Firewall method and apparatus for industrial systems
    1.
    发明申请
    Firewall method and apparatus for industrial systems 有权
    工业系统的防火墙方法和装置

    公开(公告)号:US20060155865A1

    公开(公告)日:2006-07-13

    申请号:US11326742

    申请日:2006-01-06

    IPC分类号: G06F15/16

    摘要: The invention includes a method and apparatus for use with a system including networked resources where communication between resources is via a dual packet protocol wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field and where the second packets are encapsulated in the first protocol packet frames the method including the steps of specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining at least a subset of the additional embedded packet information to identify at least one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information.

    摘要翻译: 本发明包括一种用于包括网络资源的系统的方法和装置,其中资源之间的通信是经由双包协议,其中第一协议包括指定目的地设备/资源的帧和数据字段,并且第二协议指定最终 目的地设备/资源,并且包括数据字段,并且其中第二分组被封装在第一协议分组帧中,该方法包括以下步骤:为网络上发送的每个第一协议分组指定用于资源的访问控制信息,拦截第一协议分组 在所述第一协议目的地资源之前,检查所述附加嵌入分组信息的至少一个子集以识别所述中间路径资源和所述最终目的地资源中的至少一个,识别与所述中间路由资源和所述最终目的地资源相关联的所述访问控制信息, 路径资源和最终目的地 资源和限制作为所识别的访问控制信息的函数的第一协议分组的传输。