TechNet網路技術: Industrial Automation and Control System Security


摘自: ISA99 - Industrial Automation and Control System Security

https://www.youtube.com/watch?v=I2WWDGmWSr8

IEC-62443, Industrial Cyber System Security

https://www.youtube.com/watch?v=apD651mYp6A


CIA - Confidentiality, Integrity, Availability

Network security objectives usually involve three basic concepts:
ü   Confidentiality: There are two types of data: data in motion as it moves across the network; and data at rest, when data is sitting on storage media (server, local workstation, in the cloud, and so forth). Confidentiality means that only the authorized individuals/systems can view sensitive or classified information. This also implies that unauthorized individuals should not have any type of access to the data. Regarding data in motion, the primary way to protect that data is to encrypt it before sending it over the network. Another option you can use with encryption is to use separate networks for the transmission of confidential data. Several chapters in this book focus on these two concepts.
ü   Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.
ü   Availability: T his applies to systems and to data. If the network or its data is not available to authorized users—perhaps because of a denial-of-service (DoS) attack or maybe because of a general network failure—the impact may be significant to companies and users who rely on that network as a business tool. The failure of a network generally equates to loss of revenue.
Perhaps thinking of these security concepts as the CIA might help you remember them:

confidentiality , integrity , and availability.


七個物聯網(IoT ,Internet of Things)廠商可以提高安全性和消除隱私憂慮的方法: (https://blog.trendmicro.com.tw/?p=13418)
  1. 按照「安全設計」準則 – 從一開始就建立好防禦措施,而不是在設計好產品之後再加入
  2. 最小化所收集的資料量,並且限制其保存的時間來減少遭受破壞性外洩事件的風險
  3. 建立多層次網路安全防禦,從端點到在網路上先進的偵測APT攻擊針對性威脅
  4. 確保所有員工都受到訓練,了解網路安全的重要性
  5. 確保承包商和其他第三方廠商擁有跟內部員工相同的高安全標準
  6. 遵循「最小權限」原則來實施嚴密的存取控制
  7. 在嚴重問題成為已知時盡快提供設備安全修補程式


留言

張貼留言

這個網誌中的熱門文章

網路晶片商的解決方案

圖片
Survey and Research: http://www.smallnetbuilder.com/tools/charts/router/view https://www.snbforums.com/threads/how-to-find-the-best-router-for-gigabit-internet.38635/ https://www.smallnetbuilder.com/lanwan/lanwan-howto/33095-how-to-find-the-best-router-for-gigabit-internet 1. Broadcom方案     (1)     LDK: Linux Development Kit (LDK) for the Broadcom iProc (integrated Processor) family of processors. The iProcLDK currently supports all the production iProc SOCs (Northstar/Northstar+/Northstar2/ … etc). It provides as buildroot package for toolchains/compiler, U-Boot loader, Linux kernel 3.6.5 BSP and applications. The LDK now has SAMBA optimized porting for NAS application.       (2)   ESDK: WLAN Enterprise SDK (or Enterprise Wireless SDK) which support to the Broadcom reference platforms. It provides bootloader (CFE/U-boot), Linux kernel 2.6.36 BSP, WiFi driver and application (with Enterprise features).   ...
閱讀完整內容

工業用網路Industrial Network介紹

圖片
Industrial Networks Industrial Networks Industrial Networks is your resource for industrial Internet, Industry 4.0 and Industrial IoT information. Find ... Industrial Networks Fundamentals Industrial Networks Fundamentals Fundamental basics you should know with respect to electrical industrial networking Industrial Communication Protocols Modbus TCP https://www.youtube.com/watch?v=k993tAFRLSE OPC UA https://www.youtube.com/watch?v=-tDGzwsBokY PLC Tutorial (Programmable Logic Control) https://www.youtube.com/watch?v=rh5DfK2JWmA http://domynews.blog.ithome.com.tw/post/1252/139350 作者:Paul Ferguson(資深威脅研究員) ICS (工業控制系統, Industrial Control Systems )網路最近的 新聞 鬧得很大。因為出現了一連串的弱點、熱門入侵外洩事件以及其他各種安全上的問題。     ICS 網路的定義是由各個在機電組件上控制和提供自動測量資料的元件所組合成的網路或網路集合。這些機電組件包括閥門、調節器、開關和其他機電設備,你可以在各種產業裡看到它們,像是石化與天然氣、自來水處理、環境控制、發電和配電、製造業、運輸業以及許多其他產業別。     這裡並不需要深入探討各個特定產業,這些 ICS 應用環境都有一個...
閱讀完整內容

TechNet網路技術: VPN

圖片
摘自: https://technet.microsoft.com/en-us/library/cc739294(v=ws.10).aspx https://technet.microsoft.com/en-us/library/bb742458.aspx Synology NAS VPN設定:  https://walker-a.com/archives/2501/2 DrayTek FAQ: https://www.draytek.com/zh/faq/faq-vpn/vpn.lan-to-lan/%E5%A6%82%E4%BD%95%E5%BB%BA%E7%AB%8B-vigor-lan-to-lan-ipsec-%E9%80%9A%E9%81%93/ What is VPN ? VPN Scenarios Virtual private networks are point-to-point connections across a private or public network such as the Internet. A VPN client uses special TCP/IP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network. To emulate a point-to-point link, data is encapsulated, or wrapped, with a header. The ...
閱讀完整內容