METHODS AND APPARATUS FOR PREVENTING NETWORK INTRUSION
First Claim
1. A non-volatile memory having computer readable instructions configured to instruct a computer or controller to:
- run a setup wizard to obtain setup and filtering module configuration rules from a user;
reload the computer or controller with the settings obtained by the setup wizard;
configure filtering module rules including rules for an industrial protocol filter; and
filter received packets in accordance with the filtering module rules.
2 Assignments
0 Petitions
Accused Products
Abstract
In one configuration, a non-volatile memory is provided having computer readable instructions configured to instruct a computer or controller to run a setup wizard to obtain setup and filtering module configuration rules from a user; reload the computer or controller with the settings obtained by the setup wizard; configure filtering module rules including rules for an industrial protocol filter; and filter received and/or transmitted packets in accordance with the filtering module rules. The configuration may also include instructions to further parse and analyze packets containing industrial protocols to determine whether to allow or deny ingress and/or egress of such packets.
184 Citations
20 Claims
-
1. A non-volatile memory having computer readable instructions configured to instruct a computer or controller to:
-
run a setup wizard to obtain setup and filtering module configuration rules from a user; reload the computer or controller with the settings obtained by the setup wizard; configure filtering module rules including rules for an industrial protocol filter; and filter received packets in accordance with the filtering module rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of operating an industrial plant that includes a plurality of industrial controllers on a local area network (LAN), said method comprising:
-
providing an anti-intrusion and security apparatus (AISA) having two or more Ethernet ports, at least a first of which is configured to communicate through a wide area network (WAN), and the other of which is configured to communicate with the LAN; electrically connecting the first Ethernet port to the WAN and the other Ethernet port to the LAN; utilizing the AISA to filter packets of data received for ingress at the first Ethernet port in accordance with one or more rules; and utilizing the AISA to filter packets of data received for egress at the other Ethernet port in accordance with a one or more rules; wherein said at least one of filtering packets of data received for ingress, filtering packets of data received for egress, or both, further comprise utilizing the AISA to analyze objects embedded in industrial protocol filter connections to determine whether or not to drop the packet. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An anti-intrusion and security apparatus (AISA) comprising:
-
a microprocessor or controller (hereinafter, “
microprocessor”
);memory communicatively associated with the microprocessor; one or more filtering modules, not necessarily separate from the memory and the microprocessor; at least one WAN port interface and a LAN port interface having communication therebetween controlled by the filtering module; the AISA configured to; run a setup wizard to obtain setup and filtering module configuration rules from a user; reload the memory with the settings obtained by the setup wizard; configure filtering module rules in the memory including rules for an industrial protocol filter; and filter received packets for communication ingress and egress in accordance with the filtering module rules. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification