Certified Cybersecurity Technician IoT and OT Security PDF

Summary

This document discusses various vulnerabilities in OT (Operational Technology) environments and their solutions. It covers security measures, based on the Purdue model, international OT security organizations, and OT security tools. The document aims to protect critical industrial infrastructure and associated IT systems from cyber-attacks.

Full Transcript

Certified Cybersecurity Technician Exam 212-82
loT and OT Security

Module Flow
~
! sgr. ~_‘.
4. :i|‘ L‘.

Understand IoT Devices, Discuss the Security Understand OT Discuss the Security
Application Areas, and in IoT-enabled Concepts, Devices, in OT-enabled
Communication Models Environments and Protocols Environments

Discuss the Security in OT-enabled Environments
This section discusses various OT vulnerabilities and their solutions, security measures based on
the Purdue model, international OT security organizations, OT security solutions, and tools.
Following the security measures, organizations can implement proper security mechanisms to
protect critical industrial infrastructure and associated IT systems from various cyber-attacks.

Module 13 Page 1620 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

* Implement multi-factor authentication 6. OT Systems Placed Segregale the corporate IT and OT devices
1. Publicly Accessible _— - - e within the Corp IT = Establish a DMZ for all connections in the IT and
OF systems : osl?x Ielgrt‘erpr se-grade firewall and remote access Network OT systems
- Restrict access on the IT-OT network, based on
7. Insufficient Security for
* Use strong multifactor authentication mechanism the business need
2. Insecure Remote Corporate IT Network
and password policies Establish a secure gateway between the two
Connections from OT Systems
= Implement appropriate security patching practices ;e‘WOI;RS n— —
* State clear separation between critical and non-
3. Missing Securlty * Test applications in the sandbox environment 8. Lack of Segmentation critical syst emps. Missing Secur! J
Updates L within OT Networks * Implement zoning model that uses a defense-in-
= Employ a firewall and perform device hardening depth approach

* Use separate username conventions for the
* Use strong wireless encryption protocols
corporate IT and OT networks 8. Lack of Encryption and 8 P P
Authentication for * Use industry-standard cryptographic algorithms
4. Weak Passwords * Change default credentials at the installation time Wireless OT Networks = Conduct regular security audits
= Perform security audits to meet compliance with
secure password policies = Conduct a formal risk assessment
10.Unrestricted Outbound * Monitor and segregate OT systems from external
5. Insecure Firewall = Implement secure firewall configuration Internet Access from OT access
Configuration = Configure the access control list on the firewall AETRE * Download security updates in a separate
repository outside the OT network

Copyright © by EC-Council ANl Rights Reserved. Reproductionis Strictly Prohibited

OT Vulnerabilities and Solutions

Vulnerabilities in industrial systems such as ICS/SCADA, PLC, and RTU pose a significant threat
to the associated critical infrastructure. Organizations need to incorporate appropriate security
controls and mechanisms to protect such systems from various cyber-attacks.
Discussed below are some of the most common OT vulnerabilities and solutions:

Vulnerability Solutions

1. Publicly Accessible * Implement multi-factor authentication
OT Systems * Use enterprise-grade firewall and remote access solutions

= Use a strong multifactor authentication mechanism and robust
2. Insecure Remote password policies
Connections....
= |Implement appropriate security patching practices

o. » Test applications in a sandbox environment before launching them
3. Missing Security live
Updates...
= Employ a firewall and perform device hardening

= Use separate username conventions for the corporate IT and OT
networks
4. Weak Passwords = Change default credentials at time of installation
= Perform security audits to meet compliance with secure password
policies for both IT and OT networks

5. Insecure Firewall * |mplement secure firewall configuration
Configuration = Configure the access control lists on the firewall

Module 13 Page 1621 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security
1oT

= Segregate the corporate IT and OT devices
6. OT Systems Placed
= Establish a DMZ (demilitarized zone) for all connections in the IT
within the Corporate
and OT systems
IT Network
= Regularly monitor the DMZ
7.
7. Insufficient
Insufficient Security
Security = Restrict access on the IT/OT network, based on the business need
Corporate IT
for Corporate )
Network from
from OT = Establishh a secure
Establis secure. gatewa betweenn the OT and IT networ
gatewayy betwee ks
networks
Network OT
System
Systemss = Perform regular risk assess
assessment
ment

8.
8. Lack
Lack of
of Segmentation
Segmentation | * State clear separation between critical and non-critical systems
within OT Networks = |mplement
Implement a zoning model that uses a defense-in-depth approach

9.
9. Lack
Lack ofof Encryption
Encryption = Use strong wireless encryption protocols
and Authentication. :.
for Wireless OT
?o":vcimoc:flm = Use industry-standard cryptographic algorithms
Networks = Conduct regular security audits

10. Unrestricted = Conduct a formal risk assessment
Outbound Internet = Closely monitor and segregate OT systems from external access
(Closely
Access from OT = Download security updates in a separate repository outside the OT
Networks network
Table 13.2: OT vulnerabilities and solutions

Module 13 Page 1622
Module 1622 Certified Cybersecurity
Certified Cybersecurity Technician
Technician Copyright
Copyright ©© by EC-Council
EG-Gounell
All Rights Reserved. Reproduction
All Rights Reproduction isis Strictly Prohibited.
Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

How to Secure an IT/OT Environment
Security Controls based on Purdue Model

5&4 rewa u
Spear phishing, Abusing infrastructure, it e
(Entarprise network and Ransomware access to the network U
Business Logistics Systems) Antivirus
Malware injections, Anti-DoS solutions, IPS,
51
e e network infections Antibot, Application control
Altering industrial
Ransomware, Bot ;: industrial spyi Anti-bot, IPS, Sandboxing,
3 (Operational Systems) infection, Unsecured ::\:cml; o —— o Application control, Traffic
USB ports s b encryption, Port protection

DoS exploitation, IPS, Firewall, Communication
28&1 Unencrypted protocols, encryption using IPsec,
Altering industrial
(Control Systems & Basic Default credentials, Industrtel Security gateways, Use of
Controls) Application and 0S e ] authorized RTU and PLC
vulnerabilities commands

Modifications or Point to point communication,
0 (Physical process) Physical security breach disruption in the physical MAC authentication, additional
process security gateways at level 1 &0

How to Secure an IT/OT Environment

IT/OT convergence is widely being adopted in industries such as traffic control systems, power
plants, manufacturing companies, etc. These IT/OT systems are often targeted by the attackers
to discover the underlying vulnerabilities and indulge in cyber-attacks. Based on the Purdue
model, the IT/OT environment is divided into several levels, and each level is required to be
secured with proper security measures.

The table below describes various attacks on different Purdue levels of an IT/OT environment,
associated risks, and security controls to fortify the network against cyber-attacks:

Zone Purdue Level Attack Vector Risks Security Controls

5 & 4 (Enterprise P Abusing Firewalls, IPS, Anti-
Enterprise Network and lI:':ishin infrastructure, bot, URL filtering,
P Business Logistics P & Access to the SSL inspection,
Ransomware..
Systems) network Antivirus
MMalware intecions Anti-DoS solutions,
Industrial DMZ | 3.5 (IDM2) DoS attacks ) " | IPS, Antibot,
Network infections oo
Application control
Anti-bot, IPS,
Ransomware, | Altering industrial
Sandboxing,. 3 (Operational Bot infection, | process, Industrial e
Manufacturing. Application control,
Systems) Unsecured spying, Unpatched ).
USB ports monitoring systems Trafflc encryption,
P g5y Port protection

Module 13 Page 1623 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
loT and OT Security

DoS
exploitation, IPS, Firewall,
281 Unencrypted Communication
(Control Systems protocols, Altering industrial | encryption using. (Control Systems..
Manufacturing and Basic ¥ Default process, Industrial | IPsec, Security
Controls) credentials, spying gateways, Use of
Application authorized RTU and
and OS PLC commands
vulnerabilities
Point-to-point
, e communication,
Manufacturing
| o (Physical
0 (Physical
P
security
::Z::tayl
Modificationsor
disruption to the
:I,ilsor?:;:::otgstzg
|\~ o thentication,
MAC R authentication,
:
process) A. Additional security
breach physical process
gateways at levels 1
and 0
and0
Table 13.3: Attacks on different Purdue levels

Module 13 Page 1624 EC-Council
Certified Cybersecurity Technician Copyright © by EG-Gounell
All Rights Reserved. Reproduction is Strictly Prohibited.
Prohibited.