Question

Technology Review Discussion: Research and report to the class on one of the following security technologies used to secure Industrial Control Systems: Application Whitelisting, Network segmentation, vulnerability scanning, network access control, Security Information and Event Management, Data diode.

Please cover in your post the following points:

Describe what the technology does.

Discuss whether you think it's a good fit for securing ICS and why.

Answer 1

Solution:-

Technology Review Discussion on Industrial Control Systems security :-

The industrial control systems and other business systems are using the IT technologies extensively. To achieve business goals and to perform fast and produce accurate IT technologies are used. In industrial control systems the IT technologies are used for the same purpose. But as the technology is used there are some side effects. Along with new facilities the new threats are emerged. In every organization the sensitive information and data is managed by automation and IT technologies so it is must to make them safe and secure. There comes the security.

Now we discuss about one of the security practice that is useful and beneficial for today's business and industrial systems. We discuss about the vulnerability scanning. Vulnerability is a point or weakness of the automation system from a malicious person or attacker can enter inside. By this the attacker can steal the important information and modify. So it is not good for any organization. For this we can perform vulnerability scanning.

Vulnerability scanning is aprocess of checking of the potential points from where attacker can enters the system and exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority. An Approved Scanning Vendor, for example a service provider that is certified and authorized by the Payment Card Industry (PCI) to scan payment card networks. Vulnerability scans are also used by attackers looking for points of entry.

There are some tools available that performs the vulnerability scanning. A vulnerability scanner runs from the end point of the person inspecting the attack surface. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered. Running a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.

Mostly the two approaches are used to perform vulnerability scanning -

1) Authenticated scan -  In an authenticated scan, the tester logs in as a network user, revealing the vulnerabilities that are accessible to a trusted user, or an intruder that has gained access as a trusted user.

2) Unauthenticated scans - In the unauthenticated method, the tester performs the scan as an intruder would, without trusted access to the network. Such a scan reveals vulnerabilities that can be accessed without logging into the network.

An ideal vulnerability scanner has capabilities such as the following:

• Maintenance of an up-to-date database of vulnerabilities.
• Detection of genuine vulnerabilities without an excessive number of false positives.
• Ability to conduct multiple scans simultaneously.
• Ability to perform trend analyses and provide clear reports of the results.
• Recommendations for countermeasures to eliminate discovered vulnerabilities.

If security holes are detected by a vulnerability scanner, a vulnerability disclosure may be required. The organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure, sometimes after alerting the vendor and allowing them a certain amount of time to remedy or mitigate the problem.

Advantages:-

1) Associated Benefits of Monthly Scans -

It is sometimes difficult to Creating a culture of security cbe but being proactive you will see many benefits of a periodically vulnerability scan.

2) Increased Awareness -

One way to increase security awareness at your business is to raise the specter of review and assessment often. When employees realize their systems will be monitored on an ongoing basis, they will buy-in to security protocols much faster.

3) System Assessment Results -

A periodically scan can sometimes found unknown problems or issues outside of a security concern. Vulnerability scanning can often slow down your network system.

4) Provides Actionable Insight -

A true vulnerability scan can provide insight into your system that your own IT staff or your IT consulting partner will be able to immediately take action on.

So this Security practice is very beneficial to the modern industrial control systems to wofk faster with improved security.