Chapter_1_Introduction to SilentDefense

Question 1

What are some characteristics of an IT environment?

Answer 1

High density environment
Random changes – hosts coming and going
Hosts running many applications
Throughput and confidentiality are important

Question 2

What are some characteristics of an OT environment?

Answer 2

Purpose builtHosts running specific application
Longevity and stability are key
Network traffic is fixed – not worried about throuput
Control and integrity are important

Question 3

What does ICS stand for?

Answer 3

Industrial Control System

Question 4

Describe an ICS. What does it do?

Answer 4

It is a system which manages or handles an industrial process. For example:a factory which produces cars, an electricity grid, or the transportation system within a city.

Question 5

What components make up a SilentDefense solution?

Answer 5

A Command Center and one or more sensors.

Question 6

What are the2 types of sensors used in a live production environment?

Answer 6

Monitoring (Passive) Sensor
ICS Patrol (Active) Sensor

Question 7

Describe a Monitoring Sensor.

Answer 7

Connected to a SPAN or TAP port and monitors traffic to/from ICSPassively inspects trafficSends events and log information to Command Center

Question 8

Describe an ICS Patrol Sensor:

Answer 8

An optional type of sensor that can be used to query hosts in a controlled way from within the Command Center. This is the only Sensor that is capable of issuing controlled, active requests for information on the network. This will always be done at the request of a SilentDefense user via the Command Center.

Question 9

What does LAN CP stand for and how does it recognize suspicious traffic?

Answer 9

The LAN Communication Profiler learns a “normal” baseline of traffic, creating a whitelist. Then, after tuning the whitelist, in Detection mode, it sends alerts when traffic is seen which does not match the previously built whitelist.