Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shlomi_Feldman
Employee
Employee

SCADA security using firewall policies.pdf

 

In SCADA and ICS environment each and every system component is characterized by a specific role, having unique network behavior related to the other system components

 

  • The SCADA server will manage communication with the RTUs and PLCs, Will provide services to the working stations and manage writing to the historian server.
  • PLCs and RTUs communicates with the SCADA server and occasionally connected by engineering stations
  • Working stations connects to the SCADA server and don’t require connectivity to any other of the system components.
  • Historian server database, get write commands from the SCADA server and the data is read by operational intelligence solutions for reports generation.

 

 

Due to this relatively simple network behavior, it is possible to use Firewall policies to Alert and even block unauthorized activities and as a result enhancing significantly the system security.

 

 

 

 

Few examples:

 

 

We would like to authorize communication in Modbus protocol between the SCADA server and the PLCs and communication between the SCADA server and the historian server.

 

While on the same time we want to ban any communication between the workstation the PLCs and historian server. At this current situation, even if the workstation will be infected by a malware which will attempt to communicate with the PLCs and the historian server, the attempt will fail and the traffic will be blocked.

0 Kudos
6 Replies
Pablo_Barriga
Advisor

Thanks for the information, I tried to open the document using capsule docs but the documents is protected.

0 Kudos
Shlomi_Feldman
Employee
Employee

Hi Pablo,

Are you a Check Point employee? I reconfirmed and the document is open to all Check Point employees.

If you still face problem with opening the document, please share with me your email address and I will send you the document.

0 Kudos
Pablo_Barriga
Advisor

Hello , I'm not a Check Point Employe , just currently working on a Latam Distributor, thanks for sharing this info.

0 Kudos
Shlomi_Feldman
Employee
Employee

this explain the reason why you can't open the document.

In SCADA and ICS environment each and every system component is characterized by a specific role, having unique network behavior related to the other system components

 

  • The SCADA server will manage communication with the RTUs and PLCs, Will provide services to the working stations and manage writing to the historian server.
  • PLCs and RTUs communicates with the SCADA server and occasionally connected by engineering stations
  • Working stations connects to the SCADA server and don’t require connectivity to any other of the system components.
  • Historian server database, get write commands from the SCADA server and the data is read by operational intelligence solutions for reports generation.

 

 

Due to this relatively simple network behavior, it is possible to use Firewall policies to Alert and even block unauthorized activities and as a result enhancing significantly the system security.

Few examples:

We would like to authorize communication in Modbus protocol between the SCADA server and the PLCs and communication between the SCADA server and the historian server.

 

While on the same time we want to ban any communication between the workstation the PLCs and historian server. At this current situation, even if the workstation will be infected by a malware which will attempt to communicate with the PLCs and the historian server, the attempt will fail and the traffic will be blocked.

0 Kudos
Gonzalo_Alvarez
Employee
Employee

Hi Shlomi. I cant open it neither. My email is galvarez@checkpoint.com  Thanks

0 Kudos
PhoneBoy
Admin
Admin

The document is actually the same as the content Shlomi shared already.

0 Kudos