemount Systems Inc Lockdown protection for process control switches
WO2019087849A1 (ja) * 2017-10-31 2019-05-09 村田機械株式会社 通信システム、被制御機器、及び、通信システムの制御方法
CN111149077A (zh) * 2018-01-25 2020-05-12 英特尔公司 分立式通信端口组件的电源管理
CN108965170A (zh) * 2018-06-13 2018-12-07 四川微迪智控科技有限公司 一种用于边缘安全接入的工业交换机系统及运行方法
CN108900481A (zh) * 2018-06-13 2018-11-27 四川微迪智控科技有限公司 一种交换机安全接入系统和方法
US11281877B2 (en) * 2018-06-26 2022-03-22 Columbia Insurance Company Methods and systems for guided lock-tag-try process
CN109391548B (zh) * 2018-11-06 2021-12-17 迈普通信技术股份有限公司 表项迁移方法、装置及网络通信系统
US11016135B2 (en) * 2018-11-28 2021-05-25 Cummins Power Generation Ip, Inc. Systems and methods for ground fault detection in power systems using communication network
US11627049B2 (en) * 2019-01-31 2023-04-11 Hewlett Packard Enterprise Development Lp Failsafe firmware upgrade for cloud-managed devices
JP7484252B2 (ja) * 2020-03-13 2024-05-16 オムロン株式会社 端末監視装置
US20230206368A1 (en) * 2021-12-29 2023-06-29 Advanced Micro Devices, Inc. Disabling selected ip
US12332292B2 (en) 2022-11-18 2025-06-17 Cummins Power Generation Inc. System for locating power faults based on a direction of current flow

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859173A (zh) * 2005-05-03 2006-11-08 合勤科技股份有限公司 控管局域网络安全的方法及其中继装置
US7836160B2 (en) * 2002-01-08 2010-11-16 Verizon Services Corp. Methods and apparatus for wiretapping IP-based telephone lines

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6124692A (en) * 1996-08-22 2000-09-26 Csi Technology, Inc. Method and apparatus for reducing electrical power consumption in a machine monitor
US6934260B1 (en) * 2000-02-01 2005-08-23 Advanced Micro Devices, Inc. Arrangement for controlling learning of layer 3 network addresses in a network switch
US20020156888A1 (en) * 2001-04-23 2002-10-24 Lee Man-Ho L. Method and apparatus for detecting and reporting configuration errors in a multi-component switching fabric
US7187648B1 (en) * 2001-11-26 2007-03-06 Ranch Networks, Inc. Redundancy in packet routing devices
US7782813B2 (en) * 2002-06-07 2010-08-24 Ember Corporation Monitoring network traffic
JP4553565B2 (ja) * 2002-08-26 2010-09-29 パナソニック株式会社 電子バリューの認証方式と認証システムと装置
US20040153700A1 (en) * 2003-01-02 2004-08-05 Nixon Mark J. Redundant application stations for process control systems
US7761923B2 (en) * 2004-03-01 2010-07-20 Invensys Systems, Inc. Process control methods and apparatus for intrusion detection, protection and network hardening
JP4148931B2 (ja) * 2004-08-16 2008-09-10 富士通株式会社 ネットワークシステム、監視サーバ及び監視サーバプログラム
US20060250983A1 (en) * 2005-03-31 2006-11-09 Iris Corporation Berhad Method of and arrangement for establishing network connections in an ethernet environment
JP2006332997A (ja) * 2005-05-25 2006-12-07 Nec Corp 通信管理装置、ネットワークシステム、ネットワークシステムにおける通信遮断方法、およびプログラム
US7774089B2 (en) * 2005-08-18 2010-08-10 Rockwell Automation Technologies, Inc. Method and apparatus for disabling ports in a motor control system
US8594084B2 (en) * 2005-09-09 2013-11-26 Intellectual Ventures I Llc Network router security method
ES2346447T3 (es) 2005-12-09 2010-10-15 Abb Research Ltd. Metodo de aseguramiento de los datos de configuracion de la red en las redes de automatizacion.
JP2008167119A (ja) * 2006-12-28 2008-07-17 Fujitsu Ltd ネットワーク装置、ネットワーク装置の制御装置及びその制御方法
CN101132364B (zh) * 2007-08-23 2012-02-29 新动力(北京)建筑科技有限公司 控制网络中数据寻址和转发的方法及系统
US8590033B2 (en) 2008-09-25 2013-11-19 Fisher-Rosemount Systems, Inc. One button security lockdown of a process control network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836160B2 (en) * 2002-01-08 2010-11-16 Verizon Services Corp. Methods and apparatus for wiretapping IP-based telephone lines
CN1859173A (zh) * 2005-05-03 2006-11-08 合勤科技股份有限公司 控管局域网络安全的方法及其中继装置

Also Published As

Publication number Publication date
JP2010081610A (ja) 2010-04-08
US20100077471A1 (en) 2010-03-25
EP2611108A1 (en) 2013-07-03
JP5634047B2 (ja) 2014-12-03
CN101686260B (zh) 2014-05-07
EP2816779B1 (en) 2015-09-02
GB2493479B (en) 2013-05-22
CN106411859B (zh) 2020-04-10
GB2463791A (en) 2010-03-31
GB0916858D0 (en) 2009-11-11
EP2169904B1 (en) 2013-08-28
GB2463791B (en) 2013-01-02
CN101686260A (zh) 2010-03-31
EP2611108B1 (en) 2018-12-05
CN106371359A (zh) 2017-02-01
EP2816779A1 (en) 2014-12-24
GB201220624D0 (en) 2013-01-02
US8590033B2 (en) 2013-11-19
CN106411859A (zh) 2017-02-15
CN103888474B (zh) 2018-07-06
CN103888474A (zh) 2014-06-25
GB2493479A (en) 2013-02-06
EP2169904A1 (en) 2010-03-31

Similar Documents

Publication Publication Date Title
CN106371359B (zh) 过程控制网络的一键安全上锁
CN114629861B (zh) 增强的智能过程控制交换机端口锁定
US11695621B2 (en) Control device and method for controlling a redundant connection in a flat network
JP2021503191A (ja) ネットワークセキュリティ用l2スイッチ及びこれを用いた遠隔監視制御システム
GB2568145A (en) Poisoning protection for process control switches
GB2567556A (en) Enhanced smart process control switch port lockdown
US20240357346A1 (en) Secure Unmanaged Network Switch and Related Methods
Chris What’s Not So Simple about SNMP?
Hare What’s not so simple about SNMP?

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant