Network Security Module For Ethernet-Receiving Industrial Control Devices

摘要

A high-speed security device for network connected industrial controls provides hybrid processing in tandem hardware and software security components. The software security component establishes state-less data identifying each packet that requires high-speed processing and loads a data table in the hardware component. The hardware component may then allow packets matching data of the data table to bypass the software component while passing other non-matching packets to the software component for more sophisticated state analysis.

主权项

1. A device configured for connected messaging on an industrial network, wherein the device is pre-allocated a bandwidth for communications, the device comprising:
a network connection configured to receive a plurality of message packets from the industrial network; a port in communication with a control device; a hardware security component configured to receive the plurality of message packets from the network connection, identify a first portion of the plurality of message packets that are included in a list of message packets requiring high-speed processing, identify a second portion of the plurality of message packets that are not included in the list, pass the first portion of the plurality of message packets to the port, and pass the second portion of the plurality of message packets to a software security component, wherein the hardware security component executes each afore-mentioned step within the bandwidth pre-allocated for the device; and the software security component, executing outside the bandwidth pre-allocated for the device, configured to receive the second portion of the plurality of message packets, determine whether each message packet from the second portion of the plurality of message packets is allowable, and pass each allowable message packet to the port.