Industrial grade firewall is deployed to implement access control and segregate the network between the interconnected boundaries (A, B network) of signal systems and other systems (e.g. PIS systems and integrated monitoring systems).
The access control policies are set up by the perimeter firewall to enable access control of communication between signal systems and other systems, allowing only specific data transmissions and prohibiting non-essential network traffic.
The access control can be implemented based on traditional source IP address, destination IP address, protocol number, source port, destination port, assets, time, and other parameters.
The Modbus protocol communications between the signal system and other business systems are filtered at the commands level.
An intrusion detection system is used to monitor traffic on the backbone ring switch and analyze the application layer protocol in-depth and comparing it with the rule and policy to detect & alert possible intrusions and alert to achieve intrusion detection and business operation anomaly analysis.
The security audit of the signal system is performed by deploying a database auditing system, an operation and maintenance auditing system, and a log auditing system (included in the security management platform).
The database auditing system performs network auditing on the central database. The auditing contents include the login of the database user and the addition, deletion, modification, and checking of the database.
The operation and maintenance audit system audits the maintenance operations of the maintenance workstation. The audit content includes the remote operation of the maintenance workstation to the network equipment, the ATS server, and the ATC maintenance machine, and can be operated and played back.
（4）Terminal Security Management
Each workstation of the signal system is protected by installing host security software.
The protection includes security baseline management, network ACL control, peripheral control, thumb drives control, illegal outbound blocking, virus killing, and so on.
Unified management of all workstations to have an overview of security posture and centralized configuration to enforce security policies.
（5）Centralized Security Management
The security management platform can monitor the status, resource monitoring, automatically generate asset lists, realize asset management, dynamically creates network topology, realize network-wide device performance monitoring, log management, etc. for all workstations, hosts, server hosts, network equipment, security equipment, etc.
The signal system needs to ensure the lowest possible latency and protection systems designed with passive monitoring is preferred. For example, establish a system consisting of IDS & FW for various control appliances to ensure the high security of the entire operations and network.
Establish security maintenance management to perform threat detection, security early warning, security reinforcement, security audit, emergency response, etc., during and after security incidents to ensure the continuous security of the signal system, and continue to defend according to demand.