The solution is to utilise a DeMilitarised Zone (DMZ)
firewall configuration, which makes use of two firewalls placed
in series between the two networks. Any equipment that
requires communication with both the business and industrial
networks is placed between the two firewalls, within the DMZ.
Each firewall can then be configured to allow the required level
of interaction into the DMZ, but blocking any communication
attempts from the business network directly to the industrial
network and vice versa. An example of this implementation
is shown in Figure 6. This configuration is not foolproof, as
the servers located in the DMZ may still allow an intruder
access to the industrial network if they are compromised.
However, it is easier to make sure that the DMZ servers are
sufficiently impervious to attack so as not to be compromised
than it is to ensure the same level security across the whole
of the process and business networks. Physical access to the
industrial network should also not be overlooked - network
equipment, computers and controllers should be housed in
areas with limited physical access for approved personnel only.