摘要 |
<p>A firewall (102) for a process control system analyses a network communication to identify a first service, an address associated with the first service within a secured portion of a network, and a subset of ports used by the first service, the network communication originating from within the secured portion of the network and to be transmitted to a destination outside of the secured portion of the network, and stores an identifier of the first service, the address, and the subset of the ports when the network communication includes the identifier, the address, and the subset of the ports. A subsequent communication received from outside of the secured portion of the network is compared with the identifier of the first service, the address and the subset of ports, and may be forwarded to an address and a port specified by that communication if they match.</p> |