Kooperativer Bibliotheksverbund

UID:

Umfang: 1 online resource (520 pages)

Ausgabe: Third edition.

ISBN: 9780443137389 , 0443137382

Inhalt: As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems-energy production, water, gas, and other vital systems-becomes more important, and heavily mandated. Industrial Network Security, Third Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems. Author Eric Knapp examines the unique protocols and applications that are the foundation of Industrial Control Systems (ICS) and provides clear guidelines for their protection. This comprehensive reference gives you thorough understanding of the challenges facing critical infrastructures, new guidelines and security measures for infrastructure protection, knowledge of new and evolving security tools, and pointers on SCADA protocols and security implementation.

Anmerkung: Includes index. , Front Cover -- Industrial Network Security -- Industrial Network Security -- Copyright -- Contents -- Biography -- Acknowledgments -- 1 - Introduction -- Book overview and key learning points -- Book audience -- Diagrams and figures -- The smart grid -- OT, IoT, IIoT, and xIoT -- How this book is organized -- Chapter 2: About Industrial Networks -- Chapter 3: Industrial Cyber Security, History, and Trends -- Chapter 4: Introduction to ICS Systems and Operations -- Chapter 5: ICS Network Design and Architecture -- Chapter 6: Industrial Network Protocols -- Chapter 7: Hacking Industrial Systems -- Chapter 8: Risk and Vulnerability Assessments -- Chapter 9: Establishing Zones and Conduits -- Chapter 10: OT Attack and Defense Lifecycles -- Chapter 11: Implementing Security and Access Controls -- Chapter 12: Exception, Anomaly, and Threat Detection -- Chapter 13: Security Monitoring of Industrial Control Systems -- Chapter 14: Standards and Regulations -- Chapter 15: Common Pitfalls and Mistakes -- Changes made to the third edition -- Conclusion -- 2 - About Industrial Networks -- The use of terminology within this book -- Attacks, breaches and incidents -- malware, exploits, and APTs -- Assets, critical assets, cyberassets, and critical cyberassets -- Security controls and security countermeasures -- Firewalls and intrusion prevention systems -- Industrial control system -- Building control systems -- DCS or SCADA? -- Plants, mills, refineries, and lines -- Industrial networks -- Industrial protocols -- Networks, routable networks and non-routable networks -- Enterprise or business networks -- Zones and enclaves -- Network perimeters or "electronic security perimeters" -- Critical infrastructure -- Utilities -- Nuclear facilities -- Bulk electric -- Smart grid -- Chemical facilities -- Understanding "OT" versus "IT". , Common Industrial Security Recommendations -- Identification of critical systems -- Network segmentation/isolation of systems -- Defense in depth -- Access control -- Advanced Industrial Security Recommendations -- Security Monitoring -- Policy whitelisting -- Application whitelisting -- Common Misperceptions About Industrial Network Security -- Assumptions made in this book -- Summary -- 3 - Industrial Cybersecurity History and Trends -- The convergence of OT and IT -- Importance of securing industrial networks -- The evolution of the cyber threat -- APTs and weaponized malware -- Industroyer -- Night dragon -- Stuxnet -- TRISIS -- Advanced persistent threats and cyber warfare -- Still to come -- Defending against modern cyber threats -- The insider -- Hacktivism, cybercrime, cyberterrorism, and cyberwar -- Summary -- 4 - Introduction to Industrial Control Systems and Operations -- System assets -- Programmable logic controller -- Ladder diagrams -- Sequential function charts -- Remote terminal unit -- Intelligent electronic device -- Human-machine interface -- Supervisory workstations -- Data historian -- Business information consoles and dashboards -- Other assets -- System operations -- Control loops -- Control processes -- Feedback loops -- Production information management -- Business information management -- Process management -- Safety instrumented systems -- The smart grid -- Network architectures -- Summary -- 5 - Industrial Network Design and Architecture -- Introduction to industrial networking -- Common topologies -- Network segmentation -- Higher layer segmentation -- Physical versus logical segmentation -- Microsegmentation -- Cryptographic microsegmentation -- Network services -- Wireless networks -- Remote access -- Performance considerations -- Latency and jitter -- Bandwidth and throughput. , Type of service, class of service, and quality of service -- Network hops -- Network security controls -- Safety instrumented systems -- Special considerations -- Wide area connectivity -- Smart grid network considerations -- Advanced metering infrastructure -- Summary -- 6 - Industrial Network Protocols -- Overview of industrial network protocols -- Fieldbus protocols -- Modicon communication bus (Modbus) -- What it does -- How it works -- Variants -- Modbus RTU and Modbus ASCII -- Modbus TCP -- Modbus plus or Modbus+ -- Where it is used -- Security concerns -- Security recommendations -- Distributed network protocol (DNP3) -- What it does -- How it works -- Secure DNP3 -- Where it is used -- Security concerns -- Security recommendations -- Process fieldbus (PROFIBUS) -- Security concerns -- Security recommendations -- Industrial ethernet protocols -- Ethernet industrial protocol (EtherNet/IP) -- Security concerns -- Security recommendations -- PROFINET -- Security concerns -- Security recommendations -- EtherCAT -- Security concerns -- Security recommendations -- Ethernet POWERLINK -- Security concerns -- Security recommendations -- SERCOS III -- Security concerns -- Security recommendations -- Backend protocols -- Object linking and embedding for process control -- What it does -- How it works -- Where it is used -- Security concerns -- Security recommendations -- Intercontrol center communications protocol (ICCP/IEC 60870-6 TASE.2) -- What it does -- How it works -- Where it is used -- Security concerns -- Security improvements over Modbus -- Security recommendations -- IEC 61850, 60870-5-101, and 60870-5-104 -- How they work -- 60870-5-101 and 60870-5-104 -- IEC 61850 -- Security concerns -- Security recommendations -- AMI and the smart grid -- Security concerns -- Security recommendations -- Industrial protocol simulators -- Modbus/TCP -- DNP3. , OPC -- ICCP/TASE.2 -- Physical hardware -- Summary -- 7 - Hacking Industrial Control Systems -- Motives and consequences -- Consequences of a successful cyberincident -- Cybersecurity and safety -- Common industrial targets -- The evolution of the industrial cyberattack -- Common attack methods -- Attack phases -- Initial attack phases -- Industrial attack phases -- Cyber-physical attacks -- Rogue access devices -- Keylogging/keystroke injections/HID attacks -- Man-in-the-middle attacks -- Denial-of-service attacks -- Replay attacks -- Compromising the human-machine interface -- Compromising the engineering workstation -- Blended attacks -- Weaponized industrial cyberthreats -- Stuxnet -- Dissecting stuxnet -- What it does -- Lessons learned -- Shamoon/DistTrack -- Flame/flamer/skywiper -- Dragonfly -- BlackEnergy -- Industroyer -- TRISIS/TRITON -- Industroyer2 -- Incontroller/pipedream -- Attack trends -- Evolving vectors -- Supply chain vulnerabilities -- Adobe Portable Document Format -- Macros -- Secure sockets layers -- Log4j -- Ransomware and industrial control systems -- Industrial application layer protocols -- Antisocial networks: A new playground for malware -- Polymorphic and adaptive malware -- Dealing with an infection -- Summary -- 8 - Risk and Vulnerability Assessments -- Cybersecurity and risk management -- Why risk management is the foundation of cyber security? -- What is risk? -- Standards and best practices for risk management -- Methodologies for assessing risk within industrial control systems -- Security tests -- Security audits -- Security and vulnerability assessments -- Establishing a testing and assessment methodology -- Tailoring a methodology for industrial networks -- Theoretical versus physical tests -- On-line versus off-line physical tests -- System characterization -- Data collection. , Scanning of industrial networks -- Device scanners -- Vulnerability scanners -- Traffic scanners -- Live host identification -- "Quiet"/"friendly" scanning techniques -- Potentially "noisy"/"dangerous" scanning techniques -- Port mirroring and span ports -- Command line tools -- Hardware and software inventory -- Data flow analysis -- Threat identification -- Threat actors/sources -- Threat vectors -- Threat events -- Identification of threats during security assessments -- Vulnerability identification -- Vulnerability scanning -- Configuration auditing -- Vulnerability prioritization -- Common vulnerability scoring system -- Process vulnerabilities -- Risk classification and ranking -- Consequences and impact -- How to estimate consequences and likelihood? -- Risk ranking -- Cyber-physical threat modeling -- How does one model a cyber-physical threat? -- Using simulations versus labs for threat modeling -- Cybersecurity HAZOP -- Risk reduction and mitigation -- Summary -- 9 - Establishing Zones and Conduits -- Security zones and conduits explained -- Identifying and classifying security zones and conduits -- Recommended security zone separation -- Network connectivity -- Control loops -- Supervisory controls -- Plant-level control processes -- Control data storage -- Trading communications -- Remote access -- Users and roles -- Protocols -- Criticality -- Establishing security zones and conduits -- Using microsegmentation to establish zones and conduits -- Creating a zone and conduit map -- Summary -- 10 - OT Attack and Defense Lifecycles -- Attack lifecycles and kill chains -- Obtaining access to industrial networks -- Planning -- Preparation -- Intrusion -- Enablement -- Execution -- Manipulation of industrial networks -- Development and test -- Delivery, installation, and modification -- Execution -- Defense lifecycles -- Identify -- Protect. , Detect.

Weitere Ausg.: ISBN 9780443137372

Weitere Ausg.: ISBN 0443137374

Sprache: Englisch

UID:

Umfang: 1 online resource (520 pages)

Ausgabe: 3rd ed.

ISBN: 0-443-13738-2

Inhalt: As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems-energy production, water, gas, and other vital systems-becomes more important, and heavily mandated. Industrial Network Security, Third Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems. Author Eric Knapp examines the unique protocols and applications that are the foundation of Industrial Control Systems (ICS) and provides clear guidelines for their protection. This comprehensive reference gives you thorough understanding of the challenges facing critical infrastructures, new guidelines and security measures for infrastructure protection, knowledge of new and evolving security tools, and pointers on SCADA protocols and security implementation.

Anmerkung: Includes index. , Front Cover -- Industrial Network Security -- Industrial Network Security -- Copyright -- Contents -- Biography -- Acknowledgments -- 1 - Introduction -- Book overview and key learning points -- Book audience -- Diagrams and figures -- The smart grid -- OT, IoT, IIoT, and xIoT -- How this book is organized -- Chapter 2: About Industrial Networks -- Chapter 3: Industrial Cyber Security, History, and Trends -- Chapter 4: Introduction to ICS Systems and Operations -- Chapter 5: ICS Network Design and Architecture -- Chapter 6: Industrial Network Protocols -- Chapter 7: Hacking Industrial Systems -- Chapter 8: Risk and Vulnerability Assessments -- Chapter 9: Establishing Zones and Conduits -- Chapter 10: OT Attack and Defense Lifecycles -- Chapter 11: Implementing Security and Access Controls -- Chapter 12: Exception, Anomaly, and Threat Detection -- Chapter 13: Security Monitoring of Industrial Control Systems -- Chapter 14: Standards and Regulations -- Chapter 15: Common Pitfalls and Mistakes -- Changes made to the third edition -- Conclusion -- 2 - About Industrial Networks -- The use of terminology within this book -- Attacks, breaches and incidents -- malware, exploits, and APTs -- Assets, critical assets, cyberassets, and critical cyberassets -- Security controls and security countermeasures -- Firewalls and intrusion prevention systems -- Industrial control system -- Building control systems -- DCS or SCADA? -- Plants, mills, refineries, and lines -- Industrial networks -- Industrial protocols -- Networks, routable networks and non-routable networks -- Enterprise or business networks -- Zones and enclaves -- Network perimeters or "electronic security perimeters" -- Critical infrastructure -- Utilities -- Nuclear facilities -- Bulk electric -- Smart grid -- Chemical facilities -- Understanding "OT" versus "IT". , Common Industrial Security Recommendations -- Identification of critical systems -- Network segmentation/isolation of systems -- Defense in depth -- Access control -- Advanced Industrial Security Recommendations -- Security Monitoring -- Policy whitelisting -- Application whitelisting -- Common Misperceptions About Industrial Network Security -- Assumptions made in this book -- Summary -- 3 - Industrial Cybersecurity History and Trends -- The convergence of OT and IT -- Importance of securing industrial networks -- The evolution of the cyber threat -- APTs and weaponized malware -- Industroyer -- Night dragon -- Stuxnet -- TRISIS -- Advanced persistent threats and cyber warfare -- Still to come -- Defending against modern cyber threats -- The insider -- Hacktivism, cybercrime, cyberterrorism, and cyberwar -- Summary -- 4 - Introduction to Industrial Control Systems and Operations -- System assets -- Programmable logic controller -- Ladder diagrams -- Sequential function charts -- Remote terminal unit -- Intelligent electronic device -- Human-machine interface -- Supervisory workstations -- Data historian -- Business information consoles and dashboards -- Other assets -- System operations -- Control loops -- Control processes -- Feedback loops -- Production information management -- Business information management -- Process management -- Safety instrumented systems -- The smart grid -- Network architectures -- Summary -- 5 - Industrial Network Design and Architecture -- Introduction to industrial networking -- Common topologies -- Network segmentation -- Higher layer segmentation -- Physical versus logical segmentation -- Microsegmentation -- Cryptographic microsegmentation -- Network services -- Wireless networks -- Remote access -- Performance considerations -- Latency and jitter -- Bandwidth and throughput. , Type of service, class of service, and quality of service -- Network hops -- Network security controls -- Safety instrumented systems -- Special considerations -- Wide area connectivity -- Smart grid network considerations -- Advanced metering infrastructure -- Summary -- 6 - Industrial Network Protocols -- Overview of industrial network protocols -- Fieldbus protocols -- Modicon communication bus (Modbus) -- What it does -- How it works -- Variants -- Modbus RTU and Modbus ASCII -- Modbus TCP -- Modbus plus or Modbus+ -- Where it is used -- Security concerns -- Security recommendations -- Distributed network protocol (DNP3) -- What it does -- How it works -- Secure DNP3 -- Where it is used -- Security concerns -- Security recommendations -- Process fieldbus (PROFIBUS) -- Security concerns -- Security recommendations -- Industrial ethernet protocols -- Ethernet industrial protocol (EtherNet/IP) -- Security concerns -- Security recommendations -- PROFINET -- Security concerns -- Security recommendations -- EtherCAT -- Security concerns -- Security recommendations -- Ethernet POWERLINK -- Security concerns -- Security recommendations -- SERCOS III -- Security concerns -- Security recommendations -- Backend protocols -- Object linking and embedding for process control -- What it does -- How it works -- Where it is used -- Security concerns -- Security recommendations -- Intercontrol center communications protocol (ICCP/IEC 60870-6 TASE.2) -- What it does -- How it works -- Where it is used -- Security concerns -- Security improvements over Modbus -- Security recommendations -- IEC 61850, 60870-5-101, and 60870-5-104 -- How they work -- 60870-5-101 and 60870-5-104 -- IEC 61850 -- Security concerns -- Security recommendations -- AMI and the smart grid -- Security concerns -- Security recommendations -- Industrial protocol simulators -- Modbus/TCP -- DNP3. , OPC -- ICCP/TASE.2 -- Physical hardware -- Summary -- 7 - Hacking Industrial Control Systems -- Motives and consequences -- Consequences of a successful cyberincident -- Cybersecurity and safety -- Common industrial targets -- The evolution of the industrial cyberattack -- Common attack methods -- Attack phases -- Initial attack phases -- Industrial attack phases -- Cyber-physical attacks -- Rogue access devices -- Keylogging/keystroke injections/HID attacks -- Man-in-the-middle attacks -- Denial-of-service attacks -- Replay attacks -- Compromising the human-machine interface -- Compromising the engineering workstation -- Blended attacks -- Weaponized industrial cyberthreats -- Stuxnet -- Dissecting stuxnet -- What it does -- Lessons learned -- Shamoon/DistTrack -- Flame/flamer/skywiper -- Dragonfly -- BlackEnergy -- Industroyer -- TRISIS/TRITON -- Industroyer2 -- Incontroller/pipedream -- Attack trends -- Evolving vectors -- Supply chain vulnerabilities -- Adobe Portable Document Format -- Macros -- Secure sockets layers -- Log4j -- Ransomware and industrial control systems -- Industrial application layer protocols -- Antisocial networks: A new playground for malware -- Polymorphic and adaptive malware -- Dealing with an infection -- Summary -- 8 - Risk and Vulnerability Assessments -- Cybersecurity and risk management -- Why risk management is the foundation of cyber security? -- What is risk? -- Standards and best practices for risk management -- Methodologies for assessing risk within industrial control systems -- Security tests -- Security audits -- Security and vulnerability assessments -- Establishing a testing and assessment methodology -- Tailoring a methodology for industrial networks -- Theoretical versus physical tests -- On-line versus off-line physical tests -- System characterization -- Data collection. , Scanning of industrial networks -- Device scanners -- Vulnerability scanners -- Traffic scanners -- Live host identification -- "Quiet"/"friendly" scanning techniques -- Potentially "noisy"/"dangerous" scanning techniques -- Port mirroring and span ports -- Command line tools -- Hardware and software inventory -- Data flow analysis -- Threat identification -- Threat actors/sources -- Threat vectors -- Threat events -- Identification of threats during security assessments -- Vulnerability identification -- Vulnerability scanning -- Configuration auditing -- Vulnerability prioritization -- Common vulnerability scoring system -- Process vulnerabilities -- Risk classification and ranking -- Consequences and impact -- How to estimate consequences and likelihood? -- Risk ranking -- Cyber-physical threat modeling -- How does one model a cyber-physical threat? -- Using simulations versus labs for threat modeling -- Cybersecurity HAZOP -- Risk reduction and mitigation -- Summary -- 9 - Establishing Zones and Conduits -- Security zones and conduits explained -- Identifying and classifying security zones and conduits -- Recommended security zone separation -- Network connectivity -- Control loops -- Supervisory controls -- Plant-level control processes -- Control data storage -- Trading communications -- Remote access -- Users and roles -- Protocols -- Criticality -- Establishing security zones and conduits -- Using microsegmentation to establish zones and conduits -- Creating a zone and conduit map -- Summary -- 10 - OT Attack and Defense Lifecycles -- Attack lifecycles and kill chains -- Obtaining access to industrial networks -- Planning -- Preparation -- Intrusion -- Enablement -- Execution -- Manipulation of industrial networks -- Development and test -- Delivery, installation, and modification -- Execution -- Defense lifecycles -- Identify -- Protect. , Detect.

Weitere Ausg.: ISBN 0-443-13737-4

Sprache: Englisch