Learn about the advantage of deep packet inspection.
Even when industrial networks use TCP/IP and Ethernet as their network backbone, they often still run industrial application layer protocols on top of the network. Modbus TCP is the most popular of these and is widely used in industrial communications. However, this protocol can introduce vulnerability to cyber attacks because it offers no built-in security features.
Legacy industrial protocols are more vulnerable to cyber attacks.
A malicious packet can appear to be entirely legitimate when inspected as a TCP/IP packet—such as by checking its source IP address. If the system were able to filter packets by Modbus source device ID, function codes, or other Modbus command types it could reveal the packet to be malicious. Since industrial devices rarely have much in the way of application layer security, it’s up to the cyber security devices, such as hardware firewalls to provide this critical missing protection. Unfortunately, conventional firewall solutions rarely include the technology to scan industrial protocols such as Modbus TCP.
The Advantage of Deep Packet Inspection
Deep packet inspection can be helpful because it allows industrial protocols to be targeted for specific security measures. Whereas stateful packet inspection (provided in basic firewalls) looks at the header and footer of a packet, deep packet inspection (provided in advanced firewalls) examines the data, or content, of the packet.
With predefined filters and criteria based on industrial protocols, a firewall with deep packet inspection is able to make a much more informed decision on whether or not to allow the packet through based upon its content. For example, the firewall could be configured to allow only Modbus read commands and drop any write commands. This would not be possible for firewalls that offer only stateful packet inspection.
To see a more detailed example of how deep packet inspection works, check out the video below.
For a discussion of firewall features that address industrial security requirements, download our white paper, How to Choose the Right Industrial Firewall: The Top 7 Considerations.
Have a question about this topic? We would love to hear from you. Please feel free to contact us and one of our representatives will reach out to you with more information.