IT Security Matters

Klaus Jochem

Skip to content
  • Home
  • About me
    • About me
    • Copyright and Disclaimer
  • Microsoft AppLocker in der Automatisierungstechnik

IIoT Security Basics

19 November 2016

During my daily check of the Department of Homeland Security’s ICS-CERT Advisory Feed I found an interesting report that deals with a vulnerability in a family of Schneider Electric Power Meters. I researched similar advisories and the corresponding product manuals.

From that I derived some basic rules for the design of Industrial IoT (IIoT) Devices:

  1. Factory default for all network adapters of IIoT devices is DISABLED.
  2. As soon as a network adapter is enabled the user is forced to reset the password of the device and of all inbuilt users to non-trivial values. The embedded operating system should check at least against the ‘25 worst passwords’ published in the year of manufacturing.
  3. A reset to trivial passwords shall be rejected by the embedded operating system.
  4. The vendors guarantee that IIoT devices are free of Backdoor accounts.
  5. All network connections shall be encrypted by default.

With this, the risk of cyber-attacks against IIoT devices is dramatically reduced. And, if built-in during design phase, the production costs will increase, if at all, only moderately.

Have a good weekend.

Share this:

  • Email
  • Print
  • LinkedIn

Like this:

Like Loading...

Related

This entry was posted in New Technology, Opinion, Survival tips and tagged Backdoor account, ICS-CERT, IIoT, Industrial IoT Devices, Security by design on November 19, 2016 by Klaus Jochem.

Post navigation

← If one can ping an industrial controller, one can stop it Update on IIoT Security Basics →

Technology and more

  • 4 Elementary IT Security Design Principles
  • Microsoft AppLocker in der Automatisierungstechnik

Endnotes

  • SRM Blog Information Security Breach Reports
  • [1] Frequently Asked Questions on eBay Password Change
  • [2] Ponemon Institute, Cost of Cyber Crime Study: United States 2013
  • [3] Hashed Passwords – Crack The Cred
  • [4] Important Information – Office Passwort Reset
  • [5] Reducing the Effectiveness of Pass-the-Hash

Tags

  • administrative privileges
  • anti-malware
  • AppGuard
  • Attack Surface
  • critical infrastructure
  • Cyber Attack
  • data breach
  • Endpoint Protection
  • Malware
  • Phishing
  • Principle of least privilege
  • Ransomware
  • Remote Code Execution Vulnerability
  • Separation of Duties
  • strong passwords
  • Two factor Authentication
  • UAC
  • Vulnerability
  • WannaCry
  • Zero day exploits

Archive

  • October 2021 (1)
  • September 2021 (1)
  • July 2021 (1)
  • June 2021 (1)
  • May 2021 (1)
  • April 2021 (1)
  • March 2021 (2)
  • January 2021 (3)
  • October 2020 (1)
  • August 2020 (2)
  • June 2020 (4)
  • May 2020 (4)
  • April 2020 (1)
  • March 2020 (3)
  • January 2020 (1)
  • December 2019 (1)
  • November 2019 (1)
  • October 2019 (1)
  • September 2019 (2)
  • August 2019 (3)
  • July 2019 (2)
  • June 2019 (1)
  • May 2019 (2)
  • April 2019 (1)
  • March 2019 (3)
  • February 2019 (1)
  • January 2019 (2)
  • December 2018 (1)
  • November 2018 (2)
  • October 2018 (2)
  • September 2018 (1)
  • August 2018 (2)
  • July 2018 (1)
  • June 2018 (3)
  • May 2018 (2)
  • April 2018 (3)
  • March 2018 (3)
  • February 2018 (3)
  • January 2018 (3)
  • December 2017 (1)
  • November 2017 (3)
  • October 2017 (6)
  • September 2017 (1)
  • August 2017 (1)
  • July 2017 (5)
  • June 2017 (2)
  • May 2017 (5)
  • April 2017 (4)
  • March 2017 (3)
  • February 2017 (3)
  • January 2017 (2)
  • December 2016 (2)
  • November 2016 (5)
  • October 2016 (8)
  • September 2016 (4)
  • August 2016 (4)
  • July 2016 (6)
  • June 2016 (4)
  • May 2016 (4)
  • April 2016 (5)
  • March 2016 (6)
  • February 2016 (9)
  • January 2016 (7)
  • December 2015 (2)
  • November 2015 (6)
  • October 2015 (4)
  • September 2015 (4)
  • August 2015 (5)
  • July 2015 (6)
  • June 2015 (6)
  • May 2015 (9)
  • April 2015 (8)
  • March 2015 (8)
  • February 2015 (8)
  • January 2015 (10)
  • December 2014 (4)
  • November 2014 (9)
  • October 2014 (9)
  • September 2014 (9)
  • August 2014 (10)
  • July 2014 (10)
  • June 2014 (5)

Blogs I Follow

  • EFRONA MOR - Writer & Author of Epic Fantasy
  • Jaya's Blog
  • Dopamine Writes 🖊️🖊️
  • TIME GENTS
  • Crowdbase Blog

Subscribe

RSS Feed

Blog at WordPress.com.
EFRONA MOR - Writer & Author of Epic Fantasy

How To Become a Better Writer—Best Epic Fantasy Books

Jaya's Blog

Dopamine Writes 🖊️🖊️

Composed thoughts, Penned & Compiled

TIME GENTS

Australian Pub Project, Established 2013

Crowdbase Blog

A blog about knowledge sharing, collective intelligence and enterprise collaboration.

  • Follow Following
    • IT Security Matters
      • Join 209 other followers
    • Already have a WordPress.com account? Log in now.
    • IT Security Matters
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: