In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?
In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?
In SCADA systems, it is crucial to ensure that only authorized and validated code can run on the devices to prevent the execution of malicious software. By disallowing untested code in the execution space, the risk of malware infecting the system is significantly minimized. This can be achieved by implementing strict code signing and approval processes, along with access controls to prevent unauthorized code from being introduced to the system.
Answer A "They are a critical tool to keep untested or untrusted code from affecting processes, and in limiting the spread of malware and exploits targeting known and unknown vulnerabilities." https://claroty.com/team82/research/target-dcs-finding-fixing-critical-bugs-in-honeywell-experion-pks
A is correct
A would be the appropriate answer.
A is the best answer.
A. Disallow untested code in the execution space of the SCADA device. SCADA systems are used to control and monitor industrial processes, and they can be vulnerable to malware attacks. One way to reduce device exposure to malware is to disallow untested code in the execution space of the SCADA device. This can be done by only allowing signed or approved code to run on the device, and by implementing access controls to prevent unauthorized code from being loaded onto the device. Additionally, it is important to regularly update and patch the system, monitor the network for any suspicious activity and have a incident response plan in place.
A. Disallow untested code in the execution space of the SCADA device. This control involves ensuring that only authorized and tested code is allowed to execute on the SCADA device. By disallowing untested code, the risk of malware or unauthorized code execution is reduced, helping to maintain the integrity and security of the SCADA system.
Answer is A. D means secure scripting languages are harmless :)
NIST SP 800-82 Rev. 2 has a variety of recommendations for ICS security, but we highlight some of the most important ones here: • Apply a risk management process to ICS. • Segment the network to place IDS/IPS at the subnet boundaries. • Disable unneeded ports and services on all ICS devices. • Implement least privilege through the ICS. • Use encryption wherever feasible. • Ensure there is a process for patch management. • Monitor audit trails regularly. SCADA is part of ICS (Industry Control System)
How does C even make sense when ports 138 and 139 are used by NetBIOS?
It makes sense coz SCADA doesn't use them so should not be open in the 1st place.
CISSP Official Study Guide - "Generally, typical security management and hardening process can be applied to ICS, DCS, PLC, and SCADA systems to improve on whatever security is or isn't present in the device from the manufacturer. Common important security controls include isolating networks limiting access physically and logically, restricting code to only application, and logging all activity."
however, " restricting code to only application" does lean to A
however, " restricting code to only application" does lean to A
It makes sense because SCADA attacks come over over the network.
Disabling the use and support of NetBIOS can help to mitigate an attacker's ability to: poison and spoof responses, obtain a user's hashed credentials, inspect web traffic, etc. Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet Name Service (WINS) names, session information and user IDs. This information can be used to mount focussed attacks on administrative accounts.
CISSP Official Study Guide - "Generally, typical security management and hardening process can be applied to ICS, DCS, PLC, and SCADA systems to improve on whatever security is or isn't present in the device from the manufacturer. Common important security controls include isolating networks limiting access physically and logically, restricting code to only application, and logging all activity."
however, " restricting code to only application" does lean to A
however, " restricting code to only application" does lean to A
It makes sense coz SCADA doesn't use them so should not be open in the 1st place.
CISSP Official Study Guide - "Generally, typical security management and hardening process can be applied to ICS, DCS, PLC, and SCADA systems to improve on whatever security is or isn't present in the device from the manufacturer. Common important security controls include isolating networks limiting access physically and logically, restricting code to only application, and logging all activity."
however, " restricting code to only application" does lean to A
however, " restricting code to only application" does lean to A
It makes sense because SCADA attacks come over over the network.
Disabling the use and support of NetBIOS can help to mitigate an attacker's ability to: poison and spoof responses, obtain a user's hashed credentials, inspect web traffic, etc. Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet Name Service (WINS) names, session information and user IDs. This information can be used to mount focussed attacks on administrative accounts.
CISSP Official Study Guide - "Generally, typical security management and hardening process can be applied to ICS, DCS, PLC, and SCADA systems to improve on whatever security is or isn't present in the device from the manufacturer. Common important security controls include isolating networks limiting access physically and logically, restricting code to only application, and logging all activity."
however, " restricting code to only application" does lean to A
however, " restricting code to only application" does lean to A
It seems that D is the only realistic answer. I couldn't locate a specific answer, but how can you know if software is untested? A doesn't sound right, seems like D is the most realistic. https://www.isysl.net/how-stop-malware-attacks-scada-systems
you can still create malware with a secure language.
Answer B makes more sense. See: https://levelblue.com/blogs/security-essentials/10-strategies-to-fortify-scada-system-security Disable line command interface allows users to interact with and manage scada systems and typically used for advanced diagnostics, configuration, and troubleshooting from a serial port.
SCADA devices often control critical infrastructure, and allowing untested or unauthorized code significantly increases the risk of malware infections, backdoors, or compromised functionality.