Certified Cybersecurity Technician IoT and OT Security PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Certified Cybersecurity Technician Exam 212-82 PDF
- Understand IoT, OT, and Cloud Attacks PDF
- IoT and OT Security Exam 212-82 PDF
- Certified Cybersecurity Technician IoT and OT Security PDF
- Chapter 13 - 03 - Understand OT Concepts, Devices, and Protocols - 01 PDF
- Chapter 13 - 04 - Discuss the Security in OT-enabled Environments - 02_ocred_fax_ocred.pdf
Summary
This document discusses various vulnerabilities in OT (Operational Technology) environments and their solutions. It covers security measures, based on the Purdue model, international OT security organizations, and OT security tools. The document aims to protect critical industrial infrastructure and associated IT systems from cyber-attacks.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 loT and OT Security Module Flow...
Certified Cybersecurity Technician Exam 212-82 loT and OT Security Module Flow ~ ! sgr. ~_‘. 4. :i|‘ L‘. Understand IoT Devices, Discuss the Security Understand OT Discuss the Security Application Areas, and in IoT-enabled Concepts, Devices, in OT-enabled Communication Models Environments and Protocols Environments Discuss the Security in OT-enabled Environments This section discusses various OT vulnerabilities and their solutions, security measures based on the Purdue model, international OT security organizations, OT security solutions, and tools. Following the security measures, organizations can implement proper security mechanisms to protect critical industrial infrastructure and associated IT systems from various cyber-attacks. Module 13 Page 1620 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security * Implement multi-factor authentication 6. OT Systems Placed Segregale the corporate IT and OT devices 1. Publicly Accessible _— - - e within the Corp IT = Establish a DMZ for all connections in the IT and OF systems : osl?x Ielgrt‘erpr se-grade firewall and remote access Network OT systems - Restrict access on the IT-OT network, based on 7. Insufficient Security for * Use strong multifactor authentication mechanism the business need 2. Insecure Remote Corporate IT Network and password policies Establish a secure gateway between the two Connections from OT Systems = Implement appropriate security patching practices ;e‘WOI;RS n— — * State clear separation between critical and non- 3. Missing Securlty * Test applications in the sandbox environment 8. Lack of Segmentation critical syst emps. Missing Secur! J Updates L within OT Networks * Implement zoning model that uses a defense-in- = Employ a firewall and perform device hardening depth approach * Use separate username conventions for the * Use strong wireless encryption protocols corporate IT and OT networks 8. Lack of Encryption and 8 P P Authentication for * Use industry-standard cryptographic algorithms 4. Weak Passwords * Change default credentials at the installation time Wireless OT Networks = Conduct regular security audits = Perform security audits to meet compliance with secure password policies = Conduct a formal risk assessment 10.Unrestricted Outbound * Monitor and segregate OT systems from external 5. Insecure Firewall = Implement secure firewall configuration Internet Access from OT access Configuration = Configure the access control list on the firewall AETRE * Download security updates in a separate repository outside the OT network Copyright © by EC-Council ANl Rights Reserved. Reproductionis Strictly Prohibited OT Vulnerabilities and Solutions Vulnerabilities in industrial systems such as ICS/SCADA, PLC, and RTU pose a significant threat to the associated critical infrastructure. Organizations need to incorporate appropriate security controls and mechanisms to protect such systems from various cyber-attacks. Discussed below are some of the most common OT vulnerabilities and solutions: Vulnerability Solutions 1. Publicly Accessible * Implement multi-factor authentication OT Systems * Use enterprise-grade firewall and remote access solutions = Use a strong multifactor authentication mechanism and robust 2. Insecure Remote password policies Connections.... = |Implement appropriate security patching practices o. » Test applications in a sandbox environment before launching them 3. Missing Security live Updates... = Employ a firewall and perform device hardening = Use separate username conventions for the corporate IT and OT networks 4. Weak Passwords = Change default credentials at time of installation = Perform security audits to meet compliance with secure password policies for both IT and OT networks 5. Insecure Firewall * |mplement secure firewall configuration Configuration = Configure the access control lists on the firewall Module 13 Page 1621 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security 1oT = Segregate the corporate IT and OT devices 6. OT Systems Placed = Establish a DMZ (demilitarized zone) for all connections in the IT within the Corporate and OT systems IT Network = Regularly monitor the DMZ 7. 7. Insufficient Insufficient Security Security = Restrict access on the IT/OT network, based on the business need Corporate IT for Corporate ) Network from from OT = Establishh a secure Establis secure. gatewa betweenn the OT and IT networ gatewayy betwee ks networks Network OT System Systemss = Perform regular risk assess assessment ment 8. 8. Lack Lack of of Segmentation Segmentation | * State clear separation between critical and non-critical systems within OT Networks = |mplement Implement a zoning model that uses a defense-in-depth approach 9. 9. Lack Lack ofof Encryption Encryption = Use strong wireless encryption protocols and Authentication. :. for Wireless OT ?o":vcimoc:flm = Use industry-standard cryptographic algorithms Networks = Conduct regular security audits 10. Unrestricted = Conduct a formal risk assessment Outbound Internet = Closely monitor and segregate OT systems from external access (Closely Access from OT = Download security updates in a separate repository outside the OT Networks network Table 13.2: OT vulnerabilities and solutions Module 13 Page 1622 Module 1622 Certified Cybersecurity Certified Cybersecurity Technician Technician Copyright Copyright ©© by EC-Council EG-Gounell All Rights Reserved. Reproduction All Rights Reproduction isis Strictly Prohibited. Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security How to Secure an IT/OT Environment Security Controls based on Purdue Model 5&4 rewa u Spear phishing, Abusing infrastructure, it e (Entarprise network and Ransomware access to the network U Business Logistics Systems) Antivirus Malware injections, Anti-DoS solutions, IPS, 51 e e network infections Antibot, Application control Altering industrial Ransomware, Bot ;: industrial spyi Anti-bot, IPS, Sandboxing, 3 (Operational Systems) infection, Unsecured ::\:cml; o —— o Application control, Traffic USB ports s b encryption, Port protection DoS exploitation, IPS, Firewall, Communication 28&1 Unencrypted protocols, encryption using IPsec, Altering industrial (Control Systems & Basic Default credentials, Industrtel Security gateways, Use of Controls) Application and 0S e ] authorized RTU and PLC vulnerabilities commands Modifications or Point to point communication, 0 (Physical process) Physical security breach disruption in the physical MAC authentication, additional process security gateways at level 1 &0 How to Secure an IT/OT Environment IT/OT convergence is widely being adopted in industries such as traffic control systems, power plants, manufacturing companies, etc. These IT/OT systems are often targeted by the attackers to discover the underlying vulnerabilities and indulge in cyber-attacks. Based on the Purdue model, the IT/OT environment is divided into several levels, and each level is required to be secured with proper security measures. The table below describes various attacks on different Purdue levels of an IT/OT environment, associated risks, and security controls to fortify the network against cyber-attacks: Zone Purdue Level Attack Vector Risks Security Controls 5 & 4 (Enterprise P Abusing Firewalls, IPS, Anti- Enterprise Network and lI:':ishin infrastructure, bot, URL filtering, P Business Logistics P & Access to the SSL inspection, Ransomware.. Systems) network Antivirus MMalware intecions Anti-DoS solutions, Industrial DMZ | 3.5 (IDM2) DoS attacks ) " | IPS, Antibot, Network infections oo Application control Anti-bot, IPS, Ransomware, | Altering industrial Sandboxing,. 3 (Operational Bot infection, | process, Industrial e Manufacturing. Application control, Systems) Unsecured spying, Unpatched ). USB ports monitoring systems Trafflc encryption, P g5y Port protection Module 13 Page 1623 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security DoS exploitation, IPS, Firewall, 281 Unencrypted Communication (Control Systems protocols, Altering industrial | encryption using. (Control Systems.. Manufacturing and Basic ¥ Default process, Industrial | IPsec, Security Controls) credentials, spying gateways, Use of Application authorized RTU and and OS PLC commands vulnerabilities Point-to-point , e communication, Manufacturing | o (Physical 0 (Physical P security ::Z::tayl Modificationsor disruption to the :I,ilsor?:;:::otgstzg |\~ o thentication, MAC R authentication, : process) A. Additional security breach physical process gateways at levels 1 and 0 and0 Table 13.3: Attacks on different Purdue levels Module 13 Page 1624 EC-Council Certified Cybersecurity Technician Copyright © by EG-Gounell All Rights Reserved. Reproduction is Strictly Prohibited. Prohibited.