工业以太网PROFINET安全隔离器的设计  被引量：4

作　　者：韩丹涛[1] 赵艳领 闫晓风[1] 

机构地区：[1]机械工业仪器仪表综合技术经济研究所,北京100055

出　　处：《自动化仪表》2017年第7期46-49,53,共5页Process Automation Instrumentation

基　　金：科技部转制科研院所创新能力专项基金资助项目(2014EG119050)

摘　　要：随着智能制造技术的发展,工业控制网络的安全问题日益突出。基于工业通信网络诊断、隔离和安全防护技术,以应用前景广泛的PROFINET工业以太网为研究对象,设计了基于PROFINET的专用工业网络安全隔离器。安全隔离器主要作用于工业网络内部,具有通用的工业网络层防火墙功能。对PROFINET通信协议进行了深度解析,并识别相应的报文类型与关键数据。通过配置安全策略,并将其传输到安全隔离器,可以实时监控网络状态和PROFINET关键数据,阻断异常畸形报文,同时可以防止未授权设备的非法访问。针对以上情形产生的报警信息,将被实时发送到配置管理平台并进行报警显示。经测试表明,工业网络安全隔离器对正常工业控制网络无影响。配置策略可有效保护关键设备,从而保护工业控制网络的安全。With the in-depth development of intelligent manufacturing technology,the security problem industrial control network is becoming more and more prominent. Based on the technologies of industrial communication network diagnosis,isolation,and security protection,with the most widely used PROFINET industrial Ethernet as the research object,the dedicated industrial network security isolator is designed based on PROFIBUS. Security isolator is mostly acting inside the industrial network,and offers generic industrial network layer firewall function. PROFINET communication protocol is deeply analyzed,and message types and key data are diagnosed and recognized. Through configuring the safety strategy on the configuration management platform,and transmitting the safety strategy to security isolator,network status and the critical data of PROFINET can be monitored in real-time,while the abnormal and malformed messages can be blocked,and the illegal access from unauthorized devices can also be prevented. The alarm information generated from above situation is sent to the configuration management platform in real time for alarm display. Tested,the industrial network security isolator has no influence on the normal industrial control network,and the key devices can be effectively protected by configuration strategy,thus the security of industrial control network can be protected.

关 键 词：工业控制网络 PROFINET 通信协议 网络层防火墙 安全隔离器 

分 类 号：TH-705[机械工程] TP39[自动化与计算机技术—计算机应用技术]