Network Segmentation; Patch Management; and Intrusion Detection Flashcards
True of False
A firewall should not be paired or used with a DMZ
False
True of False
A network bridge can connect two independent networks
True
True of False
A router can be used for security instead of a firewall
False
True of False
Distributing security appliances provides defense-in-depth to key assets like controllers
True
Protection Mechanisms protect against malicious code to:
- Prevent
- Detect
- Report
- Mitigate
How could you test your Security System?
EICAR Test
Importance IACS Patching
- IACS and the software it relies on is highgly vulnerable
- New vulnerabilites are discovered and published almost daily
- Malware authors take advantage of these vulnerabilities to exploit systems
- Old malware still works on unpatched systems
IACS Patching Challenges
- Patches are changes
- Changes may impact safety, reliability, certification and performance
- Must be parto of change and configuration management process
- Patching is very resource intensive
- Infrequent maintenance outages
Patch Management
- Information Gathering
- Monitoring and Evaluation
- Patch Testing
- Patch Deployment
- Verification & Reporting
Patch Management
Information Gathering
- Inventory
- Supplier relantionships
- Suportability
- Assess existing environment
- Categorize and classify assets
Patch Management
Monitoring and Evaluation
- Monitor & ID patches
- Determine applicability
- Risk Assessment
- Decision
Patch Management
Patch Testing
- File authenticity
- Review changes
- Install procedure
- Qualifications & verification
- Removal procedure
- Risk mitigation
Patch Management
Patch Deployment
- Notification
- Preparation
- Scheduling
- Deployment
Patch Management
Verification & Reporting
- Verification
- Training
- Documentation
True or False
Only asset owners are involved with patch management
False
Malicious code protection should use a mix of deployment systems
True
True or False
Patching is an important tool for mitigation
True
True or False
Necessary patches are easy to track and implement
False
True or False
Patching is a risk management issue
True
True or False
Patch Deployment should be followed by Verification and Reporting
True
True or False
It is possible to achieve 100% Malicious Code Protection
False
True or False
Product suppliers and service providers are responsible for discovery of vulnerabilites
True
Instruction Detection Systems (IDS)
Tools to detect attemps to break into or misuse a computer system
* Security service monitors and analyze system events for the purpose of finding and providing real time warnings of attemps to access system resources in an unauthorized manner
* Allows system admins to respond to potential security issues
* If firewalls and access control systems are the lock on the door, IDS is the burglar alarm
Intrusion Prevention System (IPS)
Add de ability to act on intrusion detection by automatically blocking malicious activity.
IPS generally not used within IACS zones