Industrial Cybersecurity Efficiently sec
β Pascal Ackerman
π Library
π
2017
π English
β¦ LIBER β¦
π
Industrial Cybersecurity: Efficiently secure critical infrastructure systems (English Edition)
β Scribed by Pascal Ackerman
- Publisher
- Packt Publishing
- Year
- 2017
- Tongue
- English
- Leaves
- 449
- Category
- Library
β¬ Acquire This Volume
No coin nor oath required. For personal study only.
β¦ Synopsis
Your one-step guide to understanding industrial cybersecurity and its control systems and operations
Key Features
- Learn about endpoint protection-implement anti-malware and update, monitor, and sanitize user workloads and mobile devices
- Understand how to secure critical infrastructure systems efficiently with practical examples
- Get to grips with the techniques and methodologies of building robust infrastructure systems step by step
Book Description
With advancements in technology, cyber threats have evolved significantly. To keep your organization safe from cyber attacks, it is important to understand your control system's vulnerabilities and learn techniques to defend critical infrastructure systems from cyber threats. This book will help you implement security measures and identify unique security challenges with the help of real-world use cases.
Industrial Cybersecurity starts with an introduction to Industrial Control System (ICS) technology, giving you an overview of ICS architectures, communication media, and protocols. You'll then delve into ICS security, and understand ICS-related attack scenarios. You'll learn how to secure ICS, covering network segmentation, defense-in-depth strategies, and protective solutions. As you advance, you'll also get to grips with security assessments, risk management, and security program development. The book takes you through essential cybersecurity aspects such as threat detection and access management, and topics related to endpoint hardening, such as monitoring, updating, and anti-malware implementations.
By the end of this cybersecurity book, you will be well-versed with the latest security tools and be able to implement robust security measures for critical infrastructure networks.
What you will learn
- Explore different types of control systems
- Design security-oriented architectures, network segmentation, and security support services
- Configure event monitoring systems, anti-malware applications, and endpoint security
- Understand ICS risks, threat detection, and access management
- Discover patch management and life cycle management
- Secure your industrial control systems from design through to retirement
Who this book is for
If you are a security professional who wants to ensure a robust environment for critical infrastructure systems, this book is for you. IT professionals interested in the cybersecurity domain or industrial cybersecurity certifications will also find this book useful.
Table of Contents
- Industrial Control Systems
- Insecure by Inheritance
- Anatomy of an ICS Attack Scenario
- Industrial Control System Risk Assessment
- The Purdue Model and a Converged Plantwide Ethernet
- The Defense-in-depth Model
- Physical ICS Security
- ICS Network Security
- ICS Computer Security
- ICS Application Security
- ICS Device Security
- The ICS Cybersecurity Program Development Process
β¦ Table of Contents
Cover
Copyright
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Table of Contents
Preface
Chapter 1: Industrial Control Systems
An overview of an Industrial control system
The view function
The monitor function
The control function
The Industrial control system architecture
Programmable logic controllers
Human Machine Interface
Supervisory Control and Data Acquisition
Distributed control system
Safety instrumented system
The Purdue model for Industrial control systems
The enterprise zone
Level 5 - Enterprise network
Level 4 - Site business planning and logistics
Industrial Demilitarized Zone
The manufacturing zone
Level 3 - Site operations
Level 2 - Area supervisory control
Level 1 - Basic control
Level 0 - Process
Industrial control system communication media and protocols
Regular information technology network protocols
Process automation protocols
Industrial control system protocols
Building automation protocols
Automatic meter reading protocols
Communication protocols in the enterprise zone
Communication protocols in the Industrial zone
Summary
Chapter 2: Insecure by Inheritance
Industrial control system history
Modbus and Modbus TCP/IP
Breaking Modbus
Using Python and Scapy to communicate over Modbus
Replaying captured Modbus packets
PROFINET
PROFINET packet replay attacks
S7 communication and the stop CPU vulnerability
EtherNet/IP and the Common Industrial Protocol
Shodan: The scariest search engine on the internet
Common IT protocols found in the ICS
HTTP
File Transfer Protocol
Telnet
Address Resolution Protocol
ICMP echo request
Summary
Chapter 3: Anatomy of an ICS Attack Scenario
Setting the stage
The Slumbertown paper mill
Trouble in paradise
Building a virtual test network
Clicking our heels
What can the attacker do with their access?
The cyber kill chain
Phase two of the Slumbertown Mill ICS attack
Other attack scenarios
Summary
Chapter 4: Industrial Control System Risk Assessment
Attacks, objectives, and consequences
Risk assessments
A risk assessment example
Step 1 - Asset identification and system characterization
Step 2 - Vulnerability identification and threat modeling
Discovering vulnerabilities
Threat modeling
Step 3 - Risk calculation and mitigation
Summary
Chapter 5: The Purdue Model and a Converged Plantwide Ethernet
The Purdue Enterprise Reference Architecture
The Converged Plantwide Enterprise
The safety zone
Cell/area zones
Level 0 β The process
Level 1 β Basic control
Level 2 β Area supervisory control
The manufacturing zone
Level 3 β Site manufacturing operations and control
The enterprise zone
Level 4 β Site business planning and logistics
Level 5 β Enterprise
Level 3.5 β The Industrial Demilitarized Zone
The CPwE industrial network security framework
Summary
Chapter 6: The Defense-in-depth Model
ICS security restrictions
How to go about defending an ICS?
The ICS is extremely defendable
The defense-in-depth model
Physical security
Network security
Computer security
Application security
Device security
Policies, procedures, and awareness
Summary
Chapter 7: Physical ICS Security
The ICS security bubble analogy
Segregation exercise
Down to it β Physical security
Summary
Chapter 8: ICS Network Security
Designing network architectures for security
Network segmentation
The Enterprise Zone
The Industrial Zone
Cell Area Zones
Level 3 site operations
The Industrial Demilitarized Zone
Communication conduits
Resiliency and redundancy
Architectural overview
Firewalls
Configuring the active-standby pair of firewalls
Security monitoring and logging
Network packet capturing
Event logging
Security information and event management
Firewall logs
Configuring the Cisco ASA firewall to send log data to the OSSIM server
Setting the syslog logging level for Cisco devices
Network intrusion detection logs
Why not intrusion prevention?
Configuring the Cisco Sourcefire IDS to send log data to the OSSIM server
Router and switch logs
Configuring Cisco IOS to log to the syslog service of the OSSIM server
Operating system logs
Collecting logs from a Windows system
Installing and configuring NXLog CE across your Windows hosts
Application logs
Reading an application log file with an HIDS agent on Windows
Network visibility
Summary
Chapter 9: ICS Computer Security
Endpoint hardening
Narrowing the attack surface
Limiting the impact of a compromise
Microsoft Enhanced Mitigation Experience Toolkit
Configuring EMET for a Rockwell Automation application server
Microsoft AppLocker
Microsoft AppLocker configuration
Configuration and change management
Patch management
Configuring Microsoft Windows Server Update Services for the industrial zone
Configuring the Cisco ASA firewall
Creating the Windows Server Update Services server
Configuring Windows client computers to get updates from the WSUS server
Endpoint protection software
Host-based firewalls
Anti-malware software
Types of malware
Application whitelisting software
Application whitelisting versus blacklisting
How application whitelisting works
Symantec's Embedded Security: Critical system protection
Building the Symantec's Embedded Security: Critical System Protection management server
Monitoring and logging
Summary
Chapter 10: ICS Application Security
Application security
Input validation vulnerabilities
Software tampering
Authentication vulnerabilities
Authorization vulnerabilities
Insecure configuration vulnerabilities
Session management vulnerabilities
Parameter manipulation vulnerabilities
Application security testing
OpenVAS security scan
ICS application patching
ICS secure SDLC
The definition of secure SDLC
Summary
Chapter 11: ICS Device Security
ICS device hardening
ICS device patching
The ICS device life cycle
ICS device security considerations during the procurement phase
ICS device security considerations during the installation phase
ICS device security considerations during the operation phase
ICS device security considerations for decommissioning and disposal
Summary
Chapter 12: The ICS Cybersecurity Program Development Process
The NIST Guide to Industrial control systems security
Obtaining senior management buy-in
Building and training a cross-functional team
Defining charter and scope
Defining ICS-specific security policies and procedures
Implementing an ICS security risk-management framework
Categorizing ICS systems and network assets
Selecting ICS security controls
Performing (initial) risk assessment
Implementing the security controls
The ICS security program development process
Security policies, standards, guidelines, and procedures
Defining ICS-specific security policies, standards, and procedures
Defining and inventorying the ICS assets
Performing an initial risk assessment on discovered ICS assets
The Slumbertown Paper Mill initial risk assessment
Defining and prioritizing mitigation activities
Defining and kicking off the security improvement cycle
Summary
Index
π SIMILAR VOLUMES
Industrial Cybersecurity: Efficiently se
β Pascal Ackerman
π Library
π
2017
π Packt Publishing Ltd
π English
Your one-step guide to understanding industrial cyber security, its control systems, and its operations. About This Book Learn about endpoint protection such as anti-malware implementation, updating, monitoring, and sanitizing user workloads and mobile devices Filled with practical examples to help
Industrial cybersecurity: efficiency sec
β Ackerman, P
π Library
π
2017
π Packt Publishing
π English
Industrial Network Security, Second Edit
β Eric D. Knapp, Joel Thomas Langill
π Library
π
2014
π Syngress
π English
<p>As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systemsβenergy production, water, gas, and other vital systemsβbecomes more important, and heavily mandated. <i>Industrial Network Security, Second Edition</i> arms you with the knowledge you nee
Industrial Network Security: Securing Cr
β Eric D. Knapp
π Library
π
2011
π Syngress
π English
For a decade now we have been hearing the same thing-that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guideli
Industrial network security : securing c
β Eric Knapp
π Library
π
2011
π Syngress
π English
For a decade now we have been hearing the same thing-that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guideli