Industrial network security securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems
As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems—energy production, water, gas, and other vital systems—becomes more important, and heavily mandated. Industrial Network Security, Second Edition arms you with the knowledge you need to under...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Waltham, Massachusetts :
Syngress
2015
|
| Edición: | Second edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631587106719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- Contents
- About the Author
- Preface
- Acknowledgments
- Chapter 1 - Introduction
- Information in this Chapter
- Book Overview and Key Learning Points
- Book Audience
- Diagrams and Figures
- The Smart Grid
- How This Book is Organized
- Chapter 2: About Industrial Networks
- Chapter 3: Industrial Cyber Security, History, and Trends
- Chapter 4: Introduction to ICS and Operations
- Chapter 5: ICS Network Design and Architecture
- Chapter 6: Industrial Network Protocols
- Chapter 7: Hacking Industrial Systems
- Chapter 8: Risk and Vulnerability Assessments
- Chapter 9: Establishing Zones and Conduits
- Chapter 10: Implementing security and access controls
- Chapter 11: Exception, Anomaly, and Threat Detection
- Chapter 12: Security Monitoring of Industrial Control Systems
- Chapter 13: Standards and Regulations
- Changes Made to the Second Edition
- Conclusion
- Chapter 2 - About Industrial Networks
- Information in this Chapter
- The Use of Terminology Within This Book
- Attacks, Breaches, and Incidents: Malware, Exploits, and APTs
- Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets
- Security Controls and Security Countermeasures
- Firewalls and Intrusion Prevention Systems
- Industrial Control System
- DCS or SCADA?
- Industrial Networks
- Industrial Protocols
- Networks, Routable Networks, and Nonroutable Networks
- Enterprise or Business Networks
- Zones and Enclaves
- Network Perimeters or "Electronic Security Perimeters"
- Critical Infrastructure
- Utilities
- Nuclear Facilities
- Bulk Electric
- Smart Grid
- Chemical Facilities
- Common Industrial Security Recommendations
- Identification of Critical Systems
- Network Segmentation/Isolation of Systems
- Defense in Depth
- Access Control
- Advanced Industrial Security Recommendations.
- Security Monitoring
- Policy Whitelisting
- Application Whitelisting
- Common Misperceptions About Industrial Network Security
- Assumptions Made in This Book
- Summary
- Chapter 3 - Industrial Cyber Security History and Trends
- Information in this Chapter
- Importance of Securing Industrial Networks
- The Evolution of the Cyber Threat
- APTs and Weaponized Malware
- Night Dragon
- Stuxnet
- Advanced Persistent Threats and Cyber Warfare
- Still to Come
- Defending Against Modern Cyber Threats
- The Insider
- Hacktivism, Cyber Crime, Cyber Terrorism, and Cyber War
- Summary
- Chapter 4 - Introduction to Industrial Control Systems and Operations
- Information in this Chapter
- System Assets
- Programmable Logic Controller
- Ladder Diagrams
- Sequential Function Charts
- Remote Terminal Unit
- Intelligent Electronic Device
- Human-Machine Interface
- Supervisory Workstations
- Data Historian
- Business Information Consoles and Dashboards
- Other Assets
- System Operations
- Control Loops
- Control Processes
- Feedback Loops
- Production Information Management
- Business Information Management
- Process Management
- Safety Instrumented Systems
- The Smart Grid
- Network Architectures
- Summary
- Chapter 5 - Industrial Network Design and Architecture
- Information in this Chapter
- Introduction to Industrial Networking
- Common Topologies
- Network Segmentation
- Higher Layer Segmentation
- Physical vs. Logical Segmentation
- Network Services
- Wireless Networks
- Remote Access
- Performance Considerations
- Latency and Jitter
- Bandwidth and Throughput
- Type of Service, Class of Service, and Quality of Service
- Network Hops
- Network Security Controls
- Safety Instrumented Systems
- Special Considerations
- Wide Area Connectivity
- Smart Grid Network Considerations.
- Advanced Metering Infrastructure
- Summary
- Chapter 6 - Industrial Network Protocols
- Information in this Chapter
- Overview of Industrial Network Protocols
- Fieldbus Protocols
- Modicon Communication Bus
- What it Does
- How it Works
- Variants
- Modbus RTU and Modbus ASCII
- Modbus TCP
- Modbus Plus or Modbus+
- Where it is Used
- Security Concerns
- Security Recommendations
- Distributed Network Protocol
- What it Does
- How it Works
- Secure DNP3
- Where it is Used
- Security Concerns
- Security Recommendations
- Process Fieldbus
- Security Concerns
- Security Recommendations
- Industrial Ethernet Protocols
- Ethernet Industrial Protocol
- Security Concerns
- Security Recommendations
- PROFINET
- Security Concerns
- Security Recommendations
- EtherCAT
- Security Concerns
- Security Recommendations
- Ethernet POWERLINK
- Security Concerns
- Security Recommendations
- SERCOS III
- Security Concerns
- Security Recommendations
- Backend Protocols
- Open process communications
- What it Does
- How it Works
- Where it is Used
- Security Concerns
- Security Recommendations
- Inter-Control Center Communications Protocol
- What it Does
- How it Works
- Where it is Used
- Security Concerns
- Security Improvements Over Modbus and DNP
- Security Recommendations
- Advanced Metering Infrastructure and the Smart Grid
- Security Concerns
- Security Recommendations
- Industrial Protocol Simulators
- MODBUS
- DNP3 / IEC 60870-5
- OPC
- ICCP / IEC 60870-6 (TASE.2)
- Physical Hardware
- Summary
- Chapter 7 - Hacking Industrial Control Systems
- Information in this Chapter
- Motives and Consequences
- Consequences of a Successful Cyber Incident
- Cyber Security and Safety
- Common Industrial Targets
- Common Attack Methods
- Man-in-the-Middle Attacks
- Denial-of-Service Attacks.
- Replay Attacks
- Compromising the Human-Machine Interface
- Compromising the Engineering Workstation
- Blended Attacks
- Examples of Weaponized Industrial Cyber Threats
- Stuxnet
- Dissecting Stuxnet
- What it Does
- Lessons Learned
- Shamoon/DistTrack
- Flame/Flamer/Skywiper
- Attack Trends
- Evolving Vulnerabilities: The Adobe Exploits
- Industrial Application Layer Attacks
- Antisocial Networks: A New Playground for Malware
- Cannibalistic Mutant Underground Malware
- Dealing with an Infection
- Summary
- Chapter 8 - Risk and Vulnerability Assessments
- Information in this Chapter
- Cyber Security and Risk Management
- Why Risk Management is the Foundation of Cyber Security
- What is Risk?
- Standards and Best Practices for Risk Management
- Methodologies for Assessing Risk Within Industrial Control Systems
- Security Tests
- Security Audits
- Security and Vulnerability Assessments
- Establishing a Testing and Assessment Methodology
- Tailoring a Methodology for Industrial Networks
- Theoretical versus Physical Tests
- Online versus Offline Physical Tests
- System Characterization
- Data Collection
- Scanning of Industrial Networks
- Device Scanners
- Vulnerability Scanners
- Traffic Scanners
- Live Host Identification
- "Quiet" / "Friendly" Scanning Techniques
- Potentially "Noisy"/"Dangerous" Scanning Techniques
- Port Mirroring and Span Ports
- Command Line Tools
- Hardware and Software Inventory
- Data Flow Analysis
- Threat Identification
- Threat Actors/Sources
- Threat Vectors
- Threat Events
- Identification of Threats During Security Assessments
- Vulnerability Identification
- Vulnerability Scanning
- Configuration Auditing
- Vulnerability Prioritization
- Common Vulnerability Scoring System
- Risk Classification and Ranking
- Consequences and Impact.
- How to Estimate Consequences and Likelihood
- Risk Ranking
- Risk Reduction and Mitigation
- Summary
- Chapter 9 - Establishing Zones and Conduits
- Information in this Chapter
- Security Zones and Conduits Explained
- Identifying and Classifying Security Zones and Conduits
- Recommended Security Zone Separation
- Network Connectivity
- Caution
- Control Loops
- Supervisory Controls
- Note
- Plant Level Control Processes
- Control Data Storage
- Trading Communications
- Remote Access
- Users and Roles
- Protocols
- Criticality
- Tip
- Tip
- Establishing Security Zones and Conduits
- Summary
- Chapter 10 - Implementing Security and Access Controls
- Information in this Chapter
- Network Segmentation
- Zones and Security Policy Development
- Using Zones within Security Device Configurations
- Implementing Network Security Controls
- Selecting Network Security Devices
- Implementing Network Security Devices
- Firewall Configuration Guidelines
- Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines
- Recommended IDS/IPS Rules
- Anomaly-Based Intrusion Detection
- Protocol Anomaly Detection
- Application and Protocol Monitoring in Industrial Networks
- Data Diodes and Unidirectional Gateways
- Implementing Host Security and Access Controls
- Selecting Host Cyber Security Systems
- Host Firewalls
- Host IDS
- Anti-virus
- Application Whitelisting
- External Controls
- Patch Management
- Patching as a form of Vulnerability Management
- Leave no Vulnerability Unturned
- Maintaining System Availability
- Comprehensive Predeployment Testing
- Automating the Process
- How Much Security is Enough?
- Summary
- Chapter 11 - Exception, Anomaly, and Threat Detection
- Information in this Chapter
- Exception Reporting
- Behavioral Anomaly Detection
- Measuring Baselines
- Anomaly Detection.
- Analyzing IT vs. OT Metrics.
