Network services Flashcards
IT (Information Technology) vs. OT (Operational Technology):
IT: Focus on data, servers, and networks.
OT: Focus on controlling physical processes (e.g., industrial control systems).
Embedded Systems
Definition: Dedicated systems designed for specific functions.
Examples:
Medical devices, smart meters, industrial controllers.
Types of Embedded Systems
PLCs (Programmable Logic Controllers): Automate processes like valve control.
RTOS (Real-Time Operating System): Ensures predictable response times for critical tasks.
System-on-a-Chip (SoC): Compact, efficient chips integrating all computer components.
Embedded Systems Security
Operate in static environments; updates are infrequent.
Isolate embedded systems for security.
Industrial Control Systems (ICS)
Localized control of processes in manufacturing or critical infrastructure.
Priority: Availability > Integrity > Confidentiality.
SCADA
Manages distributed ICS over wide-area networks.
Communication methods: Cellular, satellite, fiber.
Fieldbus
Links PLCs and devices.
HMI (Human-Machine Interface)
Interfaces for monitoring and control.
Legacy Systems
No longer supported by the vendor.
Common examples: Windows XP, old manufacturing systems.
Proprietary Systems
Owned and controlled by specific vendors.
Support depends on vendor contracts and cycles.
Mitigating Legacy and Proprietary Systems
Isolate on separate networks.
Use firewalls and segmentation.
Apply compensating controls.
Networking and Security Tools
Firewalls:
Unified Threat Management (UTM):
Next-Generation Firewalls (NGFW):
Firewalls
Control traffic based on Access Control Lists (ACLs).
Types: Packet filtering, stateful, proxy, kernel proxy.
Unified Threat Management (UTM)
All-in-one security devices (firewall, antivirus, intrusion prevention, etc.).
Advantages: Lower costs, easier management.
Disadvantages: Single point of failure, less efficient.
Next-Generation Firewalls (NGFW)
Use efficient engines for deep traffic inspection.
Suitable for performance-focused environments.
Remote Access Protocols
Telnet: Plain text, insecure.
SSH: Encrypted, secure alternative to Telnet.
RDP: GUI-based remote access for Windows.
VNC: Cross-platform GUI access.
TTY: Command-line interface emulation.
Monitoring Tools
Syslog: Logs events for network devices.
- Modern versions support TCP, TLS, and authentication.
SNMP: Monitors network-attached devices.
Load Balancers
Function:
- Distributes traffic across multiple servers.
Prevents server overload and enhances efficiency.
DDoS Mitigation:
- Techniques: Blackholing, IPS, Elastic Cloud Infrastructure.
- Examples: Amazon, GitHub surviving large-scale DDoS attacks.
CIA Triad
(Confidentiality, Integrity, Availability):
Understand how availability is prioritized in OT and ICS environments.
Key Concepts and Exam Tips
CIA Triad (Confidentiality, Integrity, Availability):
Understand how availability is prioritized in OT and ICS environments.
Network Segmentation:
Crucial for isolating vulnerable systems (e.g., legacy systems).
System Security:
Apply compensating controls when updates are unavailable.
Prioritize real-time responses for critical applications (e.g., RTOS).
Device-Specific Characteristics:
Know the distinctions between PLCs, RTOS, SoC, and standard systems.