Can F5 solve SCADA issues?

Question

What protection for SCADA systems (MODBUS TCP) can the F5 provide. As these protocols appear very simple and easy to hack with even possible consequences in the physical world, it seems the ideal place for F5 ASM to slot in.

samstep · Answer

F5 ASM is Web Application Firewall protecting as the name implies Web applications using HTTP protocol. MODBUS/TCP is a serial protocol and is not HTTP. It is however possible to provide a level of protection using F5 LTM as a reverse proxy and iRules, Marc Chisinevski from F5 last year demonstrated some use cases that he implemented using iRules:
Protocol validation; Modbus TCP packets that are of wrong size or length
Potential DoS attacks - Traffic from a server to many slaves
Traffic on TCP port 502 that is not Modbus
Function and configuration scans
Function codes putting slave devices into listen-only mode
Function codes that modify diagnostic information
Function codes that cause the unit to shutdown, requiring someone physically at the site to restart the device
Exception PDUs

Ref: https://www.linkedin.com/pulse/security-use-cases-modbustcp-marc-chisinevski-cissp/

Forum Discussion

Can F5 solve SCADA issues?

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Solving for true-source IP with global load balancers in Google Cloud

Lightboard Lessons: Solving Visibility Issues with F5 Beacon

Lightboard Lessons: Solving The Problem Of TLS Visibility

Can you solve the #F5CipherChallenge at Black Hat 2019?

Regex issue

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS