摘要
综合分析工控生产网络特点,明确与办公信息网络的差异性,指出工控生产网络的安全求,提出安全措施建议,重点对工控生产网的边界防护及工控生产网内的身份认证方式和数据的防篡改方式进行描述。通过设计基于防火墙建立隔离区的方法来解决工控网和办公网的隔离和数据交互问题,通过在生产网内部署身份认证网关来解决办公网的身份认证系统不能在生产网沿用的问题,利用数字签名技术来对工控系统信息指令提供防篡改,防抵赖保护。
Comprehensively analyzes the industrial production system characteristics, clears the differences with office information network, points out the security requirements of industrial production system and gives the suggestion of safety measures. Especially focus on describing the identity authentication and tampering proof method to protect the security of industrial production system. Via establishing the DMZ based on firewall to solve the isolation and data exchange between the industrial production system and office information network; Through deploying the identity authentication gateway in industrial production system to solve the problem of impossible use of identity authentication system which is used in office information network,. Finally, the digital signature can be used to tamper-proof of industrial control commands.
出处
《计算机安全》
2014年第2期44-47,共4页
Network & Computer Security
关键词
工控生产网
数字签名
身份认证
Industrial Production System, Digital Signature, Identity Authentication
