Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network

Abstract

The invention discloses a unidirectional transmission internal and external network secure isolating gateway applicable to an industrial control network, belongs to the technical field of the industrial control network. The isolating gateway comprises an external network processing unit, a data ferry unit and an internal network processing unit; the external network processing unit is connected with the internal network processing unit through the data ferry unit; and the software and the hardware of the internal and external networks are isolated at the same time; the external network processing unit, the data ferry unit and the internal network processing unit are completely independent and communicate through a self-defined protocol. The isolating gateway is advantaged by that the isolating gateway is used for realizing unidirectional data transmission by the industrial control network and an upper computer public network under a physical isolating condition; identity authentication and content filter are controlled through a plug-in mode; and the reliability and the security of the industrial control network are ensured to the maximum extent.

Description

technical field [0001] The invention belongs to the technical field of industrial control networks, and in particular provides a safety isolation gatekeeper for unidirectional transmission of internal and external networks suitable for industrial control networks. Background technique [0002] The Internet of Things, cloud computing, and mobile application technology are the three major information technologies that are being developed in the information field today. Among them, the Internet of Things is an advanced technology that is developing rapidly, and its information security issues are receiving more and more attention from the state. A complete industrial Internet of Things system network includes multiple aspects of information security issues including data, physics, and network. To maintain the stable operation of the overall system and ensure that the production process is not affected, it is necessary to formulate and implement effective security solutions. ...

AI Technical Summary

Problems solved by technology

[0004] (1) Computers used as control system operating stations and upper computers have little or no chance to install round-the-clock virus protection or updated versions

[0005] (2) Currently commonly used controllers such as DCS and PLC are designed to optimize process control functions, and basically do not provide network security protection functions

[0006] (3) The networks between different control systems are not effectively separated, especially industrial control networks based on OPC, MODBUS and other communications

[0007] (4) In security incidents, commercial firewalls, VPNs, IPS, etc. are mostly used. However, due to the particularity of industrial control production networks and the differences between ordinary commercial networks, commercial firewalls cannot fundamentally solve production problems. Control network security issues

[0010] (1) The firewall is based on the TCP / IP protocol, and there is no way for the firewall to defend against the loopholes in the protocol itself.

[0011] (2) The firewall is based on the principle of packet filtering and cannot prevent viruses, worms and various new attacks

[0012] (3) The firewall is not completely transparent to users, it is difficult for non-professional users to manage and configure, and it is easy to cause security holes

Risk of manipulation and tampering

[0014] (5) Too many firewall protection strategies will affect its own running speed, and too few will cause security risks

[0016] (1) Most of the communications in the field of industrial control are based on industrial protocols such as OPC and MODBUS, but most firewalls are not based on industrial communication protocols such as OPC and MODBUS

[0017] (2) Firewalls are based on blacklists and cannot protect against the latest threats

[0018] (3) There may be security holes in the firewall itself

[0019] (4) User management is inconvenient

[0021] (6) The firewall cannot provide a consistent security policy between the internal and external networks, and cannot well defend against attacks from standard network protocols, and is powerless against attacks against server vulnerabilities

[0022] (7) While providing security services, the firewall will also increase network delay

[0025] At present, there are already some network gateways for industrial communication in the market, which are used for data isolation and exchange, but their protection capabilities are relatively simple, they cannot be expanded for protection, and they do not support remote management, and the single protection method brings security risks to the use

Images