What is the function of a Modbus firewall?

What is MODBUS?

The Modbus communications protocol is the industry’s forefather in networking. Modbus has withstood the test of time and is still utilised in a variety of applications such as industrial automation, process control, building automation, transportation, energy, and remote monitoring.

Almost every type of sensor and controller device, including programmable logic controllers (PLCs), process controllers, process instruments, process sensors, PID controllers, motor drives, energy metres, Supervisory Control and Data Acquisition (SCADA) systems, programmable automation controllers (PACs), discrete sensors, valves, and many other embedded devices, incorporate Modbus networking.

Modbus, in its most basic form, is a means for sending data across serial lines between electronic equipment. Originally designed to connect programmable logic controllers (PLCs) and computers, it has evolved into a de facto standard communication protocol for connecting a wide range of industrial electronic devices.

Modbus is an exceptionally compact and adaptable protocol that has proven to be useful in a wide range of applications and media. It is widely used for distant applications that communicate via nearly any medium, such as landline and cellular telephones, licenced and unlicensed radios, and satellites.

Modbus TCP Firewall

Modbus TCP Firewall (HMTF) and Modbus Read-Only Firewall (HMRF) are industrial control security appliances. When used between a DCS system and MODBUS/TCP devices, these devices protect the DCS system. While permitting SCADA communication through Modbus/TCP, the firewalls provide extensive displays and alarms in Station. Modbus/TCP communication through Honeywell Peer Control Data Interface is now supported by the firewalls (PCDI). Throughout this work, the terms “Modbus TCP Firewall” and variations refer to both the HMTF and the HMRF. Where applicable, any differences in behaviour or operation between the two devices are carefully acknowledged.

Why ModBus firewall is important in cyber security?

Modbus TCP Firewalls are preconfigured to restrict unwanted traffic on both secured and unsecured ports. The HMTF permits MODBUS/TCP traffic on TCP Port 502, which is the only port available for system connections. On TCP Port 502, the HMRF only enables read-only MODBUS/TCP transmission. The HMRF blocks all Modbus write function codes. They also ensure that only MODBUS Master Command traffic is allowed from the system and that any unwanted traffic from MODBUS devices is blocked. Furthermore, the Modbus TCP Firewall only accepts Ethernet management traffic that is required to maintain the network operating, and it restricts such traffic to 1mbit per second.