摘要 |
Aspects of the invention provide apparatuses, systems, and computer readable media for protecting a programmable logic controller (PLC) 201 and plant network 203 against unauthorized access and for providing robust intended communication. A communication module 211 provides only intended communication and blocks all unintended communication between the plant network and a control network/office network 205 without using external infrastructure network devices. The communication module includes an Ethernet switch 303 and ports that electrically couple the CPU module 209, a plant network, and control/office network and controls communication to the PLC and the plant network from the control/office network by forwarding packets based on configuration information 406 and 504, where the packets are received through the ports. The communication module passes packets only when the associated source address and destination address are in accordance with the configuration information. The communication module may further pass packets based on packet traffic limits. |