A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.
When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ׀׀¢ network?
For a security solution monitoring a network in a large, multinational manufacturer, it is crucial to focus on preventing attacks specific to the network's communication protocols. In industrial control systems (ICS), Distributed Network Protocol 3 (DNP3) is commonly used for communication. One significant threat in this context is the potential for non-DNP3 communication to occur on a port designated for DNP3. Such unauthorized communication could indicate malicious attempts to exploit vulnerabilities or conduct unauthorized activities. Therefore, the most appropriate focus for the security architect is the prevention of any non-DNP3 communication on DNP3 ports.
https://en.wikipedia.org/wiki/DNP3
The security architect should focus on preventing any non-DNP3 communication on a DNP3 port as this could be an indication of a malicious attack. By monitoring traffic and blocking any non-DNP3 communication, the security architect can reduce the risk of an attack. Answer is B
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
B. here is why direct from the Official Comptia Handbook: Modbus The components of an ICS network are often described as an operational technology (OT) network, in contrast to an IT network, comprised of server and client computing devices. Communications within an OT network are supported by a network application protocol such as Modbus. The communication protocol gives control servers and SCADA hosts the ability to query and change the configuration of each PLC. Modbus was originally designed as a serial protocol (Modbus RTU) running over a fieldbus network but has been adapted to use Ethernet and TCP/IP as well. Other protocols include EtherNet/IP, a variant of the Common Industrial Protocol (CIP), Distributed Network Protocol (DNP3), and Siemens S7comms.
we are looking for the BEST answer and this B is the only one specific to OT. This is NOT an IT network in the question. This is an ICS or Industrial Control System
answer B Makes more sense to me. Manufacturing company meaning it will be using DNP3. Manufacturing company meaning it will be using DNP3. The DNP3 standard was designed for remote communication in utilities The DNP3 standard was designed for remote communication in utilities
Manufacturing involves ICS, which widely uses DNP3
DNP3 is a common communication protocol used in industrial control systems. Ensuring that only DNP3 traffic is present on ports designated for DNP3 is crucial for maintaining the integrity and security of the network.
DNP3 is widely used in SCADA systems and ICS for communication between control systems and devices. One of the significant threats in this context is the potential for malicious actors to send non-DNP3 traffic over ports designated for DNP3 communication. This could indicate an attempt to exploit vulnerabilities, inject malicious payloads, or conduct unauthorized activities.
If you read the question, the security architect is designing the solution to monitor traffic. The security architect is trying to prevent attacks against the ICS network itself. Ideally, remote connections into ICS should pass through the demilitarized zone (DMZ) between the IT and OT segments. Firewalls, authentication services, jump servers, and file servers all play crucial roles in conducting these connections securely. So C would be the correct answer?
Packets that are the wrong size or length can be an indication of a variety of different types of attacks, including denial of service (DoS) attacks, which aim to disrupt the availability of a network or service by flooding it with traffic. By monitoring for packets that are the wrong size or length, the security architect can identify and prevent these types of attacks from being successful. Use of any non-DNP3 communication on a DNP3 port, multiple solicited responses over time, and the application of an unsupported encryption algorithm may all be indicators of potential security issues, but they are not necessarily threats to the network itself.
What makes me think that it might be alternative B, is that the question states this is a "manufacturer" company. DNP3 is a communication protocol that is commonly used in the industrial control systems. The use of any non-DNP3 communication on a DNP3 port could potentially be an indication of a security issue, as it may suggest that an unauthorized device or system is attempting to communicate with the network.
because it is an OT network.