2020 Soft Exam Information Security Engineer (Second Edition) Study Summary [20]

Others 2021-01-29 03:58:35 views: null

Chapter 24 Industrial Control Safety Requirements Analysis and Safety Protection Engineering

Security Threat and Demand Analysis of Industrial Control System

  • Concept and composition of industrial control system
    • Composition: various control components, monitoring components, data processing and display components
    • Industrial control systems are divided into: discrete manufacturing and process control
    • The control system includes:
      1. SCADA system (data acquisition and monitoring control system)
        • Function: data acquisition, parameter measurement and adjustment
        • Composition: main terminal control unit (MTU), communication lines and equipment, remote terminal unit (RTU) located in the control center
      2. Distributed Control System (DCS)
      3. Process control system (PCS): real-time acquisition of state parameters for adjustment
      4. Programmable Logic Controller (PLC)
      5. Main terminal equipment (MTU)
      6. Remote Terminal Equipment (RTU)
      7. Human Machine Interface (HMI)
      8. Industrial Control Communication Network
        • Common industrial control special protocols: OPC, Modbus, DNP3
        • Network type: DCS main control network, SCADA remote network, field control level communication network
  • Security Threat Analysis of Industrial Control System
    • Natural disasters and environment
    • Insider security threats
    • Equipment functional safety failure
    • Malicious code
    • Network attacks
  • Types of hidden dangers in industrial control systems
    • Industrial control protocol security: lack of security design, no security certification, encryption, and audit
    • Security vulnerabilities in industrial control system technology products
    • Security vulnerabilities in basic software of industrial control system
    • Algorithm security vulnerabilities in industrial control systems
    • Industrial control system equipment firmware vulnerabilities
    • Industrial control system equipment hardware vulnerabilities
    • Industrial control system open access vulnerabilities
    • Industrial Control System Supply Chain Security
  • Analysis of Safety Requirements of Industrial Control System
    • Two aspects of industrial control system network information security:
      1. Technical security requirements: secure physical environment, secure communication network, secure area boundary, secure computing environment, security management center
      2. Management requirements: safety management system, safety management organization, safety management personnel, safety construction management, safety operation and maintenance management
    • Well-known international standards for industrial control safety: IEC62443 series, a total of 12 documents

Safety protection mechanism and technology of industrial control system

  • Physical and environmental safety protection
    • Video Surveillance
    • Industrial host reinforcement
  • Security zone and border protection
    • Safe partition
    • Industrial firewall
    • Industrial control security isolation and information exchange system
  • Identity authentication and access control
    • Multi-factor authentication
    • Least privilege
    • Avoid using default or weak passwords
  • Remote access security
    • Disable high-risk services
    • Security reinforcement
    • VPN
    • security audit
  • Security reinforcement of industrial control system
    • Security configuration strategy
    • Identity authentication enhancement
    • Mandatory access control
    • Program whitelist control
  • Industrial Control Security Audit
    • Security audit deployment equipment
    • Audit data backup
    • Audit data analysis and utilization
  • Malicious code prevention
    • Antivirus software testing and deployment
    • Anti-virus and malware intrusion management mechanism
    • Major industrial control security vulnerability information acquisition and patch upgrade
  • Industrial control data security
    • Industrial data management methods
    • Industrial data security protection measures
      • Safe isolation
      • Access control
      • Encrypted transmission and storage
      • Back up key business regularly
    • Test data protection measures
      • Test data protection type
      • Sign a confidentiality agreement
      • Recover test data
  • Industrial control safety detection and response mechanism
    • Industrial control network security monitoring equipment installation and use
    • Industrial control security incident emergency response plan formulation and exercise
  • Industrial safety management
    • asset Management
    • Redundant configuration
    • Security software selection and management
    • Configuration and patch management
    • Supply Chain Management
    • Fulfill responsibility
  • Industrial safety typical product technology
    • Technical principles and deployment of industrial control system protection products
      • Industrial firewall
        • In-depth analysis of network data packets, interpretation of industrial control protocols to achieve access control
      • Industrial Control Encryption
        • VPN, encryption machine, data encryption tool
      • Industrial control user identity authentication
        • Password authentication, two-factor authentication, biometric authentication
      • Industrial Control Trusted Computing
        • Adopt password and hardware security technology
      • System security hardening
    • Industrial control system physical isolation type product technical principle and deployment
      • Gatekeeper
      • Forward and reverse isolation device
    • Industrial control security audit and monitoring product technical principles and deployment
      • Industrial Control Security Audit
        • Collect industrial control equipment log information, analyze system abnormal events and alert
      • Industrial control intrusion detection system
        • In-depth correlation analysis of data packets and system logs, based on feature or anomaly detection to discover attacking system behaviors
    • Technical principles and deployment of industrial control security inspection products
      • Industrial control vulnerability scanning
      • Industrial control vulnerability mining
      • Industrial Control Security Baseline Check
    • Industrial control operation and maintenance and risk control product technical principles and deployment
      • Industrial Control Fortress
        • Centrally manage the operation, maintenance and audit of industrial control equipment
      • Industrial Control Risk Management System
        • Manage the assets, security threats, security vulnerabilities and potential security impacts of industrial control systems

Guess you like

Origin blog.csdn.net/weixin_39664643/article/details/109512215
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com