Forum Discussion

EricWH_313090's avatar
EricWH_313090
Icon for Nimbostratus rankNimbostratus
Feb 01, 2018

Can F5 solve SCADA issues?

What protection for SCADA systems (MODBUS TCP) can the F5 provide. As these protocols appear very simple and easy to hack with even possible consequences in the physical world, it seems the ideal place for F5 ASM to slot in.

 

1 Reply

  • F5 ASM is Web Application Firewall protecting as the name implies Web applications using HTTP protocol. MODBUS/TCP is a serial protocol and is not HTTP. It is however possible to provide a level of protection using F5 LTM as a reverse proxy and iRules, Marc Chisinevski from F5 last year demonstrated some use cases that he implemented using iRules:

    Protocol validation; Modbus TCP packets that are of wrong size or length
    Potential DoS attacks - Traffic from a server to many slaves
    Traffic on TCP port 502 that is not Modbus
    Function and configuration scans
    Function codes putting slave devices into listen-only mode
    Function codes that modify diagnostic information
    Function codes that cause the unit to shutdown, requiring someone physically at the site to restart the device
    Exception PDUs
    

    Ref: https://www.linkedin.com/pulse/security-use-cases-modbustcp-marc-chisinevski-cissp/