SCADA security using packet filtering firewall.

number: 
1916
English
Degree: 
Author: 
Wassan Saad Abdul Jabbar Mahmood
Supervisor: 
Dr. Ali A. Ati
Dr. Subhi Aswad
year: 
2008

Abstract: This thesis focuses on implementing packet filtering firewall technique for protecting SCADA system. It uses filtering criteria to decide whether to permit or deny packets entry into the network. Parts of the packet that are examined are; the source IP address, the destination IP address, and the Internet protocols carried by the packet. At the beginning, the miniature SCADA system was implemented on two computers to take overview on the basic component of SCADA system, and to preview the data transmission between them. Then a packet filtering firewall was implemented on a Client-Sever model. A mean must be provided to access and convert each single packet to our software in order to implement a packet filtering mechanism, and then retransmit it again. Since the network communication protocols, such as the TCP\IP protocol suite was depended instead of the proprietary protocols; a program must operate under Microsoft Windows operating system environment. The proposed solution was to build a helper driver that hook the Network Driver Interface Specification (NDIS), which was controlled by a user mode program. So a high performance packet filtering can be used that allows developers to transparently filter (view and modify) raw network packets completely in user-mode, by using Visual C++.Net. The result obtained from implementing packet filtering firewall shows how the NIDS-Hooking driver is useful in filtering the incoming packet with minimal impact on network activity, without the need to write low level Transport Driver Interface (TDI) or Network Driver Interface Specification NDIS driver code.