Cyber security essentials: Part II

The second installment of the Cyber Security Essentials series looks at what a robust network security system looks like, with insights from an ethical, professional hacker.


Courtesy: Maverick TechnologiesIn Part I of this series, we outlined some of the most common cyber attacks and some of the simple ways a user can guard against them. I sat down with an ethical hacker to hash out what robust network security looks like.

The interview: He’s a hacker, but it’s okay…

A long-time friend of mine has a pretty unique job; he’s an ethical hacker. While this sounds like an oxymoron, I assure he’s not. Tim Garrity is an information security analyst for TraceSecurity Inc. Companies often hire security firms like TraceSecurity Inc. to hack their facilities using a variety of methods. The idea is that finding out about a security gap from a friendly consultant is far more favorable than finding it out from someone with nefarious intentions. Here are a few things I asked him about:

Q: We’ve heard of cyber security, what is it?

It’s a buzzword. Essentially, it’s the overall view of technical controls that should be in place to ensure data/systems are not compromised. Technical security and physical security should work together for network security. You want to have multiple layers of defense in case one layer is compromised.

Q: Multiple layers?

If an intrusion protection system (IPS) and intrusion detection system (IDS) device is compromised, you want a firewall to catch it. Then you’d hope antivirus software would catch an intrusion beyond that, along with host-based intrusion prevention/detection (locally installed firewall on the workstation).

Q: Okay, so can you give me an idea of what a well guarded system would look like?

Ideally, you’d want an IPS/IDS in place as the perimeter of defense. Often the IDS is monitored by a third party to supervise network activity and alert the company when suspicious activity is discovered. Next, your firewalls will contain a rule set which act as a barrier to unauthorized network traffic. Beyond that, biometrics are pretty expensive, but RFIDs such as smart cards are more reasonably priced. That’s all from a hardware standpoint.

Q: Alright, so what sort of software safeguards would you suggest?

First of all, antivirus software should be centrally managed (i.e. a central server pushes out the latest updates and ensures devices are updating correctly). Also, it’s important to ensure an end-user cannot disable this. Similarly, a centralized patch-management system is a necessity. It doesn’t make for a thrilling topic to talk about security updates for your operating system, or firmware updates for any routers, switches or firewalls used, but it can get pretty exciting for everyone if one of these is exploited by an unethical hacker! Even those annoying Adobe Flash and Java updates are important. Now you’ll have to excuse me while I restart my laptop...

In the third and final installment, we’ll get Tim’s thoughts on ways to protect your plant from people— the careless to the nefarious.

This post was written by Josh Bozeman. Josh is a Proposal and Estimating Specialist at MAVERICK Technologies, a leading automation solutions provider offering industrial automation, strategic manufacturing, and enterprise integration services for the process industries. MAVERICK delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, business process optimization and more.

MAVERICK Technologies is a CSIA member as of 3/5/2015

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Big Data and IIoT value; Monitoring Big Data; Robotics safety standards and programming; Learning about PID
Motor specification guidelines; Understanding multivariable control; Improving a safety instrumented system; 2017 Engineers' Choice Award Winners
Selecting the best controller from several viewpoints; System integrator advice for the IIoT; TSN and real-time Ethernet; Questions to ask when selecting a VFD; Action items for an aging PLC/DCS
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
click me