SCADA systemsdevops~30 mins

Firewall and DMZ for SCADA in SCADA systems - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Firewall and DMZ for SCADA

📖 Scenario: You are working in a SCADA (Supervisory Control and Data Acquisition) environment that controls critical infrastructure. To protect the SCADA network from external threats, you need to set up a firewall and a DMZ (Demilitarized Zone). The DMZ will host servers that communicate with both the external network and the SCADA network, acting as a buffer zone.This project will guide you through creating a simple firewall rule set and defining the DMZ network segment in a configuration file format used by SCADA network devices.

🎯 Goal: Build a basic firewall configuration that defines the SCADA network, the DMZ network, and firewall rules to allow only specific traffic between them and the external network.

📋 What You'll Learn

Create a dictionary called networks with exact IP ranges for SCADA and DMZ

Add a variable called allowed_services listing the service ports allowed through the firewall

Create a list called firewall_rules that applies rules for traffic between networks using the allowed services

Print the firewall_rules list to show the final configuration

💡 Why This Matters

🌍 Real World

SCADA systems control critical infrastructure like power plants and water treatment. Protecting these systems with firewalls and DMZs helps prevent cyber attacks that could disrupt essential services.

💼 Career

Network and security engineers working with industrial control systems need to configure firewalls and DMZs to secure SCADA networks from unauthorized access.

Progress0 / 4 steps

Define SCADA and DMZ network IP ranges

Create a dictionary called networks with these exact entries: 'SCADA': '192.168.10.0/24' and 'DMZ': '192.168.20.0/24'.

SCADA systems

# Create the networks dictionary with SCADA and DMZ IP ranges
# Your code here

Need a hint?

Use a Python dictionary with keys 'SCADA' and 'DMZ' and assign the exact IP ranges as strings.

List allowed service ports for firewall

Create a list called allowed_services with these exact port numbers as integers: 502 (Modbus), 80 (HTTP), and 443 (HTTPS).

SCADA systems

networks = {
    'SCADA': '192.168.10.0/24',
    'DMZ': '192.168.20.0/24'
}
# Create the allowed_services list with ports 502, 80, and 443
# Your code here

Need a hint?

Use a Python list with the exact port numbers as integers.

Create firewall rules for SCADA and DMZ traffic

Create a list called firewall_rules that contains strings. Each string should be a rule allowing traffic from networks['DMZ'] to networks['SCADA'] on each port in allowed_services. Use a for loop with variables port to generate rules in the format: 'allow DMZ to SCADA on port {port}'.

SCADA systems

networks = {
    'SCADA': '192.168.10.0/24',
    'DMZ': '192.168.20.0/24'
}

allowed_services = [502, 80, 443]

# Create firewall_rules list with rules allowing DMZ to SCADA traffic on allowed_services ports
# Your code here

Need a hint?

Use a for loop over allowed_services and append formatted strings to firewall_rules.

Display the firewall rules

Write a print statement to display the firewall_rules list.

SCADA systems

networks = {
    'SCADA': '192.168.10.0/24',
    'DMZ': '192.168.20.0/24'
}

allowed_services = [502, 80, 443]

firewall_rules = []
for port in allowed_services:
    firewall_rules.append(f'allow DMZ to SCADA on port {port}')

# Print the firewall_rules list
# Your code here

Need a hint?

Use print(firewall_rules) to show the list of rules.