Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright
Industrial Cybersecurity
Credits About the Author About the Reviewers www.PacktPub.com
Why subscribe?
Customer Feedback Preface
What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support
Errata Piracy Questions
Industrial Control Systems
An overview of an Industrial control system
The view function The monitor function The control function
The Industrial control system architecture
Programmable logic controllers Human Machine Interface Supervisory Control and Data Acquisition Distributed control system Safety instrumented system
The Purdue model for Industrial control systems
The enterprise zone
Level 5 - Enterprise network Level 4 - Site business planning and logistics
Industrial Demilitarized Zone The manufacturing zone
Level 3 - Site operations Level 2 - Area supervisory control Level 1 - Basic control Level 0 - Process
Industrial control system communication media and protocols
Regular information technology network protocols Process automation protocols Industrial control system protocols Building automation protocols Automatic meter reading protocols
Communication protocols in the enterprise zone
Communication protocols in the Industrial zone
Summary
Insecure by Inheritance
Industrial control system history Modbus and Modbus TCP/IP
Breaking Modbus Using Python and Scapy to communicate over Modbus Replaying captured Modbus packets
PROFINET
PROFINET packet replay attacks S7 communication and the stop CPU vulnerability EtherNet/IP and the Common Industrial Protocol Shodan: The scariest search engine on the internet
Common IT protocols found in the ICS
HTTP  File Transfer Protocol Telnet Address Resolution Protocol ICMP echo request
Summary
Anatomy of an ICS Attack Scenario
Setting the stage The Slumbertown paper mill Trouble in paradise
Building a virtual test network Clicking our heels
What can the attacker do with their access? The cyber kill chain Phase two of the Slumbertown Mill ICS attack Other attack scenarios Summary
Industrial Control System Risk Assessment
Attacks, objectives, and consequences Risk assessments A risk assessment example
Step 1 - Asset identification and system characterization Step 2 - Vulnerability identification and threat modeling
Discovering vulnerabilities Threat modeling
Step 3 - Risk calculation and mitigation
Summary
The Purdue Model and a Converged Plantwide Ethernet
The Purdue Enterprise Reference Architecture
The Converged Plantwide Enterprise The safety zone Cell/area zones
Level 0 – The process Level 1 – Basic control Level 2 – Area supervisory control
The manufacturing zone
Level 3 – Site manufacturing operations and control
The enterprise zone
Level 4 – Site business planning and logistics Level 5 – Enterprise Level 3.5 – The Industrial Demilitarized Zone
The CPwE industrial network security framework
Summary
The Defense-in-depth Model
ICS security restrictions How to go about defending an ICS? The ICS is extremely defendable The defense-in-depth model
Physical security Network security Computer security Application security Device security Policies, procedures, and awareness
Summary
Physical ICS Security
The ICS security bubble analogy Segregation exercise Down to it – Physical security Summary
ICS Network Security
Designing network architectures for security
Network segmentation
The Enterprise Zone The Industrial Zone
Cell Area Zones Level 3 site operations
The Industrial Demilitarized Zone Communication conduits
Resiliency and redundancy Architectural overview Firewalls
Configuring the active-standby pair of firewalls
Security monitoring and logging Network packet capturing Event logging Security information and event management
Firewall logs
Configuring the Cisco ASA firewall to send log data to the OSSIM server Setting the syslog logging level for Cisco devices
Network intrusion detection logs
Why not intrusion prevention? Configuring the Cisco Sourcefire IDS to send log data to the OSSIM server
Router and switch logs
Configuring Cisco IOS to log to the syslog service of the OSSIM server
Operating system logs
Collecting logs from a Windows system Installing and configuring NXLog CE across your Windows hosts
Application logs
Reading an application log file with an HIDS agent on Windows
Network visibility
Summary
ICS Computer Security
Endpoint hardening
Narrowing the attack surface Limiting the impact of a compromise
Microsoft Enhanced Mitigation Experience Toolkit  Configuring EMET for a Rockwell Automation application server Microsoft AppLocker Microsoft AppLocker configuration
Configuration and change management Patch management
Configuring Microsoft Windows Server Update Services for the industrial zone
Configuring the Cisco ASA firewall
Creating the Windows Server Update Services server Configuring Windows client computers to get updates from the WSUS server
Endpoint protection software
Host-based firewalls Anti-malware software
Types of malware
Application whitelisting software
Application whitelisting versus blacklisting How application whitelisting works Symantec's Embedded Security: Critical system protection
Building the Symantec's Embedded Security: Critical System Protection management server Monitoring and logging
Summary
ICS Application Security
Application security
Input validation vulnerabilities Software tampering  Authentication vulnerabilities Authorization vulnerabilities Insecure configuration vulnerabilities Session management vulnerabilities Parameter manipulation vulnerabilities
Application security testing
OpenVAS security scan
ICS application patching ICS secure SDLC
The definition of secure SDLC
Summary
ICS Device Security
ICS device hardening ICS device patching The ICS device life cycle
ICS device security considerations during the procurement phase ICS device security considerations during the installation phase ICS device security considerations during the operation phase ICS device security considerations for decommissioning and disposal
Summary
The ICS Cybersecurity Program Development Process
The NIST Guide to Industrial control systems  security
Obtaining senior management buy-in Building and training a cross-functional team Defining charter and scope Defining ICS-specific security policies and procedures Implementing an ICS security risk-management framework
Categorizing ICS systems and network assets Selecting ICS security controls Performing (initial) risk assessment Implementing the security controls
The ICS security program development process
Security policies, standards, guidelines, and procedures Defining ICS-specific security policies, standards, and procedures Defining and inventorying the ICS assets Performing an initial risk assessment on discovered ICS assets
The Slumbertown Paper Mill initial risk assessment
Defining and prioritizing mitigation activities Defining and kicking off the security improvement cycle
Summary
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion