Network Security Architecture

Questions and Answers

What is the primary focus of intrusion detection systems and intrusion prevention systems?

• Event monitoring and log collection (correct)
• Active defense
• Security frameworks and policies
• Network architecture design

What is the purpose of having a 'pane of glass' in incident response and forensics?

• To analyze network architecture design
• To monitor network traffic
• To have a centralized view of security events (correct)
• To collect logs from multiple devices

What is the focus of security frameworks mentioned in the content?

• Technology implementation
• Incident response and forensics
• Network architecture design
• Policies and procedures (correct)

What type of firewalls are mentioned in the content?

All of the above (D)

Why are buffer networks, demilitarized zones (DMZs), and network segmentation important?

To separate SCADA and corporate networks (C)

What is a concern when sharing active directory between SCADA and corporate networks?

Security risks (C)

What is the primary benefit of having a 'single pane of glass' in security monitoring?

Simplified security monitoring (B)

Why is it important to learn from other people's mistakes in network design?

To avoid repeating same mistakes (B)

What is the primary focus of the discussion on network design?

Segmenting SCADA and corporate networks (C)

Why is it important to consider third-party access to SCADA information?

To reduce third-party risks (D)

What is the primary focus of the first module discussed in the content?

Building a secure network infrastructure and architecture (A)

What is the significance of network segmentation in SCADA security architecture?

To isolate critical components and prevent unauthorized access (A)

Which of the following is NOT mentioned as a security solution to be layered onto the network architecture?

Firewall management (C)

What is the primary concern regarding remote user access to SCADA systems?

The risk of unauthorized modifications to the system (B)

What is the primary focus of the second module discussed in the content?

Securing remote user access to SCADA networks (D)

Which of the following is NOT a typical topic discussed regarding SCADA architecture?

Configuration of network firewalls (D)

Why is it important to properly qualify users before allowing them to make remote changes to a SCADA system?

To prevent unauthorized access and potential system damage (B)

What type of technologies are included in the 'detective technologies' mentioned in the content?

Tools for identifying and analyzing security incidents (B)

What was the main reason for deploying wireless connectivity in certain areas?

Due to environmental causes that prohibited physical access to equipment (A)

What was done after successfully deploying wireless connectivity for one pilot site?

It was spanned out to multiple sites (B)

What was sent to a centralized security event management device?

Logs from firewalls and missed attempts (C)

When did NERC SIP become law?

2007 (D)

What was the first type of traffic to go over IP in the electric utility industry?

CADA traffic (C)

Why was IP convergence a concern in the electric utility industry?

It crowded out CADA traffic (C)

What type of infrastructure was already in place in the electric utility industry?

Layer three infrastructure (B)

Why was a separate firewall put at each substation?

To make a layer two tunnel with IPSec (A)

What was a challenge in ensuring the security of SCADA equipment at offshore facilities?

The potential for viruses and junk from personal devices (D)

What was shared with the corporate network at offshore facilities?

One satellite uplink (A)

Why was a remote firewall used for the SCADA system?

To ensure that SCADA traffic had the highest level of integrity. (A)

What was the primary security concern with the local Wi-Fi connectivity at the compressor sites?

The possibility of unauthorized access due to the open nature of wireless signals. (B)

What security measure was implemented to address the vulnerability of the Wi-Fi network?

The routing of Wi-Fi traffic to the dirty side of the corporate firewall. (D)

What was the purpose of routing Wi-Fi traffic to the dirty side of the corporate firewall?

To provide an additional layer of security for the Wi-Fi network. (D)

What type of authentication system was used for Wi-Fi users?

Two-factor authentication. (D)

What was the primary reason for using VLANs for separating traffic?

To optimize bandwidth usage by tagging packets. (C)

What type of VPN tunnel was used between the remote firewall and the central control room?

IPSec VPN. (B)

What security principle was applied to the Wi-Fi network?

Zero trust. (B)

What type of network devices were used at each compressor site to separate traffic?

Layer 3 switches. (B)

Which of the following security measures was NOT implemented for the SCADA system?

Two-factor authentication for access. (C)

What is the main purpose of an access point in the electronic security perimeter?

To provide challenge response (C)

Why is it important to have an access control point for dial-up access?

To reduce the risk of unauthorized access (B)

What is the concept of an electronic security perimeter?

A virtual concept to provide digital security (A)

Why did the water company want to adhere to the ISA standards?

To secure their infrastructure without deploying firewalls (C)

What was done to secure the water company's infrastructure?

VLANs were used to separate different functional areas (A)

Why is virtualization through VLANs considered a compromise?

Because it separates different networks within one level of trust (C)

Why is the speaker not comfortable with leveraging a corporate VMware deployment for SCADA systems?

Because of the potential security risks (A)

What is a concern with sharing active directory between SCADA and corporate networks?

It would compromise the security of both networks (B)

What is the purpose of having different VLANs for different functional areas?

To separate different networks within one level of trust (C)

Why are access points necessary at the boundary between the corporate network and critical cyber assets?

To provide an additional layer of security (B)

What was a common issue faced by organizations regarding their SCADA and IT networks in the early 2000s?

The corporate network was overloaded with traffic affecting SCADA performance. (A)

What solution was proposed to alleviate the network performance issues in the water wastewater treatment facility?

Separating the IT network from the SCADA network. (D)

Why did system integrators prefer to use the existing corporate network in the late 1990s for SCADA systems?

They needed to minimize costs and time for new infrastructure. (B)

What was deployed at each building in the water facility to create a separate process control network?

Firewalls and protected SCADA switches. (D)

How did the implementation of a separate process control zone impact the water facility's system performance?

It immediately improved the performance of the interaction system. (B)

What type of devices were connected to the protected SCADA switches in the water facility?

Devices that functioned like SCADA devices. (C)

What was a key feature of the SCADA systems in the facilities mentioned in the content?

They often included embedded PLC devices. (D)

What challenge did the pipeline company face regarding its existing corporate network?

No available budget to create a separate SCADA infrastructure. (C)

What network technology trend began emerging in the mid-1990s that influenced SCADA system integration?

The widespread use of Ethernet interfaces in PLCs and RTUs. (C)

What was the purpose of having a CA firewall at the central control room in the pipeline company?

To enhance the security of the centralized IT environment. (B)

What was the initial reason for clients to start implementing firewalls between their corporate networks and their industrial control systems (ICS) networks?

To prevent the spread of malware, such as the SQL Slammer worm and the I Love You virus, that could affect both networks (D)

What was the primary issue with the early implementation of firewalls between corporate and ICS networks?

Firewalls were not effective in preventing unauthorized access to ICS systems. (A)

What is a 'firewall sandwich' in the context of network segmentation?

A pair of firewalls positioned in series, creating a buffer network (C)

What is the primary purpose of a Demilitarized Zone (DMZ) in the context of network segmentation?

To act as a buffer zone between the corporate network and the ICS network (D)

What is the main benefit of having two different firewalls managing the DMZ, one by the corporate group and one by the operations group?

Increased security by having separate rule bases and access controls (C)

Which of the following is NOT a benefit of using network segmentation techniques in SCADA systems?

Increasing the complexity of the network infrastructure (C)

What is the analogy used in the content to illustrate the importance of network segmentation?

A ship with multiple compartments to contain damage (B)

What is the primary objective of applying network segmentation techniques to SCADA systems?

To create a more secure environment by limiting the impact of security breaches (C)

What is the concept of 'firewall diversity' mentioned in the content?

Having multiple firewalls from different vendors for redundancy (B)

Which of the following is a key aspect of network segmentation in SCADA systems, as described in the content?

Assigning different trust levels to various equipment within the SCADA network (D)

What is the primary purpose of a demilitarized zone (DMZ) in a SCADA network?

To isolate the corporate network from the SCADA network, allowing controlled communication between them. (D)

What is the function of an OPC server in a SCADA network?

To collect data from field devices and convert it into a format that can be used by the data historian. (A)

How does a firewall sandwich design differ from a single firewall with multiple interfaces for a DMZ?

The firewall sandwich design provides more redundancy, as it eliminates a single point of failure. (B)

Which of the following security measures can be implemented in a DMZ to enhance SCADA network security?

All of the above. (D)

What is the purpose of a data historian in a SCADA network?

To collect and store data from field devices, enabling analysis and reporting. (B)

What is a key advantage of using a single firewall with multiple interfaces for a DMZ?

It simplifies network management by centralizing security control. (D)

Which of the following protocols is commonly used by IO servers to communicate with field devices?

Modbus (C)

Why is it important to restrict access to the data historian in a SCADA network?

To comply with industry regulations and best practices for data security. (B), To prevent unauthorized users from viewing or modifying historical data. (D)

What is the purpose of a frontend processor in a SCADA network?

To collect data from field devices and convert it into a format that can be used by the data historian. (C)

What is the significance of having two firewalls in a failover mode in a firewall sandwich design?

It increases network redundancy by providing a backup firewall in case of a failure. (C)

What is the main security risk associated with contractors connecting to the same switches on a platform?

Infected devices can spread viruses to all equipment. (B)

What is a significant issue with using a VPN tunnel over satellite communications?

High latency leading to problematic performance. (B)

What was the operations manager's assumption when requesting IP addresses?

All devices needed public IP addresses. (A)

What led to the facility being vulnerable to external access?

A misunderstanding about public IP addresses. (D)

What solution was often implemented to address the communication issues at offshore facilities?

Implementing a second satellite uplink for SCADA. (B)

Why was the operation supervisor's action of requesting a DSL connection seen as problematic?

It bypassed corporate security protocols. (A)

What was a common misconception held by the operations manager regarding his facility's network security?

Only internal users could access the system. (B)

What is a major consequence of not having a localized firewall in a facility with internet-connected devices?

Increased risk of cyberattacks from any internet user. (C)

What characteristic of satellite systems complicates VPN communications?

They experience significant delays in latency. (A)

What lesson can be learned from the operations manager's experience with unsolicited internet access?

Clear communication about technical requirements is crucial. (C)

What was the primary function of the second firewall in the discussed network setup?

To segment and protect industrial control system devices (C)

How much was spent on firewalls and their configuration in the described network architecture?

$15,000 (A)

Which standard imposes specific requirements on the electric power industry regarding electronic security perimeters?

NERC C 0 0 5 (D)

What type of network connection is typically used to give remote users access to their corporate systems?

A WAN link (B)

What was noted as essential for the chemical industry concerning process control systems after an incident?

Access controls must be challenged and logged (B)

What does the ISA level segmentation in network architecture help to achieve?

Compliance with industry standards (D)

What is a significant risk that was mitigated by utilizing the described firewall strategy?

Direct exposure of the plant network to the internet (B)

What is a typical component found in a corporate infrastructure for plant operations?

Centralized email servers (A)

Which of the following environments must be properly segmented according to the content discussed?

Industrial control systems and corporate networks (B)

What is the primary risk identified when a plant historian is directly connected to both the corporate network and the plant control system?

The historian could be used as a bridge for attackers to access the plant control system from the corporate network. (A)

What security measure was implemented to mitigate the risk of the plant historian being a bridge between the corporate network and the plant control system?

Creating a demilitarized zone (DMZ) and placing the historian in it. (D)

What kind of firewall devices were utilized in the described network setup?

SA 55 0 5 low-end firewalls (C)

Why is it important to prevent foreign accounts from being established on engineering workstations in a Delta VDCS environment?

Foreign accounts could be used to modify or delete critical control system configurations. (A)

What is the primary reason for separating SCADA and corporate systems into separate virtualized environments?

To prevent unauthorized access to SCADA systems from the corporate network. (A)

What is the significance of the discovery of over 30 unknown accounts on the plant historian?

It raises concerns about the potential for unauthorized access and control of the plant control system. (D)

What is the primary security concern associated with the use of a plant historian that is dual-homed on both the corporate network and the plant control system?

The historian could be used to transfer data between the corporate network and the plant control system, potentially allowing for unauthorized access. (B)

Why is it important to restrict access to engineering workstations in a SCADA environment?

To prevent unauthorized modifications to the control system configuration. (C)

What is the primary benefit of separating SCADA and corporate systems into separate virtualized environments?

Reduced risk of unauthorized access to SCADA systems from the corporate network. (A)

What is the primary reason for the creation of a demilitarized zone (DMZ) in this scenario?

To isolate the plant historian from both the corporate network and the plant control system. (D)

What is the primary security concern regarding the discovery of foreign accounts on the engineering workstation in a Delta VDCS environment?

The foreign accounts could be used to modify or delete critical control system configurations. (C)

What was the primary action taken to limit access to the control system?

Closing down all networking holes except one (B)

Why was it necessary to move the plant historian off the corporate network?

To mitigate security risks associated with being on the corporate network (A)

How was traffic routed from the DCS environments to the centralized DMZ?

Via VPN tunnels (D)

What role do redundant firewalls play in the system architecture?

To enhance network segmentation and security (B)

What was one of the considerations for incorporating a DMZ in the infrastructure?

To allow for a flexible environment for security updates (C)

What was the challenge associated with using the corporate network for DCS systems?

Increased risks and vulnerabilities (A)

What was removed from the pro plus machine as part of the security measures?

Unnecessary user accounts (C)

What technology was primarily used to replace the need for a separate network?

Virtual Private Network (VPN) (B)

What was the established purpose for a terminal or Citrix server in the DMZ?

To serve as a jump server for technicians (C)

What benefit comes from using a centralized DMZ for security updates?

Enhanced coordination of updates for different systems (D)

What is a recommended practice when updating industrial control systems?

Test patches before deployment and update manually. (C)

Why should industrial control systems not be directly connected to the internet?

Direct connections increase security risks. (D)

What is the role of a WS server in a corporate network related to industrial controls?

To pull updates for controlled distribution to industrial systems. (A)

What is a disadvantage of automatically updating systems in industrial environments?

It could potentially disrupt multiple applications simultaneously. (B)

What is a benefit of using a demilitarized zone (DMZ) in network architecture?

It provides an extra layer of security for sensitive systems. (A)

What should not be done with antivirus updates in an industrial control system?

Allow automatic downloads to all controlled systems. (D)

Which approach reduces the risk associated with patches and updates in control systems?

Setting strict communication rules between servers. (A)

What is a potential issue with patching multiple devices simultaneously in industrial systems?

Risk of cascading failures across applications. (D)

Why is staged access recommended in secure network architecture?

It minimizes the risk of unauthorized access across levels. (C)

Which strategy is advised for transferring updates into industrial control systems?

Creating a dedicated server on a DMZ for controlled updates. (B)

Study Notes

Setting Up Network Infrastructure

• Importance of establishing strong network infrastructure to create secure perimeters before implementing additional security solutions.
• Initial focus on network segmentation in SCADA security architecture.

Network Segmentation and Architecture

• Discuss the creation of demilitarized zones (DMZs) within network architecture.
• Placement strategies for antivirus, patching, Active Directory, and data historians.
• Addressing concerns about remote access and secure authentication of remote users into SCADA systems.

Security Technologies

• Transition from active defense to detection involving Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
• Importance of event monitoring and log aggregation for enhanced incident response and forensics.
• Overview of security frameworks: NERC, SIP, DHS, CFA, ISA 99, and their role in establishing security controls.

Emerging Technologies in Security

• Questions from clients regarding Tofino firewalls, data diodes, hardened switches, and other industrial firewall technologies.
• Discussion on how these technologies assist in reinforcing security in SCADA environments.

Management Deliverables

• Emphasis on creating comprehensive documentation for security findings to effectively communicate with senior management.

Lessons from Poor Network Designs

• Examination of outdated network designs where SCADA and corporate IT networks co-existed, leading to performance issues.
• Example of a water utility where the lack of segmentation between IT and SCADA networks caused significant operational delays.

Successful Network Segmentation

• Implementation of firewalls and protected SCADA switches to achieve segmentation between corporate IT and SCADA networks.
• Improvement in system performance following the separation of traffic.

Secure Connectivity in Remote Sites

• Use of IPSec VPN tunnels for secure communication between compressor sites and central control rooms over a corporate WAN.
• Challenges of integrating local Wi-Fi and the necessity for layered security to mitigate wireless vulnerabilities.

Electrical Utility Example

• Adoption of IP connectivity for substations leading to increased traffic and security concerns.
• Deployment of firewalls to maintain separation between SCADA and corporate traffic using layer two tunneling techniques.

Offshore Facility Security

• Necessity of localized firewalls on offshore platforms to prevent infection from potential threats by contractors using communal switches.
• Issues with establishing VPN tunnels over satellite connections due to high latency.

Notable Security Failures

• Review of a facility with all devices directly connected to the internet, highlighting poor configurations and lack of firewall protections.
• Insights into the challenges faced when resources are not localized, impacting operational security.### Internet and Industrial Networks
• Initial challenges included a carrier not providing a required MPLS circuit, leading to frustration among staff.
• An operations supervisor sought a DSL connection from AT&T without understanding the distinction between public and private IP addresses.
• The excitement of remote monitoring led to a lack of awareness regarding network security, exposing the SCADA system to the public internet.

Security Concerns and Solutions

• By 2005-2006, clients experienced significant cyber threats, prompting awareness of network vulnerabilities.
• Incidents like the SQL Slammer worm highlighted the risks of flat networks shared with corporate networks.
• Implementing firewalls became essential; however, many organizations maintained overly simplistic flat network architectures.

Network Architecture and Segmentation

• Importance of network segmentation in enhancing security, akin to submarines having compartments to contain damage.
• Two firewall designs: "firewall sandwich" with two firewalls or a single firewall with multiple interfaces to form a Demilitarized Zone (DMZ).
• Each firewall manages different traffic flows; this ensures layered security between corporate and industrial control systems.

Firewall Implementation

• Best practice involves placing a DMZ between corporate networks and SCADA systems, creating controlled and monitored access.
• Creating rules in firewalls can restrict access between corporate users and SCADA networks, thereby reducing vulnerabilities and attack surfaces.

Industry Trends and Standards

• Various industries, such as electric power and chemical sectors, have standards (NERC C 0 0 5 and DHS chemical facility standards) governing the security of industrial control systems.
• Access points must enforce challenge-response mechanisms and logging for transitions between networks to ensure accountability and security.

Virtualization and Network Security

• Concerns exist around using shared virtual environments for disparate trust levels; SCADA systems should remain strictly separated from corporate systems.
• Ideal setup involves distinct virtual platforms for SCADA and corporate environments, limiting risk from potential breaches.

Case Study: Chemical Industry Vulnerabilities

• A facility claimed no connections between corporate and plant networks; however, a plant historian was unexpectedly dual-homed, representing a significant risk.
• The existence of numerous unaccounted accounts on the historian underscored vulnerabilities, as domain administrators from corporate networks could access critical systems without oversight.### Delta VDCS Environment Security
• A pro plus engineering workstation enables reconfiguration and can wipe all I/O and DCS controllers, risking facility shutdown.
• Unauthorized access could lead to inability to restart systems without restoring factory defaults, indicating a high security risk.

Demilitarized Zone (DMZ) Implementation

• Establishing a DMZ within the plant enhances security by isolating the plant historian from the corporate network while allowing necessary communication.
• A firewall was set up with strict rules, limiting the connections to the historian from the control network.
• Only one port was opened for logging data from application nodes to the historian, minimizing unauthorized access.

Mixed DCS Systems

• Chemical facilities often utilize multiple vendors for DCS systems, increasing complexity and security vulnerabilities.
• A previous setup had application nodes using the corporate network for routing, raising significant security risks.

Network Redesign and VPN Solutions

• Redundant firewalls and VPN tunnels were established to securely connect DCS environments to a centralized DMZ, ensuring controlled access.
• The restructuring allows corporate users to access the historian safely while maintaining isolation from critical control systems.

Additional Infrastructure in the DMZ

• The DMZ can accommodate various security infrastructure, such as antivirus servers for updates and terminal servers for technician access.
• Security assessments often reveal vulnerabilities, such as antivirus agents on industrial control systems accessing the internet directly, which undermines firewall protections.

Secure Architecture Principles

• Avoid direct network hops between different security levels to prevent unauthorized actions on critical control systems.
• Maintain staged authentication processes: Level four users must authenticate to level three before accessing level two or one.

Updating Security Software Safely

• Industrial control systems should not connect directly to the internet for updates; testing should precede any implementation of patches.
• A separate Windows update server within the DMZ ensures that updates are carefully controlled and tested before reaching critical systems.

Benefits of Multiple DMZs

• Having multiple DMZs can enhance security further by segregating functions; for instance, one DMZ for historians and another for antivirus updates.
• Specific rules can be applied to control interactions between different DMZs and the industrial control systems, leading to a more secure and manageable architecture.

Description

Learn how to set up a secure network infrastructure and build a solid network architecture. This is the foundation for layering additional security solutions such as IDS, IPS, log aggregation, monitoring, and forensics.