Chapter 13 - 04 - Discuss the Security in OT-enabled Environments - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician loT and OT Security Exam 212-82 Module 4 Understand IoT Devices, Application Areas, and Communication Models. Discuss the Security in IoT-enabled Environments Flow :i|‘ L‘. Understand OT Concepts, Devices, and Protocols Discuss the Security in OT-enabled Environments Discuss the Security in OT-enabled Environments This section discusses various OT vulnerabilities and their solutions, security measures based on the Purdue model, international OT security organizations, OT security solutions, and tools. Following the security measures, organizations can implement proper security mechanisms to protect critical industrial infrastructure and associated IT systems from various cyber-attacks. Module 13 Page 1620 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security 1. Publicly Accessible OF systems 2. 3. Insecure Remote Connections. Missing Missing Updates Securlty Secur! * _— * Exam 212-82 Implement multi-factor authentication e : osl?x Ielgrt‘erpr se-grade firewall and Use strong multifactor authentication mechanism Implement appropriate security patching practices * Test applications in the sandbox environment = L Employ a firewall and perform device hardening Use separate username conventions 7. 8. IT Insufficient Security for Corporate IT Network from OT Systems J Lack of Segmentation within OT Networks for the corporate IT and OT networks 5. within the Corp Network and password policies = * 4. Weak Passwords 6. OT Systems Placed remote access * Change default credentials at the installation time = Perform security audits to meet compliance with secure password policies Insecure Firewall = Implement secure firewall configuration Configuration = Configure the access control list on the firewall 8. Lack of Encryption and Authentication for Wireless OT Networks 10.Unrestricted Outbound Internet Access from OT AETRE = - * * * * Segregale the corporate IT and OT devices Establish a DMZ for all connections in the IT and OT systems Restrict access on the IT-OT network, based on the business need Establish a secure gateway between the two ;e‘WOI;RS n— — State clear separation critical syst emps non- Implement zoning model that uses a defense-indepth approach Use strong wireless encryption protocols 8 P P Use industry-standard cryptographic algorithms = Conduct regular security audits = Conduct a formal risk assessment * Monitor and segregate OT systems from external access * Download security updates in a separate repository outside the OT network Copyright © by EC-Council OT Vulnerabilities between critical and ANl Rights Reserved. Reproductionis Strictly Prohibited and Solutions Vulnerabilities in industrial systems such as ICS/SCADA, PLC, and RTU pose a significant threat to the associated critical infrastructure. Organizations need to incorporate appropriate security controls and mechanisms to protect such systems from various cyber-attacks. Discussed below are some of the most common Vulnerability 1. Publicly Accessible OT Systems 2. Insecure Remote Connections o. 3. Missing Security Updates OT vulnerabilities and solutions: Solutions * Implement multi-factor authentication * Use enterprise-grade firewall and remote access solutions = = Use a strong multifactor authentication mechanism and robust password policies.... |Implement appropriate security patching practices » Test applications in a sandbox environment before launching them live =... Employ a firewall and perform device hardening = Use separate username conventions for the corporate IT and OT networks = Change default credentials at time of installation = Perform security audits to meet compliance with secure password policies for both IT and OT networks 5. Insecure Firewall * |mplement secure firewall configuration Configuration = Configure the access control lists on the firewall 4. Weak Passwords Module 13 Page 1621 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security 6. OT Systems Placed within the Corporate IT Network 7. Insufficient Security for Corporate IT Network from OT Systems Exam 212-82 Segregate the corporate IT and OT devices Establish a DMZ (demilitarized zone) for all connections in the IT and OT systems Regularly monitor the DMZ Restrict access on the IT/OT network, based on the business need Establish a secure gateway between the OT and IT networks Perform regular risk assessment 8. Lack of Segmentation within OT Networks State clear separation between critical and non-critical systems 9. Lack of Encryption and Authentication for Wireless OT Use strong wireless encryption protocols Networks 10. Unrestricted Implement a zoning model that uses a defense-in-depth approach. :. Use industry-standard cryptographic algorithms Conduct regular security audits Conduct a formal risk assessment Outbound Internet Closely monitor and segregate OT systems from external access Access from OT Download security updates in a separate repository outside the OT Networks network Table 13.2: OT vulnerabilities and solutions Module 13 Page 1622 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security How to Secure an IT/OT Environment Security Controls based on Purdue Model 5&4 Spear phishing, (Entarprise network and Ransomware Business Logistics Systems) 51 e 3 (Operational Systems) rewa Abusing infrastructure, it access to the network U Antivirus Malware injections, Anti-DoS solutions, IPS, e network infections Antibot, Application control Ransomware, Bot Altering industrial ;: industrial spyi infection, Unsecured ::\:cml; o —— USB ports s o b (Control Systems & Basic Controls) Unencrypted protocols, Default credentials, Application and 0S vulnerabilities 0 (Physical process) Physical security breach Anti-bot, IPS, Sandboxing, Application control, Traffic encryption, Port protection DoS exploitation, 28&1 u e IPS, Firewall, Communication encryption using IPsec, Altering industrial Industrtel e Security gateways, Use of ] authorized RTU and PLC commands Modifications or Point to point communication, disruption in the physical process MAC authentication, additional security gateways at level 1 &0 How to Secure an IT/OT Environment IT/OT convergence is widely being adopted in industries such as traffic control systems, power plants, manufacturing companies, etc. These IT/OT systems are often targeted by the attackers to discover the underlying vulnerabilities and indulge in cyber-attacks. Based on the Purdue model, the IT/OT environment is divided into several levels, and each level is required to be secured with proper security measures. The table below describes various attacks on different Purdue levels of an IT/OT environment, associated risks, and security controls to fortify the network against cyber-attacks: Zone Enterprise P Purdue Level Attack Vector Risks Security Controls 5 & 4 (Enterprise Network and P lI:':ishin Abusing infrastructure, Firewalls, IPS, Antibot, URL filtering, Business Logistics Systems) P & Ransomware Access to the network SSL inspection,.. Antivirus MMalware intecions Anti-DoS solutions, Industrial DMZ | 3.5 (IDM2) DoS attacks ) " | IPS, Antibot, Network infections oo Application control. Manufacturing 3 (Operational Systems) Ransomware, Bot infection, Unsecured USB Module 13 Page 1623 P ports | Altering industrial | process, Industrial. spying, Unpatched monitoring systems g5y Anti-bot, IPS, Sandboxing, e Application control, ). Trafflc encryption, Port protection Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 DoS exploitation, 281. Manufacturing Unencrypted (Control Systems and Basic Controls) protocols, Default credentials, IPS, Firewall, Altering industrial. process, Industrial spying Communication encryption using. | IPsec, Security gateways, Use of Application authorized RTU and and OS PLC commands vulnerabilities Point-to-point | Manufacturing o (Physical process) P , security breach e Modificationsor disruption to the. physical process communication, |\~ R o thentication, : Additional security gateways at levels 1 and 0 Table 13.3: Attacks on different Purdue levels Module 13 Page 1624 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.