Network Segmentation; Patch Management; and Intrusion Detection

Question 1

True of False

A firewall should not be paired or used with a DMZ

Answer 1

False

Question 2

True of False

A network bridge can connect two independent networks

Answer 2

True

Question 3

True of False

A router can be used for security instead of a firewall

Answer 3

False

Question 4

True of False

Distributing security appliances provides defense-in-depth to key assets like controllers

Answer 4

True

Question 5

Protection Mechanisms protect against malicious code to:

Answer 5

• Prevent
• Detect
• Report
• Mitigate

Question 6

How could you test your Security System?

Answer 6

EICAR Test

Question 7

Importance IACS Patching

Answer 7

• IACS and the software it relies on is highgly vulnerable
• New vulnerabilites are discovered and published almost daily
• Malware authors take advantage of these vulnerabilities to exploit systems
• Old malware still works on unpatched systems

Question 8

IACS Patching Challenges

Answer 8

• Patches are changes
• Changes may impact safety, reliability, certification and performance
• Must be parto of change and configuration management process
• Patching is very resource intensive
• Infrequent maintenance outages

Question 9

Patch Management

Answer 9

• Information Gathering
• Monitoring and Evaluation
• Patch Testing
• Patch Deployment
• Verification & Reporting

Question 10

Patch Management

Information Gathering

Answer 10

• Inventory
• Supplier relantionships
• Suportability
• Assess existing environment
• Categorize and classify assets

Question 11

Patch Management

Monitoring and Evaluation

Answer 11

• Monitor & ID patches
• Determine applicability
• Risk Assessment
• Decision

Question 12

Patch Management

Patch Testing

Answer 12

• File authenticity
• Review changes
• Install procedure
• Qualifications & verification
• Removal procedure
• Risk mitigation

Question 13

Patch Management

Patch Deployment

Answer 13

• Notification
• Preparation
• Scheduling
• Deployment

Question 14

Patch Management

Verification & Reporting

Answer 14

• Verification
• Training
• Documentation

Question 15

True or False

Only asset owners are involved with patch management

Answer 15

False

Question 16

Malicious code protection should use a mix of deployment systems

Answer 16

True

Question 17

True or False

Patching is an important tool for mitigation

Answer 17

True

Question 18

True or False

Necessary patches are easy to track and implement

Answer 18

False

Question 19

True or False

Patching is a risk management issue

Answer 19

True

Question 20

True or False

Patch Deployment should be followed by Verification and Reporting

Answer 20

True

Question 21

True or False

It is possible to achieve 100% Malicious Code Protection

Answer 21

False

Question 22

True or False

Product suppliers and service providers are responsible for discovery of vulnerabilites

Answer 22

True

Question 23

Instruction Detection Systems (IDS)

Answer 23

Tools to detect attemps to break into or misuse a computer system
* Security service monitors and analyze system events for the purpose of finding and providing real time warnings of attemps to access system resources in an unauthorized manner
* Allows system admins to respond to potential security issues
* If firewalls and access control systems are the lock on the door, IDS is the burglar alarm

Question 24

Intrusion Prevention System (IPS)

Answer 24

Add de ability to act on intrusion detection by automatically blocking malicious activity.

IPS generally not used within IACS zones

Question 25

NIDS

Answer 25

• Monitor network traffic
• Pre-defined rules (signatures based)
• Behaviors (heuristics-based)
• Passive Sniffing
• Inline Deployment

Question 26

HIDS

Answer 26

• Monitor host
• Pre-defined rules (signatures based)
• Behaviors (heuristics-based)
• Passive Sniffing

Question 27

Types of IDS

Answer 27

• NIDS: Network Intrusion Detection
• HIDS: Host Intrusion Detection

Question 28

IDS Issues

Answer 28

• False positives
• Deployment and operational costs
• Only effective against known vulnerabilites
• Limited signatures for control systems protocols
• Requires continuos care and feeding

Question 29

Unified Threat Management (UTM)

Answer 29

Single appliance, multiple features. UTM resembles a multi-tool by providing multiple security functions with a single installation.

Question 30

Single appliance with multiple security features

Answer 30

UTM: Unified Threat Management

Question 31

Tools to detect attemps to break into or missuse a computer system

Answer 31

IDS: Intrusion detection system

Question 32

Adds the ability to act on intrusion detection by automatically blocking malicious activity

Answer 32

IPS: Intrusion Prevention System

Question 33

Symmetric Crypthographic Algorithms

Answer 33

• DES: Data Encryption Standard
• Triple DES (3DES)
• AES: Advanced Encryption Standard

Question 34

Asymmetric Crypthographic Algorithms

Answer 34

• RSA
• Diffie-Hellman
• Elliptic Curve

Question 35

True or False

Only asset owners are involved with patching

Answer 35

False

Requires
* Asset owners
* Integrators
* Maintainers
* Products suppliers

Question 36

True or False

Asymmetric keys use the same shared key and require lower bandwidth overhead

Answer 36

False

Question 37

True or False

Hashes are changes wich may impact safety, reliability, certification and performance.

Answer 37

False

Hashes are changes wich may impact safety, reliability, certification…

Question 38

True or False

Cryptography uses ciphers or algorithms for encrypting and decrypting messages.

Answer 38

True

Question 39

What does NIDS stand for?

Answer 39

Network Intrusin Detection System

Question 40

What is an Intrusion Detection System (IDS)?

Answer 40

Tools to detect attemps to break into or missuse a computer system

Question 41

True or False

The two main types of Intrusion System are Network and Host-based

Answer 41

True

Question 42

Which cryptographic system requires two separate keys, one which is secret and one which is public?

Answer 42

Asymmetric

Question 43

True or False

Hashing involves creating unique identifier of some chunk of data

Answer 43

True