Reduce Vulnerability to Cyber Attacks in the Control Room

Technical guide to reduce vulnerability to Cyber attacks
Published by Schneider Electric

Features

  • Table of Content

Table of Content

Detailed content of the document
1. Introduction
  • 1.1. Purpose

    1.2. Customer Challenges

    1.3. Prerequisites

    1.4. About this Document

    1.5. Glossary

2. Selection
  • 2.1. Hardware Requirements

    2.2. Software Requirements

3. Design
  • 3.1. System Design Overview

    3.2. Security Zone Overview

    3.3. Firewalls as Default Gateways

    3.4. Stateful Packet Inspection

    3.5. Data Flow Overview

    3.6. General Firewall Rules

    3.7. Enterprise/DMZ Boundary

    3.8. DMZ/Control Boundary

    3.9. Control/Device Boundary

    3.10. Network Segmentation

    3.11. Virtual LANs

    3.12. Functional Unit Routing and VLANs

    3.13. In-Band Switch and Firewall Management

    3.14. Security Related System Components and Practices

    3.15. Suggested Complimentary Technologies

4. Configuration
  • 4.1. ConneXium Industrial Firewall Configuration

    4.2. In-Band Management Firewall Configuration

    4.3. Routing and Packet Filtering Rules

    4.4. General Purpose PC and Server Configuration

    4.5. Wonderware System Platform Overview

    4.6. Wonderware System Platform Configuration

    4.7. Wonderware Historian

    4.8. Ampla

    4.9. OFS Configuration

    4.10. Control Expert Configuration

    4.11. ConneXium Network Manager Configuration

    4.12. ConneXium Managed Switch Configuration

    4.13. Host File Configuration

    4.14. Windows 2016 and Windows 10 Ping Response Configuration

    4.15. Windows Server Backup Configuration

    4.16. System Update Server and Client Configuration

    4.17. Network Time Configuration

    4.18. Simple Mail Transfer Protocol (SMTP) Server Configuration

    4.19. Syslog Configuration

5. Implementation
6. Operation and Main
  • 6.1. Deployment of Servers, Workstations, and Industrial PCs

    6.2. Network Survey and Documentation

    6.3. Syslog and Event Log Reviews

    6.4. Passwords

    6.5. Certificates

    6.6. System Updates

    6.7. Application Updates

    6.8. Account Review

    6.9. Backup of Known Good Configurations

    6.10. Security Audits

    6.11. Disable Unused Ports

    6.12. Wonderware Server Backup Configuration

    6.13. Cybersecurity Services

7. Validation
  • 7.1. General Operational Tests

    7.2. Port Scanning, Vulnerability Scanning, and Penetration Tests

8. Conclusion
9. Appendix
  • 9.1. Glossary

    9.2. Bill of Material and Software

    9.3. Reference Documents

Unauthorised background image

Your product is just steps away!

Register for FREE to buy, get downloads and access free trials.

Get Resources and Start FREE Trials

Easy Product Activation with Your Account

Products Saved to Personal Digital Library