Automatic firewall configuration for control systems in critical infrastructure

Embodiments provide techniques for securely managing the transmission of register operations to endpoint devices (e.g., circuit breakers and other forms of electrical equipment). A firewall management component may add entries over a secure communication channel to a firewall fabric maintained on a...

Full description

Saved in:
Bibliographic Details
Main Authors LLOYD, CLIFFORD, A, PELET DAVID A
Format Patent
LanguageChinese
English
Published 19.12.2023
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:Embodiments provide techniques for securely managing the transmission of register operations to endpoint devices (e.g., circuit breakers and other forms of electrical equipment). A firewall management component may add entries over a secure communication channel to a firewall fabric maintained on a firewall device. The entry may specify (i) a register operation of the endpoint device, (ii) a value of the register operation, and (iii) a count of the number of times the register operation may be performed. The firewall management component sends the register operation to the firewall device for forwarding to the endpoint device. The firewall device is configured to forward the register operation to the endpoint device only if the count specified in the firewall fabric is not exceeded. 实施例提供了用于安全管理寄存器操作到端点设备(例如,断路器和其他形式的电气装备)的传输的技术。防火墙管理组件可以通过安全通信信道向防火墙设备上维护的防火墙结构添加条目。该条目可以指定(i)端点设备的寄存器操作,(ii)寄存器操作的值,以及(iii)寄存器操作可以被执行的次数的计数。防火墙管理组件将寄存器操作发送给防火墙设备以转发给端点设备。防火墙设备被配置用于只有在防火墙结构中指定的计数不会被超过的情况下,才将寄存器操作转发给端点设备。
Bibliography:Application Number: CN202280028395