Industrial cybersecurity : efficiently secure critical infrastructure systems / Pascal Ackerman.

Format:

Book

Author/Creator:

Ackerman, Pascal, author.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Process control--Security measures.

Process control.

Automatic machinery--Security measures.

Automatic machinery.

Physical Description:

1 online resource (456 pages)

Edition:

1st edition

Place of Publication:

Birmingham ; Mumbai : Packt, 2017.

System Details:

text file

Summary:

Your one-step guide to understanding industrial cyber security, its control systems, and its operations. About This Book Learn about endpoint protection such as anti-malware implementation, updating, monitoring, and sanitizing user workloads and mobile devices Filled with practical examples to help you secure critical infrastructure systems efficiently A step-by-step guide that will teach you the techniques and methodologies of building robust infrastructure systems Who This Book Is For If you are a security professional and want to ensure a robust environment for critical infrastructure systems, this book is for you. IT professionals interested in getting into the cyber security domain or who are looking at gaining industrial cyber security certifications will also find this book useful. What You Will Learn Understand industrial cybersecurity, its control systems and operations Design security-oriented architectures, network segmentation, and security support services Configure event monitoring systems, anti-malware applications, and endpoint security Gain knowledge of ICS risks, threat detection, and access management Learn about patch management and life cycle management Secure your industrial control systems from design through retirement In Detail With industries expanding, cyber attacks have increased significantly. Understanding your control system's vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations ...

Contents:

Cover

Copyright

Credits

About the Author

About the Reviewers

www.PacktPub.com

Customer Feedback

Table of Contents

Preface

Chapter 1: Industrial Control Systems

An overview of an Industrial control system

The view function

The monitor function

The control function

The Industrial control system architecture

Programmable logic controllers

Human Machine Interface

Supervisory Control and Data Acquisition

Distributed control system

Safety instrumented system

The Purdue model for Industrial control systems

The enterprise zone

Level 5 - Enterprise network

Level 4 - Site business planning and logistics

Industrial Demilitarized Zone

The manufacturing zone

Level 3 - Site operations

Level 2 - Area supervisory control

Level 1 - Basic control

Level 0 - Process

Industrial control system communication media and protocols

Regular information technology network protocols

Process automation protocols

Industrial control system protocols

Building automation protocols

Automatic meter reading protocols

Communication protocols in the enterprise zone

Communication protocols in the Industrial zone

Summary

Chapter 2: Insecure by Inheritance

Industrial control system history

Modbus and Modbus TCP/IP

Breaking Modbus

Using Python and Scapy to communicate over Modbus

Replaying captured Modbus packets

PROFINET

PROFINET&amp

#160

packet replay attacks

S7 communication and the stop CPU vulnerability

EtherNet/IP and the Common Industrial Protocol

Shodan: The scariest search engine on the internet

Common IT protocols found in the ICS

HTTP

&amp

File Transfer Protocol

Telnet

Address Resolution Protocol

ICMP echo request

Chapter 3: Anatomy of an ICS Attack Scenario

Setting the stage.

The Slumbertown paper mill

Trouble in paradise

Building a virtual test network

Clicking our heels

What can the attacker do with their access?

The cyber kill chain

Phase two of the Slumbertown Mill ICS attack

Other attack scenarios

Chapter 4: Industrial Control System Risk Assessment

Attacks, objectives, and consequences

Risk assessments

A risk assessment example

Step 1 - Asset identification and system characterization

Step 2 - Vulnerability identification and threat modeling

Discovering vulnerabilities

Threat modeling

Step 3 - Risk calculation and mitigation

Chapter 5: The Purdue Model and a Converged Plantwide Ethernet

The Purdue Enterprise Reference Architecture

The Converged Plantwide Enterprise

The safety zone

Cell/area zones

Level 0 - The process

Level 3 - Site manufacturing operations and control

Level 5 - Enterprise

Level 3.5 - The Industrial Demilitarized Zone

The CPwE industrial network security framework

Chapter 6: The Defense-in-depth Model

ICS security restrictions

How to go about defending an ICS?

The ICS is extremely defendable

The defense-in-depth model

Physical security

Network security

Computer security

Application security

Device security

Policies, procedures, and awareness

Chapter 7: Physical ICS Security

The ICS security bubble analogy

Segregation exercise

Down to it - Physical security

Chapter 8: ICS Network Security

Designing network architectures for security

Network segmentation

The Enterprise Zone

The Industrial Zone

Cell Area Zones

Level 3 site operations.

The Industrial Demilitarized Zone

Communication conduits

Resiliency and redundancy

Architectural overview

Firewalls

Configuring the active-standby pair of firewalls

Security monitoring and logging

Network packet capturing

Event logging

Security information and event management

Firewall logs

Configuring the Cisco ASA firewall to send log data to the OSSIM server

Setting the syslog logging level for Cisco devices

Network intrusion detection logs

Why not intrusion prevention?

Configuring the Cisco Sourcefire IDS to send log data to the OSSIM server

Router and switch logs

Configuring Cisco IOS to log to the syslog service of the OSSIM server

Operating system logs

Collecting logs from a Windows system

Installing and configuring NXLog CE across your Windows hosts

Application logs

Reading an application log file with an HIDS agent on Windows

Network visibility

Chapter 9: ICS Computer Security

Endpoint hardening

Narrowing the attack surface

Limiting the impact of a compromise

Microsoft Enhanced Mitigation Experience Toolkit&amp

Configuring EMET for a Rockwell Automation application server

Microsoft AppLocker

Microsoft AppLocker configuration

Configuration and change management

Patch management

Configuring Microsoft Windows Server Update Services for the industrial zone

Configuring the Cisco ASA firewall

Creating the Windows Server Update Services server

Configuring Windows client computers to get updates from the WSUS server

Endpoint protection software

Host-based firewalls

Anti-malware software

Types of malware

Application whitelisting software

Application whitelisting versus blacklisting

How application whitelisting works

Symantec's Embedded Security: Critical system protection.

Building the Symantec's Embedded Security: Critical System Protection management server

Monitoring and logging

Chapter 10: ICS Application Security

Input validation vulnerabilities

Software tampering&amp

Authentication vulnerabilities

Authorization&amp

vulnerabilities

Insecure configuration vulnerabilities

Session management vulnerabilities

Parameter manipulation vulnerabilities

Application security testing

OpenVAS security scan

ICS application patching

ICS secure SDLC

The definition of secure SDLC

Chapter 11: ICS Device Security

ICS device hardening

ICS device patching

The ICS device life cycle

ICS device security considerations during the procurement phase

ICS device security considerations during the installation phase

ICS device security considerations during the operation phase

ICS device security considerations for decommissioning and disposal

Chapter 12: The ICS Cybersecurity Program Development Process

The NIST Guide to Industrial control systems&amp

security

Obtaining senior management buy-in

Building and training a cross-functional team

Defining charter and scope

Defining ICS-specific security policies and procedures

Implementing an ICS security risk-management framework

Categorizing ICS systems and network assets

Selecting ICS security controls

Performing (initial) risk assessment

Implementing the security controls

The ICS security program development process

Security policies, standards, guidelines, and procedures

Defining ICS-specific security policies, standards, and procedures

Defining and inventorying the ICS assets

Performing an initial risk assessment on discovered ICS assets

The Slumbertown Paper Mill initial risk assessment.

Defining and prioritizing mitigation activities

Defining and kicking off the security improvement cycle

Index.

Notes:

Description based on print version record.

Includes index.

ISBN:

9781523125319

1523125314

OCLC:

1007843443