creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 06:34:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-ics-firewall-with-tofino/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

56 lines
1.5 KiB
Markdown
Raw Blame History

# API Reference: Implementing ICS Firewall with Tofino
## OT Protocol Ports
| Protocol | Port | Layer | DPI Support |
|----------|------|-------|-------------|
| Modbus/TCP | 502 | TCP | Yes |
| EtherNet/IP | 44818 | TCP/UDP | Yes |
| DNP3 | 20000 | TCP | Yes |
| OPC UA | 4840 | TCP | Yes |
| S7comm | 102 | TCP | Yes |
| BACnet | 47808 | UDP | Yes |
| IEC 61850 MMS | 102 | TCP | Yes |
## Risky Modbus Function Codes
| Code | Function | Risk |
|------|----------|------|
| 5 | Write Single Coil | HIGH |
| 6 | Write Single Register | HIGH |
| 15 | Write Multiple Coils | HIGH |
| 16 | Write Multiple Registers | HIGH |
| 22 | Mask Write Register | HIGH |
## Tofino Xenon Configuration
```xml
<TofinoRule>
<Action>Allow</Action>
<Source>192.168.1.10</Source>
<Destination>192.168.1.50</Destination>
<Protocol>Modbus</Protocol>
<Port>502</Port>
<DPI enabled="true">
<AllowedFunctions>1,2,3,4</AllowedFunctions>
</DPI>
<Logging>true</Logging>
</TofinoRule>
```
## Rule Audit Checks
| Check | Severity | Description |
|-------|----------|-------------|
| Allow-any-any | CRITICAL | Overly permissive rule |
| No default deny | CRITICAL | Missing deny-all at end |
| No DPI for OT protocol | HIGH | Missing deep packet inspection |
| Write functions allowed | HIGH | Modbus write codes permitted |
| Allow without logging | MEDIUM | No audit trail |
### References
- Belden Tofino: https://www.belden.com/products/industrial-networking/cybersecurity
- IEC 62443-3-3: Industrial Automation Security
- NIST SP 800-82: Guide to ICS Security
Reference in New Issue View Git Blame Copy Permalink