Midterm

Question 1

When to disclose vulnerability

Answer 1

after patch released

Question 2

where are borders for routable/non-routable networks?

Answer 2

demarcation of control and SCADA network

Question 3

are non routable networks vulnerable? Why?

Answer 3

Yes, non routable components often have uplinks to controller and/or have things like modems

Question 4

ICS incorporates both ___ and ___ monitoring with some level of ___.

Answer 4

local, remote, centralized control

Question 5

Industrial protocols Modbus/TCP, DNP3 operate at what layer?

Answer 5

Top layer (application)

Question 6

Serial and bus links using Modbus and DNP3 are examples of what?

Answer 6

non routable networks

Question 7

T/F industrial protocols can be made routable by placing them on the OSI stack

Answer 7

true

Question 8

Zones and enclaves

Answer 8

used as method of network segregation, regquires logical boundaries

Question 9

network perimeter

Answer 9

boundary of a zone, it is logical place to place security controls

Question 10

most attacks are ___ motivated, and occur ___, and use ___

Answer 10

financially, externally, weak or stolen credentials

Question 11

most incidents occur ____

Answer 11

internally

Question 12

True / False: an attacker must have significant system knowledge of operational procedure in order to turn HMI access into an attack

Answer 12

true

Question 13

True/False: Industrial networks can be WAN or LAN

Answer 13

true

Question 14

For CIA, what is most important for ICS?

Answer 14

A: availability

Question 15

Network design of industrial networks optimizes ____.

Answer 15

real time usage (latency)

Question 16

APTs work via ____ while weaponized malware works ____

Answer 16

command and control, in isolation

Question 17

Attacker must know exact ____ in order to alter set point of industrial process

Answer 17

register

Question 18

business networks

Answer 18

• highly interconnected
• various wireless options
• extremely dynamic

Question 19

Common topologies for ICs

Answer 19

RING and BUS (because of redundancy)

Question 20

Topology for end devices

Answer 20

star

Question 21

QOS (quality of service) definition

Answer 21

ability to differentiate and prioritize some traffic over other

Question 22

Domain servers and identity / access control systems should be ____________ for ICS and business networks

Answer 22

maintained separately (risk mitigation)

Question 23

Higher up the protocol stack you go, the higher the ____ due to ____.

Answer 23

latency, deeper packet inspection

Question 24

ICS should optimize network latency because operations are _____ and ______

Answer 24

time critical, deterministic

Question 25

QOS (quality of service) definition

Answer 25

ability to differentiate and prioritize some traffic over other

Question 26

Industrial wireless networks use what topology?

Answer 26

mesh

Question 27

is ICS network topology static or fixed?

Answer 27

fixed