How Deep packet inspection helps protect ICS

Learn about the advantage of deep packet inspection

Even when industrial networks use TCP/IP and Ethernet as their network backbone, they often still run industrial application layer protocols on top of the network. Modbus TCP is the most popular of these and is widely used in industrial communications. However, this protocol can introduce vulnerability to cyber attacks because it offers no built-in security features.

Legacy industrial protocols are more vulnerable to cyber attacks.

A malicious packet can appear to be entirely legitimate when inspected as a TCP/IP packet—such as by checking its source IP address. If the system were able to filter packets by Modbus source device ID, function codes, or other Modbus command types it could reveal the packet to be malicious. Since industrial devices rarely have much in the way of application layer security, it’s up to the cyber security devices, such as hardware firewalls to provide this critical missing protection. Unfortunately, conventional firewall solutions rarely include the technology to scan industrial protocols such as Modbus TCP.

The Advantage of Deep Packet Inspection

Deep packet inspection can be helpful because it allows industrial protocols to be targeted for specific security measures. Whereas stateful packet inspection (provided in basic firewalls) looks at the header and footer of a packet, deep packet inspection (provided in advanced firewalls) examines the data, or content, of the packet.
Stateful packet inspection vs. Deep Packet Inspection
With predefined filters and criteria based on industrial protocols, a firewall with deep packet inspection is able to make a much more informed decision on whether or not to allow the packet through based upon its content. For example, the firewall could be configured to allow only Modbus read commands and drop any write commands. This would not be possible for firewalls that offer only stateful packet inspection.
To see a more detailed example of how deep packet inspection works, check out the video below.
  • Programmering

    Behöver du egensnickrad kod på din produkt? Vi kan hjälpa dig! Vi har erfarna programmerare redo att anpassa produkterna åt… Läs mer »

  • Köpvillkor

    Läs våra allmänna köpvillkor här

  • OK

    Att välja rätt…

    Det kan vara svårt att veta exakt vilka produkter som behövs för att tillgodose just era behov, eller om produkt… Läs mer »

  • Moxa ikon

    Agenturer

    Cat AB jobbar med flera namnkunniga agenturer: MOXA, Advantech och Barix är några av de största och starkast etablerade på… Läs mer »