Industrial cybersecurity efficiently secure critical infrastructure systems

Book Description With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book...

Full description

Saved in:
Bibliographic Details
Main Author: Ackerman, Pascal
Format: eBook
Language:English
Published: Birmingham PACKT Publishing 2017
Packt Publishing, Limited
Packt Publishing Limited
Packt Publishing
Edition:1st ed.
Subjects:
Automatic machinery
COM053000 COMPUTERS / Security / General
Computer networks
Computer security
COMPUTERS / Security / Networking
COMPUTERS / System Administration / General
Networking and Servers
Process control
Security measures
ISBN:9781788395984, 1788395980, 9781788395151, 1788395158
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Cover -- Copyright -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Industrial Control Systems -- An overview of an Industrial control system -- The view function -- The monitor function -- The control function -- The Industrial control system architecture -- Programmable logic controllers -- Human Machine Interface -- Supervisory Control and Data Acquisition -- Distributed control system -- Safety instrumented system -- The Purdue model for Industrial control systems -- The enterprise zone -- Level 5 - Enterprise network -- Level 4 - Site business planning and logistics -- Industrial Demilitarized Zone -- The manufacturing zone -- Level 3 - Site operations -- Level 2 - Area supervisory control -- Level 1 - Basic control -- Level 0 - Process -- Industrial control system communication media and protocols -- Regular information technology network protocols -- Process automation protocols -- Industrial control system protocols -- Building automation protocols -- Automatic meter reading protocols -- Communication protocols in the enterprise zone -- Communication protocols in the Industrial zone -- Summary -- Chapter 2: Insecure by Inheritance -- Industrial control system history -- Modbus and Modbus TCP/IP -- Breaking Modbus -- Using Python and Scapy to communicate over Modbus -- Replaying captured Modbus packets -- PROFINET -- PROFINET&amp -- #160 -- packet replay attacks -- S7 communication and the stop CPU vulnerability -- EtherNet/IP and the Common Industrial Protocol -- Shodan: The scariest search engine on the internet -- Common IT protocols found in the ICS -- HTTP -- &amp -- #160 -- File Transfer Protocol -- Telnet -- Address Resolution Protocol -- ICMP echo request -- Summary -- Chapter 3: Anatomy of an ICS Attack Scenario -- Setting the stage
  • Defining and prioritizing mitigation activities -- Defining and kicking off the security improvement cycle -- Summary -- Index
  • The Slumbertown paper mill -- Trouble in paradise -- Building a virtual test network -- Clicking our heels -- What can the attacker do with their access? -- The cyber kill chain -- Phase two of the Slumbertown Mill ICS attack -- Other attack scenarios -- Summary -- Chapter 4: Industrial Control System Risk Assessment -- Attacks, objectives, and consequences -- Risk assessments -- A risk assessment example -- Step 1 - Asset identification and system characterization -- Step 2 - Vulnerability identification and threat modeling -- Discovering vulnerabilities -- Threat modeling -- Step 3 - Risk calculation and mitigation -- Summary -- Chapter 5: The Purdue Model and a Converged Plantwide Ethernet -- The Purdue Enterprise Reference Architecture -- The Converged Plantwide Enterprise -- The safety zone -- Cell/area zones -- Level 0 - The process -- Level 1 - Basic control -- Level 2 - Area supervisory control -- The manufacturing zone -- Level 3 - Site manufacturing operations and control -- The enterprise zone -- Level 4 - Site business planning and logistics -- Level 5 - Enterprise -- Level 3.5 - The Industrial Demilitarized Zone -- The CPwE industrial network security framework -- Summary -- Chapter 6: The Defense-in-depth Model -- ICS security restrictions -- How to go about defending an ICS? -- The ICS is extremely defendable -- The defense-in-depth model -- Physical security -- Network security -- Computer security -- Application security -- Device security -- Policies, procedures, and awareness -- Summary -- Chapter 7: Physical ICS Security -- The ICS security bubble analogy -- Segregation exercise -- Down to it - Physical security -- Summary -- Chapter 8: ICS Network Security -- Designing network architectures for security -- Network segmentation -- The Enterprise Zone -- The Industrial Zone -- Cell Area Zones -- Level 3 site operations
  • The Industrial Demilitarized Zone -- Communication conduits -- Resiliency and redundancy -- Architectural overview -- Firewalls -- Configuring the active-standby pair of firewalls -- Security monitoring and logging -- Network packet capturing -- Event logging -- Security information and event management -- Firewall logs -- Configuring the Cisco ASA firewall to send log data to the OSSIM server -- Setting the syslog logging level for Cisco devices -- Network intrusion detection logs -- Why not intrusion prevention? -- Configuring the Cisco Sourcefire IDS to send log data to the OSSIM server -- Router and switch logs -- Configuring Cisco IOS to log to the syslog service of the OSSIM server -- Operating system logs -- Collecting logs from a Windows system -- Installing and configuring NXLog CE across your Windows hosts -- Application logs -- Reading an application log file with an HIDS agent on Windows -- Network visibility -- Summary -- Chapter 9: ICS Computer Security -- Endpoint hardening -- Narrowing the attack surface -- Limiting the impact of a compromise -- Microsoft Enhanced Mitigation Experience Toolkit&amp -- #160 -- -- Configuring EMET for a Rockwell Automation application server -- Microsoft AppLocker -- Microsoft AppLocker configuration -- Configuration and change management -- Patch management -- Configuring Microsoft Windows Server Update Services for the industrial zone -- Configuring the Cisco ASA firewall -- Creating the Windows Server Update Services server -- Configuring Windows client computers to get updates from the WSUS server -- Endpoint protection software -- Host-based firewalls -- Anti-malware software -- Types of malware -- Application whitelisting software -- Application whitelisting versus blacklisting -- How application whitelisting works -- Symantec's Embedded Security: Critical system protection
  • Building the Symantec's Embedded Security: Critical System Protection management server -- Monitoring and logging -- Summary -- Chapter 10: ICS Application Security -- Application security -- Input validation vulnerabilities -- Software tampering&amp -- #160 -- -- Authentication vulnerabilities -- Authorization&amp -- #160 -- vulnerabilities -- Insecure configuration vulnerabilities -- Session management vulnerabilities -- Parameter manipulation vulnerabilities -- Application security testing -- OpenVAS security scan -- ICS application patching -- ICS secure SDLC -- The definition of secure SDLC -- Summary -- Chapter 11: ICS Device Security -- ICS device hardening -- ICS device patching -- The ICS device life cycle -- ICS device security considerations during the procurement phase -- ICS device security considerations during the installation phase -- ICS device security considerations during the operation phase -- ICS device security considerations for decommissioning and disposal -- Summary -- Chapter 12: The ICS Cybersecurity Program Development Process -- The NIST Guide to Industrial control systems&amp -- #160 -- security -- Obtaining senior management buy-in -- Building and training a cross-functional team -- Defining charter and scope -- Defining ICS-specific security policies and procedures -- Implementing an ICS security risk-management framework -- Categorizing ICS systems and network assets -- Selecting ICS security controls -- Performing (initial) risk assessment -- Implementing the security controls -- The ICS security program development process -- Security policies, standards, guidelines, and procedures -- Defining ICS-specific security policies, standards, and procedures -- Defining and inventorying the ICS assets -- Performing an initial risk assessment on discovered ICS assets -- The Slumbertown Paper Mill initial risk assessment
  • Industrial Cybersecurity: Efficiently secure critical infrastructure systems