7 - 4: Embedded Systems Security Flashcards
Industrial Control Systems
Computer systems that monitor and control industrial production and operation, including energy and manufacturing
ICS deployments
Building, workflow, and process automation
Why are ICSs good hacker targets?
Attacks have dramatic implications, systems are often not well-secured, less likely to be patched
ICS types
Supervisory Control and Data Acquisition, Distributed Control Systems, Programmable Logic Controllers
SCADA
Provide remote monitoring of infrastructure, remote telemetry and sensors, reporting and control back to central system, multiple weaknesses
DCS
Focuses on controlling processes, sensors and feedback for control, multiple weaknesses
PLC
Handles specialized input and output, uninterrupted processing, connected to a human-machine interface
Modbus protocol
A serial interface common in PLCs
Internet of Things
Everything has an IP address and it’s
IoT challenges
Hard to update them as they have no interface, connected to the same network as everything else, often connect back to cloud services for Command and Control
Securing smart devices
NEVER EVER USE A DEFAULT PASSWORD EVER EVER
Networking smart devices
Segment them from each other similar to having an isolated network DMZ. Segmentation is the most effective security control
Firmware version control
A method for applying updates to networked devices in an orderly way
Security Wrappers
Monitors input and output to embedded devices to restrict only allowed traffic, effective when patching is not feasible
Embedded systems
Smaller computer systems contained within other mechanical or technical systems