Open Access   Article Go Back

Secure SCADA Firewall Autmation and Implication for Best Practices

Sai Pradeep Kumar. M1 , Haritha. D2

Section:Research Paper, Product Type: Journal Paper
Volume-6 , Issue-7 , Page no. 179-190, Jul-2018

CrossRef-DOI:   https://doi.org/10.26438/ijcse/v6i7.179190

Online published on Jul 31, 2018

Copyright © Sai Pradeep Kumar. M, Haritha. D . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

View this paper at   Google Scholar | DPI Digital Library

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: Sai Pradeep Kumar. M, Haritha. D, “Secure SCADA Firewall Autmation and Implication for Best Practices,” International Journal of Computer Sciences and Engineering, Vol.6, Issue.7, pp.179-190, 2018.

MLA Style Citation: Sai Pradeep Kumar. M, Haritha. D "Secure SCADA Firewall Autmation and Implication for Best Practices." International Journal of Computer Sciences and Engineering 6.7 (2018): 179-190.

APA Style Citation: Sai Pradeep Kumar. M, Haritha. D, (2018). Secure SCADA Firewall Autmation and Implication for Best Practices. International Journal of Computer Sciences and Engineering, 6(7), 179-190.

BibTex Style Citation:
@article{M_2018,
author = {Sai Pradeep Kumar. M, Haritha. D},
title = {Secure SCADA Firewall Autmation and Implication for Best Practices},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {7 2018},
volume = {6},
Issue = {7},
month = {7},
year = {2018},
issn = {2347-2693},
pages = {179-190},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=2414},
doi = {https://doi.org/10.26438/ijcse/v6i7.179190}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v6i7.179190}
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=2414
TI - Secure SCADA Firewall Autmation and Implication for Best Practices
T2 - International Journal of Computer Sciences and Engineering
AU - Sai Pradeep Kumar. M, Haritha. D
PY - 2018
DA - 2018/07/31
PB - IJCSE, Indore, INDIA
SP - 179-190
IS - 7
VL - 6
SN - 2347-2693
ER -

VIEWS PDF XML
613 399 downloads 291 downloads
  
  
           

Abstract

SUPERVISORY Control and Data Acquisition (SCADA) networks control the distributed assets of many industrial systems. Power generation, water distribution and factory automation are just a few examples that illustrate the critical nature of these networks. SCADA devices are built for reliability, but often lack built-in security features to guard them from cyber-attacks. Consequently, these devices depend on firewalls for protection. Hence, firewalls are integral to SCADA networks control the distributed assets of many industrial systems. Power generation, water distribution and factory automation are just a few examples that illustrate the critical nature of these networks. SCADA devices are built for reliability, but often lack built-in security features to guard them from cyber-attacks. Consequently, these devices depend on firewalls for protection. Hence, firewalls are integral to the safe and reliable operation of SCADA networks. Firewall configuration is an important activity for any modern day business. It is particularly a critical task for the SCADA networks that control power stations, water distribution, factory automation, etc. Lack of automation tools to assist with this critical task has resulted in un-optimized, error prone configurations that expose these networks to cyber-attacks. Automation can make designing firewall configurations more reliable and their deployment increasingly cost-effective. In order to increase the security in firewall we are providing extra automation that would help to detect the packet level conflicts such DoS.

Key-Words / Index Term

SCADA network security, Zone-Conduit model,firewall autoconfiguration, security policy, SCADA best practices, IP Fragmentation, Port Fragmentation

References

[1] Dinesha Ranathunga, Mathew Roughan: Case Studies of SCADA Firewall Configurations and the Implications for Best Practices. IEEE Transactions on Network and service manaagement, Dec 2016
[2] ANSI/ISA-62443-1-1. Security for industrial
automation and control systems part 1-1:
Terminology, concepts, and models, 2007.
[3] Y. Bartal, A. Mayer, K. Nissim, and A. Wool.
Firmato: A novel firewall management toolkit. ACM Transactions on Computer Systems (TOCS),
22(4):381–420, 2004.
[4] S. Bellovin and R. Bush. Configuration management
and security. IEEE Journal on Selected Areas in
Communications, 27(3):268–274, 2009.
[5] J.D. Guttman: Filtering postures: local enforcement for global policies. In IEEE Symposium on Security and Privacy, pages 120-129, 1997
[6] Ondrej Rysavy, Jaroslav Rab, Microslav Sveda: Improving security in SCADA systems through firewall policy analysis Federated Conference on Computer Science and Information Systems March 2013
[7] Khaled Salah, Khalid Elbadawi, Raouf Boutaba: Performance Modelling and Analysis of Network Firewalls, IEEE Transactions on Network and Service Management ( Volume: 9, Issue: 1, March 2012 )
[8] Avishal Wool: Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese, IEEE Internet Computing 14(4):58 - 65 • September 2010
[9] S. Bellovin and R. Bush. Configuration management and security. IEEE Journal on Selected Areas in Communications, 27(3):268–274, 2009.
[10] E. Byres. Using ANSI/ISA-99 standards to improve control system security. White paper, Tofino Security, May 2012.
[11] E. Byres, J. Karsch, and J. Carter. NISCC good practice guide on firewall deployment for SCADA and process control networks. National Infrastructure Security Co-Ordination Centre, 2005.
[12] M. Casado, T. Garfinkel, A. Akella, M. J. Freedman, D. Boneh, N. McKeown, and S. Shenker. SANE: A protection architecture for enterprise networks. In Usenix Security, 2006.
[13] W. R. Cheswick, S. M. Bellovin, and A. D. Rubin. Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Longman Publishing Co., Inc., 2003.
[14] Cisco Systems. Cisco ASA 5500 Series Configuration Guide using the CLI. Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706, USA, 2010.
[15] Cisco Systems. Cisco ASA 5585-X adaptive security appliance architecture. White paper, Cisco Systems, May 2014.
[16] R. Jamieson, L. Land, S. Smith, G. Stephens, and D. Winchester. Critical infrastructure information security: Impacts of identity and related crimes. In PACIS, page 78, 2009.
[17] K. Stouffer, J. Falco, and K. Scarfone. Guide to Industrial Control Systems (ICS) security. NIST Special Publication, 800(82):16–16, 2008.
[18] T. Tuglular, F. Cetin, O. Yarimtepe, and G. Gercek. Firewall configuration management using XACML policies. In 13th International Telecommunications Network Strategy and Planning Symposium, Sep, 2008.