research

robertjameson

SEC6082Class7.pptx

Home >Computer Science homework help >research

Tonight, March 5th – Class 7 (last class)

your “test” on ICS 210W (6,7). (100 pts)

March 12 – no class

research assignment due

ICS210W (9,10) final cert (100, total 400) - enter the all pdfs for all 10 sessions!

NIST 800-82 Rev 2.

5. ICS Security Architecture

6. Applying Security Controls to ICS

ICS Security Architecture

Network Segmentation and Segregation

Logical network separation enforced by encryption or network device-enforced partitioning

VLANS, Encrypted Virtual Private Networks (VPNs), Unidirectional gateways.

Physical network separation to completely prevent any interconnectivity of traffic between domains.

Network traffic filtering, Network layer filtering, State‐based filtering

Port and/or protocol level filtering

Application filtering including application-level firewalls, proxies, and content-based filters.

ICS Security Architecture

Network Segmentation and Segregation

Four common themes that implement the concept of defense-in-depth by providing for good network segmentation and segregation:

Apply technologies at more than just the network layer. Each system and network should be segmented and segregated, where possible, from the data link layer up to and including the application layer.

Use the principles of least privilege and need‐to‐know. If a system doesn’t need to communicate with another system, it should not be allowed to. If a system needs to talk only to another system on a specific port or protocol and nothing else–or it needs to transfer a limited set of labeled or fixed-format data, it should be restricted as such.

Separate information and infrastructure based on security requirements. This may include using different hardware or platforms based on different threat and risk environments in which each system or network segment operates. The most critical components require more strict isolation from other components. In addition to network separation, the use of virtualization could be employed to accomplish the required isolation.

Implement whitelisting instead of blacklisting; that is, grant access to the known good, rather than denying access to the known bad. The set of applications that run in ICS is essentially static.

Look at the details and examples from section 5. This is important to your final paper!

5.1 Network Segmentation and Segregation 5-1

5.2 Boundary Protection .5-3

5.3 Firewalls .5-4

5.4 Logically Separated Control Network 5-6

5.5 Network Segregation 5-7

5.5.1 Dual-Homed Computer/Dual Network Interface Cards (NIC) 5-7

5.5.2 Firewall between Corporate Network and Control Network 5-7

5.5.3 Firewall and Router between Corporate Network and Control Network 5-9

5.5.4 Firewall with DMZ between Corporate Network and Control Network . 5-10

5.5.5 Paired Firewalls between Corporate Network and Control Network 5-12

5.5.6 Network Segregation Summary 5-13

5.6 Recommended Defense-in-Depth Architecture. 5-13

5.7 General Firewall Policies for ICS 5-14

ICS Security Architecture

5.8 Recommended Firewall Rules for Specific Services . 5-16

5.8.1 Domain Name System (DNS) . 5-17

5.8.2 Hypertext Transfer Protocol (HTTP) . 5-17

5.8.3 FTP and Trivial File Transfer Protocol (TFTP) 5-17

5.8.4 Telnet . 5-17

5.8.5 Dynamic Host Configuration Protocol (DHCP) . 5-18

5.8.6 Secure Shell (SSH) 5-18

5.8.7 Simple Object Access Protocol (SOAP) . 5-18

5.8.8 Simple Mail Transfer Protocol (SMTP) . 5-18

5.8.9 Simple Network Management Protocol (SNMP) . 5-18

5.8.10 Distributed Component Object Model (DCOM) . 5-19

5.8.11 SCADA and Industrial Protocols . 5-19

5.9 Network Address Translation (NAT) . 5-19

ICS Security Architecture

5.10 Specific ICS Firewall Issues . 5-20

5.10.1 Data Historians 5-20

5.10.2 Remote Support Access . 5-20

5.10.3 Multicast Traffic 5-20

5.11 Unidirectional Gateways . 5-21

5.12 Single Points of Failure . 5-21

5.13 Redundancy and Fault Tolerance . 5-21

5.14 Preventing Man-in-the-Middle Attacks 5-22

5.15 Authentication and Authorization 5-24

5.15.1 ICS Implementation Considerations . 5-25

5.16 Monitoring, Logging, and Auditing 5-25

5.17 Incident Detection, Response, and System Recovery 5-25

ICS Security Architecture

Applying Security Controls to ICS

Executing the Risk Management Framework Tasks for ICS

Step 1: Categorize Information Systems

Step 2: Select Security Controls

Step 3: Implement Security Controls

Step 4: Assess Security Controls

Step 5: Authorize Information System

Step 6: Monitor Security Controls

This is what your previous

assignment was about.

Applying Security Controls to ICS

Executing the Risk Management Framework Tasks for ICS

Access Control – Role-based, Wireless, VLANs, web-servers, Dial-up

Awareness and Training

Audit and Accountability

Security Assessment and Authorization

Configuration Management

Contingency Planning /Business Continuity – identify the recovery objective, DRP

Identification and Authentication – Password, 2-Factor, Biometric, Smart Cards, Tokens

Applying Security Controls to ICS

Executing the Risk Management Framework Tasks for ICS

Incident Response – symptoms of an incident

Unusually heavy network traffic.

Out of disk space or significantly reduced free disk space.

Unusually high CPU usage.

Creation of new user accounts.

Attempted or actual use of administrator-level accounts.

Locked-out accounts.

Account in-use when the user is not at work.

Cleared log files.

Full log files with unusually large number of events.

Antivirus or IDS alerts.

Disabled antivirus software and other security controls.

Unexpected patch changes.

Machines connecting to outside IP addresses.

Requests for information about the system (social engineering attempts).

Unexpected changes in configuration settings.

Unexpected system shutdown.

Plan a response - Classification of Incidents; Response Actions; Recovery Actions.

Applying Security Controls to ICS

Executing the Risk Management Framework Tasks for ICS

Maintenance

Media Protection

Physical and Environmental Protection

Planning

Personnel Security

Hiring Policies

Organization Policies and Practices

Terms and Conditions of Employment

Risk Assessment

System and Services Acquisition

System and Communications Protection – Encryption, VPNs

System and Information Integrity

Virus detection and malicious code

Intrusion detection

Patch management

Program Management

Privacy Controls

Good Luck with your Career!

Please fill out the IDEA survey!

Spring B1 2018 IDEA surveys are available to students. Students can access their surveys by entering their full Wilmington University email address and password at wilmu.campuslabs.com/ courseeval.

Faculty are encouraged to promote student participation in the IDEA survey. Faculty can view real-time response rates, as well as past survey results via https://wilmu.campuslabs.com/faculty. (Please note that survey histories begin with Fall 2016 course reports).