Index
A
Access control (AC)
15, 16, 24
Accounts, default
306
Active Directory server
120
Adobe Postscript Document Format (PDF) exploits
46
Advanced Metering Infrastructure (AMI)
83–85
see alsoSmart grid
Advanced Metering Infrastructure (AMI) Headend
107–108, 107f
threats concerning
108
Advanced persistent diligence
50
Advanced persistent threats (APT)
37, 43–44, 115, 311–312
cyber war and
41–52
defending against
50
defined
41–42
information targets of
42t
methods used
44
progression of
49–50
responding to
50–51
trends in
45–49
Agent.btz worm
37
Air gap
31, 32, 32f, 33f
Alerts
241
American National Standards Institute (ANSI)
ISO/IEC 27002:2005 by
252
Anomaly detection
178–179, 194–199
see alsoBehavioral anomaly detection
analysis tool selection for
199
defined
189
effectiveness of
189
Anti-virus
39
Anti-Virus systems
184
Application behavior whitelists
202–205
vs. AWL systems
203
Application data monitor
61, 73
Application logs
220
monitoring
221–222, 222f
Application monitors
166, 230, 231–232
Application/protocol monitoring
179–181
Application whitelisting (AWL)
184–185
see alsoBehavioral whitelisting
vs. application behavior whitelists
203
Assets
25–26
monitoring
218–220
Asset whitelists
200–202
see alsoWhitelists
Attack vectors
2–3
Audit, security practices and
309–310
Audit and accountability (AU)
16
auditd
220
Aurora Project
36–37
Authentication, monitoring
223–225
Automated security systems, improper implementation of
311–312
Automatic Generation Control (AGC)
35
Awareness, vs. real security
304
B
Backtrack
33
Bare metal reload
51
Baselines
defined
192
measuring
192–194
metrics, measurement and analysis of
195t
time-correlated
193–194, 194f
Behavioral anomaly detection
192–199
anomaly detection
seeAnomaly detection
baselines measurement
192–194
IT vs. OT metrics, analyzing
198
methods
192
suspicious anomalies (examples)
196–197t
tools for
198–199
Behavioral whitelisting
199–200, 204t
see alsoApplication whitelisting (AWL)
application behavior whitelists
202–205
asset whitelists
200–202
overview
189–190
Smart-Lists
203–205
user whitelists
199–200
Behavior analysis
228
Bilateral table
62–63
Billing Systems
107–108
“Blacklist” solution
184–185
see alsoApplication whitelisting (AWL)
Book audience
1–2
Book organization
3–5
Book overview
1
Botnet operators
122
Broadband over Powerline (BPL)
83–84
“Brute force attack” rule
206, 208t
Business area networks (BAN)
83–84
Business information consoles
96
Business information management
104–105
Business network
311
C
Canary Labs
94–95
CENTCOM breach
37
Certified Information Systems Security Professional (CISSP) certification
1–2
Chemical facilities
10–11
Chemical Facility Anti-Terrorism Standards (CFATS)
11, 16–17, 250, 251–252, 257–267t, 269–278t, 280–292t, 294–298t
Risk-based Performance Standards ( RBPSs)
16–17
CIP
Closed loop
101
Common criteria (CC), for information technology security evaluation
293–300
Common Industrial Protocol (CIP)
78
Compensating controls
254
Complacency
303–305
air gap myth
304–305
real security vs. policy and awareness
304
vulnerability assessments vs. zero-days
303–304
Compliance controls
mapping of, network security functions
293, 294–298t
vs. security
308–310
Compliance officer
2
Compliance requirements, mapping of
host security controls
255–256, 268f, 269–278t
perimeter security controls
254–293, 256f, 257–267t
security monitoring controls
279–293, 279f, 280–292t
Configuration, monitoring
220–221
Configuration management (CM)
16, 220–221, 143, 144
Contextual information
225–228, 228f
sources
227t
Control data storage
functional groups based on
152, 153f
Control loop
101–102, 101f, 102f
functional group based on
149–150, 150f
HMI’s GUI representation of
160f, 164
Control Network Power Line (PL) Channel Specification
83–84
Control process
102–103
functional group based on
151–152, 152f
management
106–107
Control system assets
89–97
business information consoles
96
dashboards
96
Data Historians
94–95
human machine interfaces (HMIs)
93–94
intelligent electronic device (IED)
89–90
printers and print servers
96
programmable logic controller (PLC)
90–93
remote terminal unit (RTU)
90
supervisory workstations
94
Control system operations
100–106
business information management
104–105
control loops
101–102, 101f, 102f
control processes
102–103
feedback loops
103–104
overview
100
Covert botnet, command, and control rule
208t
Critical assets
19, 19f, 25–26
defined
157
Critical Cyber Asset Identification
13
Critical digital assets
14
Critical infrastructure
8–11
chemical facilities
10–11
critical versus noncritical industrial networks
11
electricity generation/distribution, bulk
9–10
industrial networks and
7–12
nuclear facilities
9
utilities
9
Critical Infrastructure Protection Act of 2001
11
Critical Infrastructure Protection (CIP)
10, 119
of NERC
250–251
Criticality
enclaves
156–159, 158f
perimeters security and
166, 167t
functional grouping based on
156–159
Critical systems, identification of
18–19
Cross-source correlation
210
single-source vs.
211t
Customer information systems
107–108
Cyber asset
15, 25–26
critical, identification of
19, 19f
Cyber attack
impact of
35, 36t
see alsoIndustrial networks
likeliness vs. consequence
11, 12f
Cyber Metric 8, of RBPS
251, 252
Cyber war
44–45
APT and
41–52
defined
41–42
information targets of
42t
progression of
49–50
trends in
45–49
D
Data
availability
243–245
retention
242–243
storage
242–243, 244t
Database activity monitors (DAM)
230
Data diode
15, 167, 181
Data enrichment
208–209
Data Historians, in security monitoring
236
Data Historian system
94–95, 152
for business intelligence management
104–105
in feedback loops
104
Deep packet inspection (DPI)
166, 167
application session inspection vs.
167, 168f
Default accounts/passwords, use of
306
Defense in depth
23–24, 23f
Demand response systems
107–108
Demilitarized zone (DMZ)
12–13
Denial of service (DoS)
60, 112
Department of Energy (DoE)
250
Department of Homeland Security (DHS)
32, 250
Device removal and quarantine
144
Dial-up connections
perimeters identification and
161
Digital Bond
61
Direct monitoring
230
Distributed control systems (DCS)
7, 116–117
Distributed Network Protocol (DNP3)
56, 66–73
enabling over unidirectional gateways
181, 182f
functions of
66–67
operation
67–69, 68f, 69f
protocol framing
69–70, 71f
SCADA-IDS/IPS
73
Secure DNP3
69–70, 70f
security concerns
71–72
security recommendations
72–73
use of
70, 72f
vs. Modbus
70
Distribution management systems
107–108
DNS information
114
Dynamic Host Configuration Protocol (DHCP)
208–209
E
Electricity generation/distribution, bulk
9–10
Electronic Security Perimeter(s) (ESP)
13, 27–28
enclaves
166
Enclaves
26–27, 27f, 147
criticality
156–159, 158f
defined
147
establishing
161–166
firewall configuration guidelines
169, 170–171t
functional groups identification
seeFunctional groups identification
geographically split
162, 162f
identification using functional groups
159–160
network alterations
164
perimeters identification
161–163, 162f, 163f
perimeters security
166–181
criticality and
166, 167t
devices implementation
169–172
devices selection
166–167
firewall configuration guidelines
169, 170–171t
IDS/IPS configuration guidelines
172–181
recommended IDS/IPS rules
177–178
and security device configurations
164–166
and security policy development
164
Enterprise network hacking methods
116
EtherCAT
80–81
security concerns
81
security recommendations
81
Ethernet
98
Ethernet/IP
78–79
security concerns
79
security recommendations
79
Ethernet Powerlink
81–82
security concerns
82
security recommendations
82
Evaluation assurance level (EAL)
299–300
Event correlation, for threat detection
206–211
cross-source correlation
210, 211t
data enrichment
208–209
defined
205–206
normalization
209–210, 209t
process of
207f
rules of
208t
tiered correlation
210–211, 211t
Exception reporting
190–192
defined
189
uses
190, 191t, 192
Executive override
307
F
False positive
217–218
Federal Energy Regulatory Commission (FERC)
250
Federal Information Processing Standards (FIPS) standards
FIPS
140-2, 300
Federal Information Security Management Act (FISMA)
11, 15–16, 250
Feedback loops
103–104
Fieldbus protocols
55
see alsoIndustrial networks, protocols
File integrity monitoring (FIM) products
220
File system logs
220
Firewall(s)
230
configuration guidelines of enclave
169, 170–171t
Functional group(s)
defined
148
overlapping
159, 159f, 160f
Functional groups identification
148–161
see alsoEnclaves
control data storage
152
control loops
149–150
control processes
151–152
criticality
156–159
enclaves identification
159–160
network connectivity
149
protocols
156
remote access
154
supervisory controls
150–151
trading communications
153–154
users and roles
155–156
G
Government Accountability Office (GAO)
122
Graphical user interface (GUI)
160f, 164
H
Hacking techniques
111–112
attack process
112
disruption, infection and persistence
115
enumeration
114
reconnaissance
112, 113, 114
scanning
114
Historization
104
functional groups based on
152, 153f
Historized data
105
Home Area Networks (HANs)
83–84
Homeland Security Presidential Directive Seven (HSPD-7)
9, 11, 12–13, 250
Host firewalls
183–184
Host IDS (HIDS) systems
184
Host security controls
255–256, 268f, 269–278t
HTTP Command and Control rule
208t
Human-machine interfaces (HMI)
25–26, 93–94, 216–217
in control processes
103
functional group based on
150, 151, 151f
GUI representation of a control loop
160f, 164
I
Idaho National Laboratories (INL)
36–37
Identification and authentication (IA)
16
Identity access management (IAM) systems
225
Identity and authentication management (IAM)
155, 200
IDS/IPS
121
IDS/IPS actions
174–175t
IDS/IPS policy
172–181
Incident investigation
241
Incident Reporting and Response Planning
13
Incident response
241
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
37–38
Industrial control systems (ICS)
1, 2, 7, 8f
Industrial networks
7–12, 25
critical infrastructure and
7–12
critical versus noncritical
11
incidents
34–36, 34f
see alsoAdvanced Persistent Threats (APTs), Cyber war
Adobe Postscript Document Format (PDF) exploits
46
cyber attack, impact of
35, 36t
examples
36–41
impact of
34–36
safety controls
34–35
social networking
47–48
non-routable networks
25, 26f
routable networks
25, 26f
security
importance of
31–33
Industrial networks, accessing
123–124
business network
124–126
common vulnerabilities
127
application backdoors
130
asset controls
130
diagnostic access/dial-up access/field access
131–132
poorly configured firewalls
127–128
remote access, VPNs and mobile apps
131
unnecessary ports and services
128–130
Wi-Fi access
131
Control System
127
SCADA DMZ
126, 127
smart grid
132
Industrial networks, targeting
116–117
disruption and penetration of industrial networks
121–122
enumerating industrial networks
120
industrial reconnaissance
117
scanning industrial networks
117, 119–120
threat agents
122–123
Industrial network security, mapping
254–293
host security controls
255–256, 268f, 269–278t
perimeter security controls
254–293, 256f, 257–267t
security monitoring controls
279–293, 279f, 280–292t
Industrial Protocol Filters
166
Industrial security, recommendations
18–24
access control
24
critical systems, identification of
18–19
defense in depth
23–24, 23f
network segmentation/isolation of systems
20–22, 21f, 22f
Industrial security appliances
218
Industrial security devices
comparison of
179, 180t
Inferred monitoring
230–232
Information collection
233–236
Information management
233–242
alerts in
241
queries in
238f, 239f, 237–239
reports for
240
Information technology (IT) systems
and OT systems
correlation of
211–212, 212t
metrics, anomaly detection and
198
Intelligent electronic devices (IED)
89–90, 216–217
Inter Control Center Communication Protocol (ICCP) connections
functional group based on, for trading communication
153–154
Inter Control Center Protocol/Telecontrol Application Service Element-2 (ICCP/TASE.2)
56, 61–66
functions of
62
malicious behaviors, detection of
65
operation
62–63, 63f
SCADA-IDS/IPS
65–66
security concerns
63–64
security recommendations
65–66
use of
63, 64f
vs. Modbus
64–65
Interior security systems, enclaves
183–185
Anti-Virus systems
184
AWL solution
184–185
external controls
185
HIDS systems
184
host firewalls
183–184
International Electrotechnical Commission (IEC)
18, 252–253
ISO/IEC 27002:2005 by
252
International Society of Automation (ISA)
ISA standard 99 (ISA-99)
17–18
International Standards Organization (ISO)
18
ISO 27002
18
ISO/IEC 27002:2005 by
252
Internet Control Message Protocol (ICMP)
114
Intrusion detection
anomaly based
178–179
defined
172
Intrusion detection system (IDS)
218, 230, 231–232
Intrusion detection system (IDS) devices
configuration guidelines
172–181
Intrusion prevention, defined
172
Intrusion prevention system (IPS)
217, 218
Intrusion prevention system (IPS) devices
configuration guidelines
172–181
ISA standard 99 (ISA-99)
17–18
K
Kismet
230
L
Ladder logic
91–93, 92f
Lightweight Directory Access Protocol (LDAP)
120, 200, 225
Local Area Network (LAN)
12–13
Log aggregation
231, 233
Log collection
229–230
Logical network boundaries
149
Log management
for anomaly detection
198–199
Log management systems
233–236, 234f
Logs
219
Log search
233
Log storage
242–245, 244t
“Luigi Vulnerabilities”
49–50
M
Maltego
113
Malware
115, 217, 222, 223
mutations
49
Mandiant Memoryze
51, 52f
Man-in-the-Middle (MITM) attacks
35, 64
Mapping, compliance controls
to network security functions
293, 294–298t
Mapping, compliance requirements
host security controls
255–256, 268f, 269–278t
perimeter security controls
254–293, 256f, 257–267t
security monitoring controls
279–293, 279f, 280–292t
Master node address
120
Master/slave relationships
116–117
Master station
64
Master terminal unit (MTU)
90, 151–152
Media protection (MP)
16
Metasploit
33, 114
Meter Data Management Systems
107–108
Microsoft Active Directory
200
Misconfigurations
305–308
default accounts/passwords, use of
306
executive override
307
outbound security and monitoring, lack of
306–307
Ronco perimeter
307–308
Modbus ASCII
58, 58f
Modbus Organization
56
Modbus Plus
58, 59
Modbus RTU
58, 58f
Modbus TCP
58–59, 59f
Modicon
56
Modicon Communication Bus (Modbus)
56–61, 98, 117
functions of
56–57
operation
57–58, 57f
SCADA-IDS/IPS
61
security concerns
59–60
security recommendations
60–61
use of
59, 60f
variants
58–59
Modbus ASCII
58, 58f
Modbus Plus
58, 59
Modbus RTU
58, 58f
Modbus TCP
58–59, 59f
vs. DNP3
70
vs. ICCP
64–65
Modiüs
94–95
Monitoring, of enclaves
216–236
additional tools for
231–232
application logs
221–222, 222f
assets
218–220
behavior analysis
228
configuration
220–221
contextual information
225–228, 227t, 228f
Data Historians in
236
direct
230
inferred
230–232
by log collection
229–230
log management systems in
233–236, 234f
network-based
231
network flows
222–223, 224t
process
232f
across secure boundaries
236
security events
217–218
SIEM systems in
233–236, 235f
user identities and authentication
223–225
Monitoring, of security controls
279–293, 279f, 280–292t
N
National Infrastructure Security Coordination Center (NISCC)
firewall configuration guidelines with enclave variables
170–171t
National Institute of Standards and Technology (NIST)
11, 250, 257–267t, 269–278t
SP 800-82
253
special publications (800 series) of
13, 15–16
SP 800-53
13, 15–16
SP 800-82
13
nCircle
220
NERC
NERC Critical Infrastructure Protection (CIP)
9–10, 13
sections
13
Network alterations
enclaves
164
Network anomaly detection
178
Network architectures
97–100
functional differences in
97t
topologies used
98–100
Network attached storage (NAS) devices
152
Network behavior anomaly detection (NBAD) tool
192, 198–199
Network connectivity
functional groups based on
149
Network flows, monitoring
222–223, 224t
Network mask
114
Network Probes
230
Network segmentation/isolation of systems
20–22, 21f, 22f
Network whitelisting
40–41
Network whitelisting devices
166
see alsoWhitelists
Night Dragon
41
NIST 800-82
120
Nmap scanner
114
Noncritical assets
19
Nonrepudiation
242
Non-routable networks
25, 26f
Normalization
209–210, 209t
taxonomy (tiered categorization structure)
210f
North American Electric Reliability Corporation (NERC)
10, 250, 257–267t, 269–278t, 280–292t, 294–298t
CIP of
250–251
Novell
225
Nuclear facilities
9
Nuclear Regulatory Commission (NRC)
9, 13–15
10 CFR 73.54
13–14
RG 5.71
13–15
Nuclear Regulatory Commission Regulation (NRC RG)
257–267t, 269–278t, 280–292t, 294–298t
NRC RG 5.71
253
O
Object Linking and Embedding for Process Control (OPC)
56, 73–78
functions of
73–74
OPC Express Interface (XI)
75
OPC-UA
75
operation
74–75, 74f
SCADA-IDS/IPS
78
security concerns
75–77
security recommendations
77–78
use of
75, 76f
Object Linking and Embedding (OLE) protocol
for process control
73–78
OPC Express Interface (OPC-XI)
75
OPC-UA
75
Open loop
101
Open Source Intelligence (OSINT)
44
Open Source Security Information Management (OSSIM)
233, 234, 237, 237f
Operational technology (OT)
216–217
Operational technology (OT) systems
and IT systems
correlation of
211–212, 212t
metrics, anomaly detection and
198
Operation Aurora
37
Oracle Identity Management
225
OSIsoft
94–95
Outbound security and monitoring, lack of
306–307
Outbound Spambot behavior rule
208t
Overlapping functional groups
159, 159f, 160f
P
Passive logging
230
Passwords, use of
default
306
strong
306
weak
306
Patch management system
141–143
Penetration test
seeVulnerability assessment
Perimeter(s)
defense
123–124
defined
27–28
enclaves
identification
161–163, 162f, 163f
Perimeter security controls
254–293, 256f, 257–267t
Perimeter security devices
data diode
167
implementing
169–172
relative capabilities of
167, 168f
selecting
166–167
Persistence
115
Personnel & Training
13
Physical air gap
15
Physical network boundaries
149
Physical Security of Critical Cyber Assets
13
Ping sweep
114
Pitfalls and mistakes
complacency
seeComplacency
compliance vs. security
308–310
misconfigurations
seeMisconfigurations
scope and scale
310–312
Plant operator
1–2
Policy, and real security
304
Process control systems (PCS)
7
Profibus
37–38, 79–80, 98
security concerns
80
security recommendations
80
Profibus communications
119–120
Programmable logic controllers (PLC)
37–38, 39, 56, 90–93, 117, 216–217
ladder logic
91–93, 92f
operational flow diagram
93f
“Step Logic”
93
Protection profile (PP)
299
Protocol data units (PDU)
57
Protocols
functional group based on
156, 157f
Q
Queries, in information management
237–239, 238f, 239f
R
Real security, vs. policy and awareness
304
Recovery Plans for Critical Cyber Assets
13
Relational Database Management System (RDBMS)
95
Remote access
functional group based on
154, 155f
Remote access servers (RAS)
154
Remote Procedure Call (RPC)
73
Remote terminal units (RTU)
25–26, 90, 216–217
Reports
240
by SIEM
240f
Retention, data
242–243
Risk assessment (RA)
16
Risk-based Performance Standards (RBPS)
16–17
for CFATS
251, 252
Routable networks
25, 26f
rpcinfo
114
“Rule-less” detection systems
178–179
S
Sabotage reporting
13
Safety controls
34–35
Sandia National Laboratories
35
SCADA buffer overflow attack
176
SCADA IDS/IPS devices
178
SCADA Intrusion Detection System/SCADA Intrusion Prevention System (SCADA-IDS/IPS)
DNP3
73
Modbus
61
OPC
78
SCADA protocols
55
see alsoIndustrial networks, protocols
Scalability
role in smart grid development
100
Scope and scale, of network
310–312
Secure DNP3
69–70, 70f
Secure sockets layer (SSL)
37
Securing the Smart Grid: Next Generation Power Grid Security
2–3
Security, real
vs.policy and awareness
304
Security controls
compliance vs.
308–310
insufficiently sized
311–312
monitoring of
279–293, 279f, 280–292t
Security Device Event Exchange protocol (SDEE), of Cisco
230
Security devices
see alsoPerimeter security devices
comparison of
179, 180t
configurations, enclaves and
164–166
Security events
217–218
Security functional requirements (SFR)
299
Security Information and Event Management (SIEM) system
179, 185, 233–236, 235f
alerts
241
for anomaly detection
198–199
reports
240f
user activity
225, 226f
Security management controls
13
Security policy development
enclaves and
164
Security targets (ST)
299
Sentient Hyper-Optimized Data Access Network (SHODAN)
117
SERCOS III Master Data Telegram
119
SERCOS (Serial Real-time Communications System) networks
119
Serial Real-time Communications System (SERCOS III)
82–83
security concerns
82–83
security recommendations
83
Session inspection
179
application, vs. deep packet inspection
167, 168f
Set points
39
Severity level (SL)
15
Single-source correlation
cross-source vs.
211t
Smart grid
2–3, 83–85, 84f, 98–99
addressable attack surface
99, 100f
components of
107–108, 107f
disadvantages
108
operations
107–108
scalability and
100
security concerns
84–85
security recommendations
85
Smart-Listing
203–205, 205f
Smart Meter
100
Smart Phones, wireless networking in
311
Snort
230
Snort syntax
165, 173
Social Engineer Toolkit (SET)
113
Social networking sites
113
industrial networks incidents and
47–48
SP 800-53
13, 15–16
SP 800-82
13
“Spamming”
65
Standards and organizations
Chemical Facility Anti-Terrorism Standards (CFATS)
11, 16–17
Federal Information Security Management Act (FISMA)
11, 15–16
Homeland Security Presidential DirectiveSeven (HSPD-7)
9, 11, 12–13
ISA standard 99 (ISA-99)
17–18
ISO 27002
18
NERC Critical Infrastructure Protection (CIP)
9–10, 13
NIST, special publications (800 series) of
13, 15–16
Nuclear Regulatory Commission (NRC)
9, 13–15
Standards and regulations
ISO/IEC 27002:2005
252–253
NERC CIP
250–251
NIST SP 800-82
253
NRC Regulation 5.71
253
“Step Logic”
93
Storage area networks (SAN)
152
Strong passwords, use of
306
Structured query language (SQL)
237–238
Stuxnet
37–41, 107, 119–122, 176–177, 200
functions
39
infection process
38–41, 38f
lessons learned from
39–41, 40t
Supervisory Control and Data Acquisition demilitarized zone (SCADA DMZ) systems
94, 104–105
functional demarcation
97, 97f, 98
Supervisory Control and Data Acquisition (SCADA) systems
1, 7–8, 116–117
functional differences with other network architectures
97, 97t
Supervisory controls
see alsoHuman machine interfaces (HMIs)
functional group based on
150–151, 151f
Supervisory workstations
94
Syslog
218, 219
aggregation
233
System and communication protection (SC)
16
System and information integrity (SI)
16
System logs
219
System requirements (SRs)
17–18
Systems security management
13
T
“Tags,” defined
95
TCP/IP networks
98
Technical controls, ISO/IEC 27002:2005 and
252–253
Threat detection
205–213
cross-source correlation
210, 211t
data enrichment
208–209
event correlation
206–211
IT and OT systems, correlation between
211–212, 212t
normalization
209–210, 209t
tiered correlation
210–211, 211t
Tiered correlation
210–211, 211t
Time-correlated baselines
193–194, 194f
Time-series databases
for anomaly detection
198
Title 10 Code of Federal Regulations (CFR), section 73.54 (10 CFR 73.54)
13–14
Tivoli Identity Manager
225
Topology(ies)
used in network architectures
98–100, 99f
Trading communication
functional group based on ICCP for
153–154, 154f
Transmission Control Protocol/Internet Protocol (TCP/IP)
1, 58–59
Transmission control protocol (TCP)
114
errors
195–198
Transport layer security (TLS)
72
U
Unidirectional gateways
181
enabling DNP3 services over
181, 182f
Unified compliance framework (UCF)
254, 309–310
Unified threat management (UTM) devices
166
User Datagram Protocol (UDP) ports
114
User identity, monitoring
223–225, 226f
Users and roles
functional group based on
155–156, 156f
User whitelists
199–200
see alsoWhitelists
Utilities
9
V
Variables
defined
165
Virtual local area networks (VLAN)
149
Virtual private networks (VPN)
154
Vital Infrastructure, Networks, Information and Control Systems Management (VIKING)
35
Vulnerabilities, determining
132–133
assessment
133, 137
assessment in industrial networks
137–138
Cyber Security Evaluation Tool (CSET)
140
scanning for configuration assurance
138–139
VA scans
139–140
Vulnerability
33
Vulnerability assessment
3
configuration issues in
305
vs. zero-days
303–304
Vulnerability management
140–141
W
Weak passwords, use of
306
Windows file protection (WFP)
220
Windows management instrumentation (WMI)
219–220
Wireless networks
network connectivity
149
perimeters identification
161
Wireshark
230
Workstations, supervisory
94
components
94
Z
Zero-days, vulnerability assessments vs.
303–304
Zones
17
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.237.123