Advances in computing technology allow businesses to operate more efficiently when compared to substantially similar businesses only a few years ago. For example, internal networking enables company employees to communicate instantaneously by email, quickly transfer data files to other employees, manipulate data files, share data relevant to a project to reduce duplications in work product, etc. Technological advancements have also enabled factory applications to become partially or completely automated. For example, operations that once required workers to put themselves proximate to heavy machinery and other hazardous conditions can now be completed at a safe distance.
Firewalls are security devices that protect networks from unauthorized access and/or malicious attacks from sources external to the network. Such unauthorized access may be to obtain sensitive information, disrupt the function of a network, or simply accidental and/or unintended access. A traditional firewall divides a network into at least two portions, an internal portion, which is behind the firewall, and an external portion, which is outside the firewall. To protect against unauthorized access, firewalls can inspect various parameters of a data communication(s) and make a determination whether such data communication(s) should be transmitted to the intended destination or whether they should be blocked, dropped or rerouted. However, it is not often apparent where to place such a security device within a network.
Security products, such as firewalls can be configured by providing a rule or set of rules defining what traffic may or may not pass through the firewall. Rules allow or deny specific sources, destination network addresses, ports, and the like to communicate with a device on the other side of the firewall. For an industrial firewall, the rules can be expanded to include industrial protocols (e.g., Common Industrial Protocol (CIP)), routing paths, services, individual objects, attributes, tags, etc. The list of rules can often be large, unwieldy, and difficult to define manually, and at times can be difficult for the user to describe in a manner the firewall protocol understands. If security is not easy to configure, it might not be used or might be set up incorrectly. In addition, after a system change, reconfiguring distributed firewalls can be difficult and, thus, a user may not reconfigure the firewall, leaving the system open to unauthorized access.
Intrusion detection and prevention is another security product that can be utilized to detect unwanted or unexpected traffic. Although intrusion detection devices cannot block traffic, they can detect abnormal traffic and generate an alarm or other notification means. However, intrusion detection and prevention devices are generally not easy to configure nor it is easy to determine where to place such devices in a new and/or existing system.
To overcome the aforementioned as well as other deficiencies what is needed is a technique for rules and/or policies for firewall devices, intrusion detection/prevention devices, and the like to be automatically created and managed. The technique should allow for selective placement of the various devices based on analysis of the entire system that can automatically determine the appropriate location or evaluate a chosen location based on various criteria regarding the devices and/or traffic patterns. A mechanism for acquiring industrial protocol communication information from distributed sources and integrating that information with a single, central system management tool is also needed.