How Deep packet inspection helps protect ICS

Learn about the advantage of deep packet inspection

Even when industrial networks use TCP/IP and Ethernet as their network backbone, they often still run industrial application layer protocols on top of the network. Modbus TCP is the most popular of these and is widely used in industrial communications. However, this protocol can introduce vulnerability to cyber attacks because it offers no built-in security features.

Legacy industrial protocols are more vulnerable to cyber attacks.

A malicious packet can appear to be entirely legitimate when inspected as a TCP/IP packet—such as by checking its source IP address. If the system were able to filter packets by Modbus source device ID, function codes, or other Modbus command types it could reveal the packet to be malicious. Since industrial devices rarely have much in the way of application layer security, it’s up to the cyber security devices, such as hardware firewalls to provide this critical missing protection. Unfortunately, conventional firewall solutions rarely include the technology to scan industrial protocols such as Modbus TCP.

The Advantage of Deep Packet Inspection

Deep packet inspection can be helpful because it allows industrial protocols to be targeted for specific security measures. Whereas stateful packet inspection (provided in basic firewalls) looks at the header and footer of a packet, deep packet inspection (provided in advanced firewalls) examines the data, or content, of the packet.
Stateful packet inspection vs. Deep Packet Inspection
With predefined filters and criteria based on industrial protocols, a firewall with deep packet inspection is able to make a much more informed decision on whether or not to allow the packet through based upon its content. For example, the firewall could be configured to allow only Modbus read commands and drop any write commands. This would not be possible for firewalls that offer only stateful packet inspection.
To see a more detailed example of how deep packet inspection works, check out the video below.
 bild white paper, klicka för att läsa pdf Need more? Read a discussion of firewall features that address industrial security requirements, download our white paper

Moxa links (new window)

For further support, please contact Cat AB. We can assist with technical issues, be a partner to discuss your ideas and problems with industrial communication and security matters. We have items in stock and will gladely help you. Click on this link to send an e-mail or call us at the office +4687330020