面向工控网络的区域隔离系统设计与实现

Designation and Implementation of a Regional Isolation System for Industrial Control Network

设计了基于微处理器的区域隔离硬件装置,通过通信管控,采用"白名单"技术对进出关键设备的数据包进行严格审查,阻止非法数据包流过.以CTCS-3(中国列车运行控制系统)的信号系统安全数据网为例进行了扫描攻击、ARP攻击、木马攻击和缓冲区溢出攻击等测试.测试结果表明在不影响网络实时性、稳定性的前提下,该区域隔离系统能够加固网内设备终端,有效防御非法者入侵、网内设备间相互攻击和病毒在局域网内的传播.

The hardware of a kind of regional isolation system has been designed based on the Arm Chip platforms . Using which ,the illegal packets are prevented to pass through ,by examine the packets flow to these critical equipments with the communication control method and "white list" technology .Several typical network attacks method were used to test the security of the CTCS-3 (Chinese Train Control System) ,which include the scanning attacks ,the ARP attacks ,the Trojan attacks and the buffer overflow attacks .Results show that security of these devices in this industrial network is reinforced without influence real-time performance of the network .The illegal incursions ,the attacks within the network and the spread of the virus are efficiently prevented using this region isolation system .