Podcast
Questions and Answers
What is the first stage in the ICS Vulnerability Assessment work plan?
What is the first stage in the ICS Vulnerability Assessment work plan?
Offsite work includes analyzing physical security risks.
Offsite work includes analyzing physical security risks.
False
Name one of the tasks involved in the Offsite Work stage.
Name one of the tasks involved in the Offsite Work stage.
Collect all documentation, drawings, and configuration files
During the Onsite Work, it is important to look for __________ risks.
During the Onsite Work, it is important to look for __________ risks.
Signup and view all the answers
Which of the following is NOT included in the phases of the ICS Vulnerability Assessment?
Which of the following is NOT included in the phases of the ICS Vulnerability Assessment?
Signup and view all the answers
Match the following tasks with their respective phases in the ICS Vulnerability Assessment:
Match the following tasks with their respective phases in the ICS Vulnerability Assessment:
Signup and view all the answers
The purpose of the review with the client is to finalize the report without any suggestions.
The purpose of the review with the client is to finalize the report without any suggestions.
Signup and view all the answers
What is a primary goal of conducting interviews during the onsite work?
What is a primary goal of conducting interviews during the onsite work?
Signup and view all the answers
What does the ISA 99 standard primarily focus on?
What does the ISA 99 standard primarily focus on?
Signup and view all the answers
It is safe to actively scan live ICS networks.
It is safe to actively scan live ICS networks.
Signup and view all the answers
What should be captured to assess the current state of a network?
What should be captured to assess the current state of a network?
Signup and view all the answers
To understand all ports and services on the devices, which tool should be used for scanning controllers?
To understand all ports and services on the devices, which tool should be used for scanning controllers?
Signup and view all the answers
Match the following types of tests with their descriptions:
Match the following types of tests with their descriptions:
Signup and view all the answers
What type of information is critical to document during an onsite facility tour?
What type of information is critical to document during an onsite facility tour?
Signup and view all the answers
Denial of Service (DoS) attacks can be simulated on a live environment.
Denial of Service (DoS) attacks can be simulated on a live environment.
Signup and view all the answers
What is the goal of analyzing router, switch, and firewall configurations during offsite work?
What is the goal of analyzing router, switch, and firewall configurations during offsite work?
Signup and view all the answers
Gathering and analyzing ___________ is critical for identifying vulnerabilities within the network.
Gathering and analyzing ___________ is critical for identifying vulnerabilities within the network.
Signup and view all the answers
Which method helps in analyzing the system's automatic recovery post-attack?
Which method helps in analyzing the system's automatic recovery post-attack?
Signup and view all the answers
Passive capturing of ICS traffic can effectively detect clear text transfers.
Passive capturing of ICS traffic can effectively detect clear text transfers.
Signup and view all the answers
What does the acronym NERC CIP stand for?
What does the acronym NERC CIP stand for?
Signup and view all the answers
Scanning controllers with ___________ helps determine if the device is running any vulnerable services.
Scanning controllers with ___________ helps determine if the device is running any vulnerable services.
Signup and view all the answers
Match the following tools or techniques with their respective purposes:
Match the following tools or techniques with their respective purposes:
Signup and view all the answers
Which of the following protocols is considered vulnerable and should be researched further?
Which of the following protocols is considered vulnerable and should be researched further?
Signup and view all the answers
Offsite data analysis does not include reviewing traffic dumps from network devices.
Offsite data analysis does not include reviewing traffic dumps from network devices.
Signup and view all the answers
What should be documented for each vulnerability found during the security assessment?
What should be documented for each vulnerability found during the security assessment?
Signup and view all the answers
Vulnerabilities found on multiple devices should be grouped under one vulnerability, but should specify the '______ Impacted'.
Vulnerabilities found on multiple devices should be grouped under one vulnerability, but should specify the '______ Impacted'.
Signup and view all the answers
Match the following activities with their corresponding focus areas:
Match the following activities with their corresponding focus areas:
Signup and view all the answers
Which of the following is NOT a noteworthy item to check in operating system DUMP logs?
Which of the following is NOT a noteworthy item to check in operating system DUMP logs?
Signup and view all the answers
The Project Manager compiles all findings into a Rough Draft report after analyzing physical security findings.
The Project Manager compiles all findings into a Rough Draft report after analyzing physical security findings.
Signup and view all the answers
What is the purpose of creating communication matrices by IP address?
What is the purpose of creating communication matrices by IP address?
Signup and view all the answers
Excessive use of ______ accounts should be monitored in host DUMP logs.
Excessive use of ______ accounts should be monitored in host DUMP logs.
Signup and view all the answers
Match the term with its definition:
Match the term with its definition:
Signup and view all the answers
How should vulnerabilities found across different systems be handled?
How should vulnerabilities found across different systems be handled?
Signup and view all the answers
All devices connected to the network should be assumed secure until proven otherwise.
All devices connected to the network should be assumed secure until proven otherwise.
Signup and view all the answers
What role does the ICS engineer play during the offsite analysis?
What role does the ICS engineer play during the offsite analysis?
Signup and view all the answers
The ______ engineer should create the network diagrams as part of the analysis process.
The ______ engineer should create the network diagrams as part of the analysis process.
Signup and view all the answers
Study Notes
Current and Recommended Architecture Changes
- Diagrams illustrate current and proposed network designs in compliance with ISA 99 standards.
- Current network architecture must be assessed, followed by suggested improvements.
Data Capture for Assessment
- Obtain permission to capture details on operating systems, patches, applications, user permissions, security policies, and network configurations.
- Automation through system-specific scripts advised to streamline data collection.
Testing Methodologies
- Live ICS traffic should be passively captured for analysis; active scans are prohibited on live networks.
- Utilize NMAP for exhaustive port and service exposure scans on controllers, ensuring NERC CIP compliance.
- Execute vulnerability assessments with NESSUS to check for potentially exploitable services.
Simulating Network Conditions
- Conduct tests to understand impacts of adverse network conditions on controllers.
- Focus on controller response during DoS and malformed packet attacks; aim for recovery analysis post-attack.
Denial of Service (DoS) Attacks
- Various ping commands can be used for testing resilience against DoS attacks, with increasing packet sizes.
Malicious Payload Attacks
- Use tools like
hping
to simulate attacks via arbitrary and malformed packets on specific target IPs.
Offsite Data Analysis Overview
- Offsite evaluation includes data collected from onsite visits and a comprehensive review with clients.
- Facility tours aim to identify physical security risks, supported by documentation and network configurations.
Vulnerability Assessment Work Plan
- Structure the vulnerability assessment into three phases: onsite data collection, offsite analysis, and report development.
- Efficient organization of tasks increases clarity and accountability.
Report Deliverable Insights
- Provide client with drafts that include current and proposed network diagrams, underpinning design changes with rationale.
- Document how changes improve security posture against vulnerabilities.
ICS Engineer Focus Areas
- Analysis of system logs should include scrutiny of security patches, unnecessary applications, user permissions, and network configurations.
- Essential to verify that critical services remain secure and operational during vulnerability scans.
Project Management Responsibilities
- Physical security findings must be prioritized and documented.
- Compile and coordinate findings from team members into a Rough Draft report, including an executive summary for internal teams.
Conclusion and Review with Client
- Final client review involves presenting findings and recommendations, ensuring transparency and openness to feedback on security measures.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz focuses on understanding the current state and recommended changes for SCADA network architectures to ensure compliance with applicable standards such as ISA 99. Participants will analyze diagrams and propose enhancements to improve security and performance.