摘要
随着智能制造技术的发展,工业控制网络的安全问题日益突出。基于工业通信网络诊断、隔离和安全防护技术,以应用前景广泛的PROFINET工业以太网为研究对象,设计了基于PROFINET的专用工业网络安全隔离器。安全隔离器主要作用于工业网络内部,具有通用的工业网络层防火墙功能。对PROFINET通信协议进行了深度解析,并识别相应的报文类型与关键数据。通过配置安全策略,并将其传输到安全隔离器,可以实时监控网络状态和PROFINET关键数据,阻断异常畸形报文,同时可以防止未授权设备的非法访问。针对以上情形产生的报警信息,将被实时发送到配置管理平台并进行报警显示。经测试表明,工业网络安全隔离器对正常工业控制网络无影响。配置策略可有效保护关键设备,从而保护工业控制网络的安全。
With the in-depth development of intelligent manufacturing technology,the security problem industrial control network is becoming more and more prominent. Based on the technologies of industrial communication network diagnosis,isolation,and security protection,with the most widely used PROFINET industrial Ethernet as the research object,the dedicated industrial network security isolator is designed based on PROFIBUS. Security isolator is mostly acting inside the industrial network,and offers generic industrial network layer firewall function. PROFINET communication protocol is deeply analyzed,and message types and key data are diagnosed and recognized. Through configuring the safety strategy on the configuration management platform,and transmitting the safety strategy to security isolator,network status and the critical data of PROFINET can be monitored in real-time,while the abnormal and malformed messages can be blocked,and the illegal access from unauthorized devices can also be prevented. The alarm information generated from above situation is sent to the configuration management platform in real time for alarm display. Tested,the industrial network security isolator has no influence on the normal industrial control network,and the key devices can be effectively protected by configuration strategy,thus the security of industrial control network can be protected.
出处
《自动化仪表》
CAS
2017年第7期46-49,53,共5页
Process Automation Instrumentation
基金
科技部转制科研院所创新能力专项基金资助项目(2014EG119050)
