Network Segmentation; Patch Management; and Intrusion Detection Flashcards
True of False
A firewall should not be paired or used with a DMZ
False
True of False
A network bridge can connect two independent networks
True
True of False
A router can be used for security instead of a firewall
False
True of False
Distributing security appliances provides defense-in-depth to key assets like controllers
True
Protection Mechanisms protect against malicious code to:
- Prevent
- Detect
- Report
- Mitigate
How could you test your Security System?
EICAR Test
Importance IACS Patching
- IACS and the software it relies on is highgly vulnerable
- New vulnerabilites are discovered and published almost daily
- Malware authors take advantage of these vulnerabilities to exploit systems
- Old malware still works on unpatched systems
IACS Patching Challenges
- Patches are changes
- Changes may impact safety, reliability, certification and performance
- Must be parto of change and configuration management process
- Patching is very resource intensive
- Infrequent maintenance outages
Patch Management
- Information Gathering
- Monitoring and Evaluation
- Patch Testing
- Patch Deployment
- Verification & Reporting
Patch Management
Information Gathering
- Inventory
- Supplier relantionships
- Suportability
- Assess existing environment
- Categorize and classify assets
Patch Management
Monitoring and Evaluation
- Monitor & ID patches
- Determine applicability
- Risk Assessment
- Decision
Patch Management
Patch Testing
- File authenticity
- Review changes
- Install procedure
- Qualifications & verification
- Removal procedure
- Risk mitigation
Patch Management
Patch Deployment
- Notification
- Preparation
- Scheduling
- Deployment
Patch Management
Verification & Reporting
- Verification
- Training
- Documentation
True or False
Only asset owners are involved with patch management
False
Malicious code protection should use a mix of deployment systems
True
True or False
Patching is an important tool for mitigation
True
True or False
Necessary patches are easy to track and implement
False
True or False
Patching is a risk management issue
True
True or False
Patch Deployment should be followed by Verification and Reporting
True
True or False
It is possible to achieve 100% Malicious Code Protection
False
True or False
Product suppliers and service providers are responsible for discovery of vulnerabilites
True
Instruction Detection Systems (IDS)
Tools to detect attemps to break into or misuse a computer system
* Security service monitors and analyze system events for the purpose of finding and providing real time warnings of attemps to access system resources in an unauthorized manner
* Allows system admins to respond to potential security issues
* If firewalls and access control systems are the lock on the door, IDS is the burglar alarm
Intrusion Prevention System (IPS)
Add de ability to act on intrusion detection by automatically blocking malicious activity.
IPS generally not used within IACS zones
NIDS
- Monitor network traffic
- Pre-defined rules (signatures based)
- Behaviors (heuristics-based)
- Passive Sniffing
- Inline Deployment
HIDS
- Monitor host
- Pre-defined rules (signatures based)
- Behaviors (heuristics-based)
- Passive Sniffing
Types of IDS
- NIDS: Network Intrusion Detection
- HIDS: Host Intrusion Detection
IDS Issues
- False positives
- Deployment and operational costs
- Only effective against known vulnerabilites
- Limited signatures for control systems protocols
- Requires continuos care and feeding
Unified Threat Management (UTM)
Single appliance, multiple features. UTM resembles a multi-tool by providing multiple security functions with a single installation.
Single appliance with multiple security features
UTM: Unified Threat Management
Tools to detect attemps to break into or missuse a computer system
IDS: Intrusion detection system
Adds the ability to act on intrusion detection by automatically blocking malicious activity
IPS: Intrusion Prevention System
Symmetric Crypthographic Algorithms
- DES: Data Encryption Standard
- Triple DES (3DES)
- AES: Advanced Encryption Standard
Asymmetric Crypthographic Algorithms
- RSA
- Diffie-Hellman
- Elliptic Curve
True or False
Only asset owners are involved with patching
False
Requires
* Asset owners
* Integrators
* Maintainers
* Products suppliers
True or False
Asymmetric keys use the same shared key and require lower bandwidth overhead
False
True or False
Hashes are changes wich may impact safety, reliability, certification and performance.
False
Hashes are changes wich may impact safety, reliability, certification…
True or False
Cryptography uses ciphers or algorithms for encrypting and decrypting messages.
True
What does NIDS stand for?
Network Intrusin Detection System
What is an Intrusion Detection System (IDS)?
Tools to detect attemps to break into or missuse a computer system
True or False
The two main types of Intrusion System are Network and Host-based
True
Which cryptographic system requires two separate keys, one which is secret and one which is public?
Asymmetric
True or False
Hashing involves creating unique identifier of some chunk of data
True