EasyManua.ls Logo

Allen-Bradley Stratix 5950 - Logical Framework; Network Protection

Allen-Bradley Stratix 5950
130 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Rockwell Automation Publication 1783-UM010C-EN-P - June 2019 23
Industrial Firewall Use Cases Chapter 2
Logical Framework
Figure 6 provides a logical overview of the industrial firewall (IFW). The IFW
has two components:
Adaptive Security Appliance (ASA)
•FirePOWER module
The ASA provides the firewall functionality, which can allow or deny traffic
based on configured rules. The FirePOWER module performs
application-specific protocol analysis for deep packet inspection (DPI). The
IFW can be managed through either a local Adaptive Security Device Manager
(ASDM) or through a centralized management server.
Figure 6 - Logical Framework
Network Protection
(Adaptive Security
Appliance)
Firewalls are traditionally used to separate networks with different security
requirements, such as the Enterprise zone and the Industrial Zone. One of the
primary functions of a firewall is to help prevent unauthorized traffic from
entering or exiting the network. To support this key functionality, firewalls are
typically placed at the entrance or exit points of the network. Firewalls are
known as ‘boundary’ or ‘edge’ security appliances because they define the
boundary or the edge of a security zone.
Figure 7
shows a high-level view of how a network can be segmented into
security zones using firewalls.
Organizations have used firewalls as a means to control ingress and egress
traffic from external untrusted networks to internal networks or systems. For
example, organizations use firewalls to construct a demilitarized zone (DMZ)
to provide ingress and egress traffic inspection. Firewalls are placed at the edge
of a security zone and provide protection for Enterprise servers that
communicate with the Internet.
Firewalls have also been placed between internal networks where security
requirements are different between security zones. For example, the Enterprise
Zone is oftentimes within another security zone than the Industrial Zone. It is
a recommended practice to architect an industrial demilitarized zone (IDMZ)
between these two security zones. The IDMZ is implemented using firewalls
to define the security boundaries between the Enterprise and Industrial
security zones.

Table of Contents