SlideShare a Scribd company logo

ICS_protocols_Cheat_Sheet_1749276661.pdf

N
ndeyeadamadrame

Protocoles de sécurités utilisés en Cybersécurité industrielle

Engineering
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Cheat Sheet Communication Protocols in Industrial Control System (ICS) Ver 2.0
2 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Content 1. Common ICS Protocols 3-6 2. Wireless Protocols used in ICS 7 3. Vendor Specific Protocols 8 4. Data Historian Specific Protocols 9 5. IT Protocols used in ICS 10-12 6. Database Protocols used in ICS 13
3 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Common ICS Protocols Protocol Description Serial/Ethernet Port Number Security Features IEC 60870-5-101 Used for communication between electrical power systems and devices for telecontrol and tele- protection. Serial NA (RS-232, RS- 485, RS-422) Limited security features, encryption not standard IEC 60870-5-104 Used for communication between electrical power systems and devices for telecontrol and tele- protection. Ethernet (TCP) 2404 Supports encryption and authentication IEC 61850 Used for communication between intelligent electronic devices (IEDs) in electrical power systems. Ethernet (TCP) 102 Supports encryption and authentication OPC (OLE for Process Control) Protocol used for communication between industrial automation systems and enterprise systems. Ethernet (TCP) 135 (Uses DCP/RCE in Microsoft) Supports DCOM and encryption mechanisms CC-Link IE Protocol used for communication between industrial devices and enterprise networks, primarily used by Mitsubishi Electric. Ethernet (UDP) Various Uses token-passing which can include security features ModbusTCP Protocol used for communication between Modbus devices over TCP/IP networks. Ethernet (TCP) 502 Supports encryption and authentication LonWorks Used for communication between building automation systems and devices. Serial and Ethernet (TCP/UDP) 1628 (for TCP/UDP) Limited security features, encryption not standard
4 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ MQTT Used for communication between IoT devices and enterprise systems. Lightweight messaging protocol for Internet of Things (IoT) devices. Ethernet (TCP) 1883 (non- encrypted), 8883 (TLS encrypted) Supports TLS encryption ControlNet Used for communication between industrial control devices, including programmable logic controllers (PLCs), primarily used by Rockwell Automation. Ethernet 2222 Supports encryption and authentication KNX Used for communication between building automation systems and devices. Serial, Ethernet (TCP/UDP) 3671 (UDP) Supports encryption and authentication EtherCAT Real-time Industrial Ethernet protocol used for communication between industrial automation systems and devices, primarily used by Beckhoff Automation. Ethernet 34962 Supports encryption and authentication CIP (Common Industrial Protocol) Application layer protocol for industrial automation devices, used for communication between industrial automation systems and devices, primarily used by Rockwell Automation. Ethernet (TCP/UDP) 44818 (Various others as well) Supports encryption and authentication EIP (Ethernet/IP) Protocol used for communication between industrial automation systems and devices, primarily used by Rockwell Automation. Ethernet (TCP/UDP) 44818 (TCP), 2222 (UDP) Supports encryption and authentication BACnet/IP Protocol used for communication between building automation systems and devices over IP networks. Ethernet (UDP) 47808 Supports encryption and authentication ADS Communication protocol for TwinCAT automation software used for communication between industrial automation systems and devices, primarily used by Beckhoff Automation. Ethernet (TCP/UDP) 48899 (TCP/UDP) Supports encryption and authentication Foundation Fieldbus Digital communication protocol for process automation used for communication between industrial automation systems and field devices. Serialbus NA Limited security features, encryption not standard
5 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ PROFIBUS Protocol used for communication between industrial automation systems and field devices, primarily used by Siemens. Serial NA Limited security features, encryption not standard DNP3 Communication protocol for SCADA systems used for communication between various types of data acquisition and control equipment in Electrical Systems. Serial and Ethernet (TCP/UDP) 20000-20002 Supports encryption and authentication CODESYS Protocol used for communication between industrial automation systems and devices, primarily used by 3S-Smart Software Solutions. Ethernet (TCP/UDP) 2455, 2456 1217 (TCP/UDP) Supports encryption and authentication Profinet Protocol used for communication between industrial automation systems and field devices, primarily used by Siemens. Has 3 different modes: TCP/IP with latency >10ms, Realtime (RT) with latency 1-10ms, and IRT with Latency <1ms. Ethernet 34962 , 34963 (UDP), 34964 (TCP) Supports encryption and authentication CAN bus Communication protocol for microcontroller-based systems in automotive and industrial applications. Serial NA (non IP-based) Limited security features, encryption not standard HART Protocol used for communication between smart instruments and control systems. Serial NA (non IP-based) Limited security features, encryption not standard J1939 Protocol used in heavy-duty vehicles for communication between microcontrollers. Serial N/A (non IP- based) Limited security features, encryption not standard Meter-Bus Protocol used for communication between utility meters and data collection devices. Serial and Ethernet (TCP) 10001 (TCP) Limited security features, encryption not standard NMEA Communication protocol for marine electronics, such as GPS devices. Serial N/A (non IP- based) Limited security features, encryption not standard MDLC Developed by Motorola, MDLC (Motorola Data Link Communication) is designed for use in industrial automation and SCADA systems. Supports Serial and Ethernet Various Supports encryption (AES256 and previously
6 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ communication between different devices and supports various transport layers and application profiles. TEA), authentication, and secure communication. ISO-TSAP (Transport Service Access Point) A protocol used for communication between systems using the OSI model. ISO-TSAP provides a layer of abstraction between the application layer and the lower layers, allowing different application- layer protocols to be used with different lower-layer protocols. ISO-TSAP is used as the transport layer for S7Comm and ICCP. Ethernet (TCP) TCP: 102, 104 Supports encryption and authentication S7Comm Communication protocol for Siemens S7 PLCs (Programmable Logic Controllers) based on ISO- TSAP. Ethernet 102 (TCP), 161 (UDP) Supports encryption and authentication ICCP (Inter- Control Center Communications Protocol) A protocol used for communication between control centers in electrical power grids. ICCP is based on the OSI model and includes multiple layers, including a transport layer based on TCP or TP4. Ethernet 102, 410 (TCP) Supports encryption and authentication OPC (OLE for Process Control) A set of standards for communication between devices in industrial automation systems, such as sensors, PLCs, and human-machine interfaces. OPC includes multiple protocols, including OPC DA (Data Access), OPC AE (Alarms and Events), and OPC UA (Unified Architecture). OPC UA is the latest and most secure version, supporting encryption and authentication. OPC uses various transport protocols, including ISO-TSAP, TCP, and HTTP. Ethernet (TCP) OPC DA: 135, 137, 138, 139, 445, 4840-4843; OPC AE: 135, 137, 138, 139, 445; OPC UA: 4840-4843 (TCP) Supports encryption and authentication
7 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Wireless Protocols Protocol Description Security Features Notes Zigbee Wireless protocol for low-power, low-data-rate communication used in industrial and home automation. AES-128 encryption, secure key establishment Commonly used in smart homes and industrial sensor networks. WirelessHART Wireless protocol based on HART for communication between field devices and control systems. AES-128 encryption, network security, device authentication Provides secure and reliable communication for industrial applications. ISA100.11a Wireless protocol for industrial automation, designed for process automation applications. AES-128 encryption, supports multiple security levels Designed for industrial environments with high reliability and security. Wi-Fi Wireless networking protocol commonly used for general- purpose wireless communication. WPA3, WPA2, WPA, WEP (various encryption and authentication mechanisms) Widely used in industrial and commercial environments for wireless connectivity.
8 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Vendor Specific Protocols Protocol Vendor Description Serial/Ethernet Port Number/s ADS Beckhoff Automation Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 48899 (TCP/UDP) CC-Link IE Mitsubishi Electric Protocol used for communication between industrial devices and enterprise networks. Ethernet (UDP) 304 CIP Rockwell Automation Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 44818 (Various others as well) CODESYS 3S-Smart Software Solutions Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 2455, 2456, 1217 (TCP/UDP) ControlNet Rockwell Automation Protocol used for communication between industrial control devices, including programmable logic controllers (PLCs). Ethernet 2222 EtherCAT Beckhoff Automation Protocol used for communication between industrial automation systems and devices. Ethernet 34962 EtherNet/IP Rockwell Automation Protocol used for communication between industrial devices and enterprise networks. Ethernet (TCP/UDP) 44818 (TCP), 2222 (UDP) PROFIBUS Siemens Protocol used for communication between industrial automation systems and field devices. Serial 102, 161 Profinet Siemens Protocol used for communication between industrial automation systems and field devices. Ethernet 34962, 34963 (UDP), 34964 (TCP)
9 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Data Historian Specific Protocols Protocol Description Port Number Security Features OPC Commonly used in industrial automation to allow devices and systems to communicate with each other using a standard interface. TCP 135 and dynamic ports Supports various security features including encryption, authentication, and secure communication SQL Standard language used to manage relational databases, commonly used in data historians to query and store historical data. TCP 1433 or other port configured by the SQL server Supports encryption (SSL/TLS), authentication, and access control ODBC Standard interface used to access various types of databases, including SQL-based databases. N/A (uses TCP/IP and dynamic ports) Supports encryption and authentication depending on the database and driver used JDBC Java-based interface used to access various types of databases, including SQL-based databases. N/A (uses TCP/IP and dynamic ports) Supports encryption and authentication depending on the database and driver used Modbus Serial communications protocol commonly used in industrial automation and data acquisition systems to transmit signals from instrumentation and control devices. TCP 502 or other port configured by the Modbus server Limited security features; Modbus Secure (with TLS) is available for enhanced security DNP3 Protocol used in the utility industry to communicate between different types of equipment, including data historians. TCP 20000 or other port configured by the DNP3 server Supports encryption and authentication
10 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ IT Protocols used in ICS Protocol Short Description Port Number Security Feature DHCP Dynamic Host Configuration Protocol - Used to assign IP addresses and other network configuration information to devices on a network. UDP 67, 68 Limited security features; DHCP snooping and IP source guard can be used for additional security Reference DNS Translates domain names to IP addresses 53 DNSSEC provides authentication and integrity Reference FTP File transfer protocol 21 Limited security features; FTPS and SFTP provide secure alternatives Reference HTTP Web browsing protocol 80 Limited security features; HTTPS provides a secure alternative Reference HTTPS Secure web browsing protocol 443 SSL/TLS encryption provides security Reference ICMP Diagnostic protocol, also known as ping N/A Limited security features; can be used for network diagnostics Reference IEEE 1588 Precise time synchronization protocol used in industrial automation systems and process control N/A (not IP- based) Limited security features Reference IMAP Receives email over the network 143 Supports encryption (SSL/TLS) and authentication Reference JDBC Protocol used for accessing databases, similar to ODBC but for Java-based applications N/A Depends on the database and driver used Reference Kerberos Secure authentication protocol 88 Provides strong authentication using secret-key cryptography Reference
11 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ LDAP Accesses and maintains distributed directory information services 389 Supports encryption (SSL/TLS) and authentication Reference LLDP Link Layer Discovery Protocol - Used to advertise and discover network devices and their capabilities. Ethernet Limited security features; LLDP-MED provides additional security Reference LLMNR Link-Local Multicast Name Resolution - Used for name resolution on local networks when DNS is not available. UDP 5355 Limited security features; can be used for local name resolution Reference NTP Synchronizes clocks between devices 123 Limited security features; NTS provides secure alternatives Reference ODBC Protocol used for accessing databases N/A Depends on the database and driver used Reference OPC UA Protocol used for communication between industrial automation systems and enterprise systems, including for data acquisition and database synchronization 4840 Supports encryption and authentication Reference POP3 Receives email over the network 110 Supports encryption (SSL/TLS) and authentication Reference PTP Precise time synchronization protocol used in industrial automation systems and process control N/A (not IP- based) Limited security features Reference RDP Remote desktop access protocol 3389 Supports encryption and authentication Reference SFTP Secure file transfer protocol 22 Supports encryption and authentication Reference SMB File and printer sharing protocol 139, 445 Supports encryption and authentication Reference SMTP Sends email over the network 25 Supports encryption (SSL/TLS) and authentication Reference
12 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ SNMP Simple Network Management Protocol - Used to manage and monitor network devices, including routers, switches, and servers. UDP 161, 162 Supports authentication and limited encryption Reference SNTP Protocol used for time synchronization in networked environments 123 Limited security features; NTS provides secure alternatives Reference SSH Secure remote access protocol 22 Supports encryption and authentication Reference SSL/TLS Secure communication protocol used for encrypting data transmitted via HTTP, SMTP, FTP, and other protocols N/A Provides encryption and authentication Reference TCP/IP Network communication protocol N/A Depends on the specific application protocol used over TCP/IP Reference
13 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Database Protocols used in ICS Database Protocol Description Default Port Security Features Microsoft SQL Server A relational database management system developed by Microsoft. 1433 Supports encryption (SSL/TLS), authentication, and access control Reference Oracle Database A multi-model database management system produced and marketed by Oracle Corporation. 1521 Supports encryption (SSL/TLS), authentication, and advanced security features Reference MySQL An open-source relational database management system. 3306 Supports encryption (SSL/TLS) and authentication Reference PostgreSQL An open-source relational database management system emphasizing extensibility and SQL compliance. 5432 Supports encryption (SSL/TLS), authentication, and access control Reference Redis An open-source, in-memory data structure store used as a database, cache, and message broker. 6379 Supports encryption (SSL/TLS) and authentication Reference Cassandra A free and open-source, distributed, wide column store, NoSQL database management system. 9042 Supports encryption (SSL/TLS) and authentication Reference

More Related Content

PPTX
cs presentation
visheshmalviya1
 
PDF
Aw 10 wireless
ISA Interchange
 
PPTX
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
PPTX
Unit 4
Mayura shelke
 
PPTX
Introduction to Building Communication Protocols
Mahmoud Ahmed
 
PDF
Kordik fundamental guidtoindustrialnetworking -v_imp
amsubramanyam
 
PDF
Automation and Robotics 20ME51I_Week_3_Practicals.pdf
Gandhibabu8
 
PDF
CISSP Week 6
jemtallon
 
cs presentation
visheshmalviya1
 
Aw 10 wireless
ISA Interchange
 
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Unit 4
Mayura shelke
 
Introduction to Building Communication Protocols
Mahmoud Ahmed
 
Kordik fundamental guidtoindustrialnetworking -v_imp
amsubramanyam
 
Automation and Robotics 20ME51I_Week_3_Practicals.pdf
Gandhibabu8
 
CISSP Week 6
jemtallon
 

Similar to ICS_protocols_Cheat_Sheet_1749276661.pdf (20)

PDF
Cybersecurity Of Industrial Systems Jeanmarie Flaus
yhidljmc7650
 
PDF
BruCON 2015 - Pentesting ICS 101
Wavestone
 
PPTX
BACnet at Cornell: 20+ Years of Lessons Learned
Cimetrics Inc
 
ODP
Networking- OSI Layer Protocol Functions
Gayathri Kesavan
 
PDF
Industrial Automation -EEE-Notesssa_scada_communications_protocols.pdf
preetibhagat18
 
PDF
You're not in kansas anymore - the strange physical world of industrial ether...
Mike Nager
 
DOCX
Industrial communication protocol.docx Ethernet ,Can comm,Profinet,
zzrana6666
 
PDF
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
sequi_inc
 
DOC
Scada protocols-and-communications-trends
Sandip Roy
 
PPT
Zigbee intro v5
rajrayala
 
PDF
Defcon 2011 - Penetration Testing Over Powerlines
Michael Smith
 
PPTX
Final_IoT_Protocol Stack.pptx
jainam bhavsar
 
PDF
Industrial communication protocol
ASWATHYSURESH18
 
PPTX
wireandwireless comunication in IOT devices.pptx
SofiMusic
 
PPTX
Wireless protocols in embedded systems arch
FarahMafat1
 
PPTX
IEEE Conference - Industrial Ethernet
Mike Nager
 
PDF
Security And Privacy Issues Of Iots
Samantha Randall
 
PPTX
Webinar: Comunicação TCP/IP segura
Embarcados
 
PDF
Dash7 alliance protocol - where rfid meets wsn
Maarten Weyn
 
PPT
Bringing IT to the factory floor.ppt
Jeffrey Lam
 
Cybersecurity Of Industrial Systems Jeanmarie Flaus
yhidljmc7650
 
BruCON 2015 - Pentesting ICS 101
Wavestone
 
BACnet at Cornell: 20+ Years of Lessons Learned
Cimetrics Inc
 
Networking- OSI Layer Protocol Functions
Gayathri Kesavan
 
Industrial Automation -EEE-Notesssa_scada_communications_protocols.pdf
preetibhagat18
 
You're not in kansas anymore - the strange physical world of industrial ether...
Mike Nager
 
Industrial communication protocol.docx Ethernet ,Can comm,Profinet,
zzrana6666
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
sequi_inc
 
Scada protocols-and-communications-trends
Sandip Roy
 
Zigbee intro v5
rajrayala
 
Defcon 2011 - Penetration Testing Over Powerlines
Michael Smith
 
Final_IoT_Protocol Stack.pptx
jainam bhavsar
 
Industrial communication protocol
ASWATHYSURESH18
 
wireandwireless comunication in IOT devices.pptx
SofiMusic
 
Wireless protocols in embedded systems arch
FarahMafat1
 
IEEE Conference - Industrial Ethernet
Mike Nager
 
Security And Privacy Issues Of Iots
Samantha Randall
 
Webinar: Comunicação TCP/IP segura
Embarcados
 
Dash7 alliance protocol - where rfid meets wsn
Maarten Weyn
 
Bringing IT to the factory floor.ppt
Jeffrey Lam
 
Ad

Recently uploaded (20)

PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Sustainable Sites - Green Building Construction
mhdumerali
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Well-logging-methods_new................
ZafriFarid
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Welding lecture in detail for understanding
sahilpoonia10
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Project quality management in manufacturing
BarMusaTetik
 
Ad

ICS_protocols_Cheat_Sheet_1749276661.pdf

  • 2. 2 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Content 1. Common ICS Protocols 3-6 2. Wireless Protocols used in ICS 7 3. Vendor Specific Protocols 8 4. Data Historian Specific Protocols 9 5. IT Protocols used in ICS 10-12 6. Database Protocols used in ICS 13
  • 3. 3 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Common ICS Protocols Protocol Description Serial/Ethernet Port Number Security Features IEC 60870-5-101 Used for communication between electrical power systems and devices for telecontrol and tele- protection. Serial NA (RS-232, RS- 485, RS-422) Limited security features, encryption not standard IEC 60870-5-104 Used for communication between electrical power systems and devices for telecontrol and tele- protection. Ethernet (TCP) 2404 Supports encryption and authentication IEC 61850 Used for communication between intelligent electronic devices (IEDs) in electrical power systems. Ethernet (TCP) 102 Supports encryption and authentication OPC (OLE for Process Control) Protocol used for communication between industrial automation systems and enterprise systems. Ethernet (TCP) 135 (Uses DCP/RCE in Microsoft) Supports DCOM and encryption mechanisms CC-Link IE Protocol used for communication between industrial devices and enterprise networks, primarily used by Mitsubishi Electric. Ethernet (UDP) Various Uses token-passing which can include security features ModbusTCP Protocol used for communication between Modbus devices over TCP/IP networks. Ethernet (TCP) 502 Supports encryption and authentication LonWorks Used for communication between building automation systems and devices. Serial and Ethernet (TCP/UDP) 1628 (for TCP/UDP) Limited security features, encryption not standard
  • 4. 4 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ MQTT Used for communication between IoT devices and enterprise systems. Lightweight messaging protocol for Internet of Things (IoT) devices. Ethernet (TCP) 1883 (non- encrypted), 8883 (TLS encrypted) Supports TLS encryption ControlNet Used for communication between industrial control devices, including programmable logic controllers (PLCs), primarily used by Rockwell Automation. Ethernet 2222 Supports encryption and authentication KNX Used for communication between building automation systems and devices. Serial, Ethernet (TCP/UDP) 3671 (UDP) Supports encryption and authentication EtherCAT Real-time Industrial Ethernet protocol used for communication between industrial automation systems and devices, primarily used by Beckhoff Automation. Ethernet 34962 Supports encryption and authentication CIP (Common Industrial Protocol) Application layer protocol for industrial automation devices, used for communication between industrial automation systems and devices, primarily used by Rockwell Automation. Ethernet (TCP/UDP) 44818 (Various others as well) Supports encryption and authentication EIP (Ethernet/IP) Protocol used for communication between industrial automation systems and devices, primarily used by Rockwell Automation. Ethernet (TCP/UDP) 44818 (TCP), 2222 (UDP) Supports encryption and authentication BACnet/IP Protocol used for communication between building automation systems and devices over IP networks. Ethernet (UDP) 47808 Supports encryption and authentication ADS Communication protocol for TwinCAT automation software used for communication between industrial automation systems and devices, primarily used by Beckhoff Automation. Ethernet (TCP/UDP) 48899 (TCP/UDP) Supports encryption and authentication Foundation Fieldbus Digital communication protocol for process automation used for communication between industrial automation systems and field devices. Serialbus NA Limited security features, encryption not standard
  • 5. 5 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ PROFIBUS Protocol used for communication between industrial automation systems and field devices, primarily used by Siemens. Serial NA Limited security features, encryption not standard DNP3 Communication protocol for SCADA systems used for communication between various types of data acquisition and control equipment in Electrical Systems. Serial and Ethernet (TCP/UDP) 20000-20002 Supports encryption and authentication CODESYS Protocol used for communication between industrial automation systems and devices, primarily used by 3S-Smart Software Solutions. Ethernet (TCP/UDP) 2455, 2456 1217 (TCP/UDP) Supports encryption and authentication Profinet Protocol used for communication between industrial automation systems and field devices, primarily used by Siemens. Has 3 different modes: TCP/IP with latency >10ms, Realtime (RT) with latency 1-10ms, and IRT with Latency <1ms. Ethernet 34962 , 34963 (UDP), 34964 (TCP) Supports encryption and authentication CAN bus Communication protocol for microcontroller-based systems in automotive and industrial applications. Serial NA (non IP-based) Limited security features, encryption not standard HART Protocol used for communication between smart instruments and control systems. Serial NA (non IP-based) Limited security features, encryption not standard J1939 Protocol used in heavy-duty vehicles for communication between microcontrollers. Serial N/A (non IP- based) Limited security features, encryption not standard Meter-Bus Protocol used for communication between utility meters and data collection devices. Serial and Ethernet (TCP) 10001 (TCP) Limited security features, encryption not standard NMEA Communication protocol for marine electronics, such as GPS devices. Serial N/A (non IP- based) Limited security features, encryption not standard MDLC Developed by Motorola, MDLC (Motorola Data Link Communication) is designed for use in industrial automation and SCADA systems. Supports Serial and Ethernet Various Supports encryption (AES256 and previously
  • 6. 6 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ communication between different devices and supports various transport layers and application profiles. TEA), authentication, and secure communication. ISO-TSAP (Transport Service Access Point) A protocol used for communication between systems using the OSI model. ISO-TSAP provides a layer of abstraction between the application layer and the lower layers, allowing different application- layer protocols to be used with different lower-layer protocols. ISO-TSAP is used as the transport layer for S7Comm and ICCP. Ethernet (TCP) TCP: 102, 104 Supports encryption and authentication S7Comm Communication protocol for Siemens S7 PLCs (Programmable Logic Controllers) based on ISO- TSAP. Ethernet 102 (TCP), 161 (UDP) Supports encryption and authentication ICCP (Inter- Control Center Communications Protocol) A protocol used for communication between control centers in electrical power grids. ICCP is based on the OSI model and includes multiple layers, including a transport layer based on TCP or TP4. Ethernet 102, 410 (TCP) Supports encryption and authentication OPC (OLE for Process Control) A set of standards for communication between devices in industrial automation systems, such as sensors, PLCs, and human-machine interfaces. OPC includes multiple protocols, including OPC DA (Data Access), OPC AE (Alarms and Events), and OPC UA (Unified Architecture). OPC UA is the latest and most secure version, supporting encryption and authentication. OPC uses various transport protocols, including ISO-TSAP, TCP, and HTTP. Ethernet (TCP) OPC DA: 135, 137, 138, 139, 445, 4840-4843; OPC AE: 135, 137, 138, 139, 445; OPC UA: 4840-4843 (TCP) Supports encryption and authentication
  • 7. 7 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Wireless Protocols Protocol Description Security Features Notes Zigbee Wireless protocol for low-power, low-data-rate communication used in industrial and home automation. AES-128 encryption, secure key establishment Commonly used in smart homes and industrial sensor networks. WirelessHART Wireless protocol based on HART for communication between field devices and control systems. AES-128 encryption, network security, device authentication Provides secure and reliable communication for industrial applications. ISA100.11a Wireless protocol for industrial automation, designed for process automation applications. AES-128 encryption, supports multiple security levels Designed for industrial environments with high reliability and security. Wi-Fi Wireless networking protocol commonly used for general- purpose wireless communication. WPA3, WPA2, WPA, WEP (various encryption and authentication mechanisms) Widely used in industrial and commercial environments for wireless connectivity.
  • 8. 8 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Vendor Specific Protocols Protocol Vendor Description Serial/Ethernet Port Number/s ADS Beckhoff Automation Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 48899 (TCP/UDP) CC-Link IE Mitsubishi Electric Protocol used for communication between industrial devices and enterprise networks. Ethernet (UDP) 304 CIP Rockwell Automation Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 44818 (Various others as well) CODESYS 3S-Smart Software Solutions Protocol used for communication between industrial automation systems and devices. Ethernet (TCP/UDP) 2455, 2456, 1217 (TCP/UDP) ControlNet Rockwell Automation Protocol used for communication between industrial control devices, including programmable logic controllers (PLCs). Ethernet 2222 EtherCAT Beckhoff Automation Protocol used for communication between industrial automation systems and devices. Ethernet 34962 EtherNet/IP Rockwell Automation Protocol used for communication between industrial devices and enterprise networks. Ethernet (TCP/UDP) 44818 (TCP), 2222 (UDP) PROFIBUS Siemens Protocol used for communication between industrial automation systems and field devices. Serial 102, 161 Profinet Siemens Protocol used for communication between industrial automation systems and field devices. Ethernet 34962, 34963 (UDP), 34964 (TCP)
  • 9. 9 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Data Historian Specific Protocols Protocol Description Port Number Security Features OPC Commonly used in industrial automation to allow devices and systems to communicate with each other using a standard interface. TCP 135 and dynamic ports Supports various security features including encryption, authentication, and secure communication SQL Standard language used to manage relational databases, commonly used in data historians to query and store historical data. TCP 1433 or other port configured by the SQL server Supports encryption (SSL/TLS), authentication, and access control ODBC Standard interface used to access various types of databases, including SQL-based databases. N/A (uses TCP/IP and dynamic ports) Supports encryption and authentication depending on the database and driver used JDBC Java-based interface used to access various types of databases, including SQL-based databases. N/A (uses TCP/IP and dynamic ports) Supports encryption and authentication depending on the database and driver used Modbus Serial communications protocol commonly used in industrial automation and data acquisition systems to transmit signals from instrumentation and control devices. TCP 502 or other port configured by the Modbus server Limited security features; Modbus Secure (with TLS) is available for enhanced security DNP3 Protocol used in the utility industry to communicate between different types of equipment, including data historians. TCP 20000 or other port configured by the DNP3 server Supports encryption and authentication
  • 10. 10 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ IT Protocols used in ICS Protocol Short Description Port Number Security Feature DHCP Dynamic Host Configuration Protocol - Used to assign IP addresses and other network configuration information to devices on a network. UDP 67, 68 Limited security features; DHCP snooping and IP source guard can be used for additional security Reference DNS Translates domain names to IP addresses 53 DNSSEC provides authentication and integrity Reference FTP File transfer protocol 21 Limited security features; FTPS and SFTP provide secure alternatives Reference HTTP Web browsing protocol 80 Limited security features; HTTPS provides a secure alternative Reference HTTPS Secure web browsing protocol 443 SSL/TLS encryption provides security Reference ICMP Diagnostic protocol, also known as ping N/A Limited security features; can be used for network diagnostics Reference IEEE 1588 Precise time synchronization protocol used in industrial automation systems and process control N/A (not IP- based) Limited security features Reference IMAP Receives email over the network 143 Supports encryption (SSL/TLS) and authentication Reference JDBC Protocol used for accessing databases, similar to ODBC but for Java-based applications N/A Depends on the database and driver used Reference Kerberos Secure authentication protocol 88 Provides strong authentication using secret-key cryptography Reference
  • 11. 11 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ LDAP Accesses and maintains distributed directory information services 389 Supports encryption (SSL/TLS) and authentication Reference LLDP Link Layer Discovery Protocol - Used to advertise and discover network devices and their capabilities. Ethernet Limited security features; LLDP-MED provides additional security Reference LLMNR Link-Local Multicast Name Resolution - Used for name resolution on local networks when DNS is not available. UDP 5355 Limited security features; can be used for local name resolution Reference NTP Synchronizes clocks between devices 123 Limited security features; NTS provides secure alternatives Reference ODBC Protocol used for accessing databases N/A Depends on the database and driver used Reference OPC UA Protocol used for communication between industrial automation systems and enterprise systems, including for data acquisition and database synchronization 4840 Supports encryption and authentication Reference POP3 Receives email over the network 110 Supports encryption (SSL/TLS) and authentication Reference PTP Precise time synchronization protocol used in industrial automation systems and process control N/A (not IP- based) Limited security features Reference RDP Remote desktop access protocol 3389 Supports encryption and authentication Reference SFTP Secure file transfer protocol 22 Supports encryption and authentication Reference SMB File and printer sharing protocol 139, 445 Supports encryption and authentication Reference SMTP Sends email over the network 25 Supports encryption (SSL/TLS) and authentication Reference
  • 12. 12 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ SNMP Simple Network Management Protocol - Used to manage and monitor network devices, including routers, switches, and servers. UDP 161, 162 Supports authentication and limited encryption Reference SNTP Protocol used for time synchronization in networked environments 123 Limited security features; NTS provides secure alternatives Reference SSH Secure remote access protocol 22 Supports encryption and authentication Reference SSL/TLS Secure communication protocol used for encrypting data transmitted via HTTP, SMTP, FTP, and other protocols N/A Provides encryption and authentication Reference TCP/IP Network communication protocol N/A Depends on the specific application protocol used over TCP/IP Reference
  • 13. 13 Edited by Shiv Kataria https://www.linkedin.com/in/shivkataria/ Database Protocols used in ICS Database Protocol Description Default Port Security Features Microsoft SQL Server A relational database management system developed by Microsoft. 1433 Supports encryption (SSL/TLS), authentication, and access control Reference Oracle Database A multi-model database management system produced and marketed by Oracle Corporation. 1521 Supports encryption (SSL/TLS), authentication, and advanced security features Reference MySQL An open-source relational database management system. 3306 Supports encryption (SSL/TLS) and authentication Reference PostgreSQL An open-source relational database management system emphasizing extensibility and SQL compliance. 5432 Supports encryption (SSL/TLS), authentication, and access control Reference Redis An open-source, in-memory data structure store used as a database, cache, and message broker. 6379 Supports encryption (SSL/TLS) and authentication Reference Cassandra A free and open-source, distributed, wide column store, NoSQL database management system. 9042 Supports encryption (SSL/TLS) and authentication Reference