1
Q
What are the four main sections of Chapter 5?
A
Network Segmentation; Secure Communication; Physical Security and Remote Attestation; Security and Vulnerability Assessments.
2
Q
What is the core purpose of preventive measures in industrial networks?
A
They are taken in advance to reduce the risk and impact of attacks on industrial networks.
3
Q
What is the guiding principle for network segmentation according to the lecture?
A
The guiding principle is the principle of least route.
4
Q
What does the principle of least route mean?
A
A node should only have access to networks that are required to perform its distinct functionality.
5
Q
How is the principle of least route related to the principle of least privilege?
A
It is the network analogue of least privilege, restricting network reachability to only what is necessary.
6
Q
Why do purpose-built industrial networks fit the principle of least route well?
A
Because they are designed for specific functions rather than as general-purpose networks.
7
Q
What can limit opportunities for network segmentation?
A
The existing network topology can limit how strongly segmentation can be realized.
8
Q
What is a broadcast domain?
A
A logical partition in which all nodes can broadcast to each other.
9
Q
What is a VLAN in the context of segmentation?
A
A virtual LAN is a broadcast domain partitioned at the data-link layer.
10
Q
What is the Purdue reference model in this chapter?
A
It is a control-hierarchy logical framework that is divided into four zones.
11
Q
Which four zones are part of the Purdue four-zone model?
A
Cell/area zone, manufacturing zone, demilitarized zone (DMZ), and enterprise zone.
12
Q
Which zone is NOT part of the Purdue four-zone model?
A
Wide-area is not one of the four Purdue zones shown in the lecture.
13
Q
What is the purpose of the DMZ in the Purdue model?
A
It separates enterprise and manufacturing-related environments and acts as a controlled buffer zone.
14
Q
What is a zone in the generalized zones-and-conduits model?
A
A zone is an aggregation of ICS assets into groups according to a principle that improves the security of the group.
15
Q
What is a physical zone?
A
A physical zone groups co-located assets.
16
Q
What is a logical zone?
A
A logical zone groups assets according to functionality or protocols.
17
Q
What is a conduit?
A
A conduit is a class of zone that groups communication channels or information flows into an arrangement that improves security.
18
Q
Why are zones and conduits useful?
A
They facilitate the selection, configuration, and deployment of access-control and attack-detection or prevention mechanisms.
19
Q
How do zones and conduits relate to network segmentation?
A
Zones formalize how assets are grouped, and conduits formalize and control the communication between those groups.
20
Q
Which inline security device is best suited to enforce conduits?
A
A stateful firewall is best suited to enforce conduits and realize boundary protection.
21
Q
Why are firewalls generally a bigger hurdle for attackers than routers?
A
Because firewalls are usually stateful, while routers are usually stateless.
22
Q
What does ‘stateful’ mean in the firewall context?
A
It means the device tracks connection state, such as packet order, whether a packet belongs to an existing connection, and TCP flags like SYN, ACK, or FIN.
23
Q
What is a key advantage of stateful firewalls over stateless filtering?
A
They can reason about packet context and ongoing sessions, not just isolated packets.
24
Q
What is behavioral allowlisting?
A
It is an approach in which only explicitly allowlisted behavior is allowed.
25
What is a user allowlist?
A user allowlist permits only known good users to log in.
26
Why are admin and operator accounts especially important in user allowlists?
Because they are high-value targets and can control critical industrial processes.
27
What is an asset allowlist?
It applies to assets within a zone so rogue devices or unexpected addresses can be detected.
28
What is an application behavior allowlist?
It restricts authorized applications to behave only in explicitly permitted ways.
29
Give examples of what an application behavior allowlist can restrict.
Authorized communication partners by IP or MAC address, authorized ports, authorized commands, and authorized consumed data.
30
Which option is NOT a typical behavioral allowlist type in the lecture?
A specification allowlist is not listed as a typical behavioral allowlist type.
31
Why is zero trust motivated in industrial networks?
Because industrial security is complex, many devices and users exist, visibility is limited, and traditional trusted-network assumptions are weakening.
32
What two trends threaten classical trust assumptions?
Assets increasingly enter and leave the network, and attackers increasingly use identity attacks such as phishing and credential theft.
33
What is zero trust?
Zero trust is a security model or architecture for designing systems beyond the network perimeter.
34
What is the central motto of zero trust?
Never trust, always verify.
35
What common misunderstanding about zero trust is mentioned?
It is often falsely interpreted as removing the wide-area perimeter.
36
What does zero trust require before a session to a resource is established?
Authentication and authorization must take place before access is granted.
37
What kinds of resources does zero trust aim to protect?
All resources, including assets, devices, services, workflows, and network accounts.
38
According to NIST, what counts as a resource in zero trust?
All data sources and computing services are resources.
39
What does NIST say about communication location in zero trust?
All communication should be secured regardless of location.
40
How is access granted in zero trust according to NIST?
Access to individual enterprise resources is granted on a per-session basis.
41
How is zero-trust access determined?
It is determined by dynamic policy based on factors such as client identity, application or service, requesting asset, and context.
42
What does zero trust say about the trustworthiness of assets?
No asset is inherently trusted, and integrity and security posture should be monitored continuously.
43
What must happen before access is allowed in zero trust?
Authentication and authorization must be dynamic and strictly enforced before access is granted.
44
What additional information does zero trust try to collect?
It collects as much information as possible about the current state of resources to improve security.
45
How does classical perimeter security differ from zero trust?
Classical perimeter security protects a segment and treats everything inside as trusted, while zero trust secures all communication and enforces policy per resource.
46
What is the role of the policy engine in a zero-trust architecture?
It is responsible for the ultimate decision to grant access to a resource for a given subject.
47
What is the role of the policy administrator in zero trust?
It manages communication paths based on policy decisions.
48
What is the role of the policy enforcement point?
It enables, monitors, and terminates connections between a subject and an enterprise resource.
49
What does explicit verification mean in zero trust?
Every access request must be strongly authenticated instead of being trusted because of its environment.
50
What mechanisms support explicit verification?
A secure point of access, strong authentication such as MFA, and contextual or conditional access checks.
51
What do least access and least privileges mean in zero trust?
Access rights are restricted to those required for a specific function.
52
What is just-in-time or just-enough access?
It is temporary and narrowly scoped access granted only when needed.
53
What does the assumption-of-breach principle mean?
Security should be designed as if the system is already compromised, so impact is continuously reduced.
54
Why does assumption of breach require detection and response capabilities?
Because the strategy assumes attacks can already exist inside the system and must therefore be found and contained.
55
What industrial-specific visibility questions matter for zero trust?
Which devices exist, whether they are known, how they communicate, and what their impact is on business, safety, and operation.
56
Why is vulnerability prioritization important when introducing zero trust to OT?
Because industrial networks need to identify vulnerabilities that require immediate attention and mitigation.
57
Why must zero trust in OT consider enterprise integration?
Because prevention, detection, and reaction should be unified across IT and OT where appropriate.
58
What is nano segmentation?
Nano segmentation limits each device’s network access to only the flows needed for its operation.
59
How does nano segmentation relate to zero trust?
It is one possible building block to realize zero trust.
60
What is the result of nano segmentation at the device level?
Each device effectively gets its own per-device nano segment.
61
Where is segmentation enforced in nano segmentation?
In the network at each node and at the receiver.
62
Why must nano segmentation work on low-end devices?
Because industrial networks often contain constrained and low-end devices.
63
What is the least-route goal of nano segmentation?
Only explicitly allowlisted flows are permitted at the granularity of individual devices.
64
Why is deny-by-default a good fit for many industrial networks?
Because industrial communication is often static and predictable, making explicit allowlists practical.
65
What is the isolation goal of nano segmentation?
A compromised node should only be able to affect its own network area or nano segment.
66
What is the authentication goal of nano segmentation?
Each packet should be source-authenticated both within the network and by the receiver.
67
What is Hopper?
Hopper is a research approach for nano segmentation in industrial networks based on authentication tags.
68
Why is Hopper suitable for constrained industrial devices?
It is tailored to low-end devices and does not require changing how packets are routed.
69
What does Hopper let each network node verify?
That each processed packet is part of a desired flow and was generated by an authorized host.
70
What is Hopper’s core idea?
Authentication tags are computed from derived keys that express communication capabilities.
71
How are Hopper authentication tags attached to packets?
A sender adds a tag consisting of multiple MACs to each packet.
72
How are Hopper keys distributed conceptually?
Keys are derived hierarchically in a PRF-based key forest with root keys, receiver keys, and flow keys.
73
What can be used in practice to implement Hopper’s PRF?
A block-cipher encryption operation can be used as the pseudo-random function.
74
How is a lower Hopper key derived?
A lower key is computed as PRF(upper key || key identifier).
75
Why can forwarding elements derive relevant incoming flow keys?
Because of the hierarchical structure of the key forest.
76
What determines the strength of a Hopper authentication tag?
The total tag length determines the security strength.
77
Why can individual Hopper MACs be short?
Because each MAC still uses a full-sized key, so key-recovery attacks remain virtually impossible.
78
Who verifies the full Hopper tag?
The receiver verifies the full tag because it can derive all relevant flow keys.
79
What do forwarding elements receive in Hopper?
They receive a subset of root keys.
80
What can a Hopper forwarding element do with its root keys?
It can derive the flow keys corresponding to those roots and drop packets with incorrect MACs.
81
How does the number of root keys affect Hopper?
Fewer root keys reduce tag size and processing overhead, but they increase the impact of a key compromise.
82
What is an intuitive Hopper key-distribution strategy?
Assign one root key per forwarding device.
83
What is the trade-off of one-key-per-device in Hopper?
It gives strong security but requires many keys.
84
What is manual key distribution in Hopper?
The same key is assigned to similar devices by manual design.
85
What are cover-free families in Hopper?
They are theoretical constructs used to minimize key overlap between devices.
86
What is random key distribution in Hopper?
Root keys are assigned to devices probabilistically.
87
Why is periodic rekeying important in Hopper?
It is standard practice and strictly enforces revocation of communication capabilities.
88
How can Hopper connect different networks?
Through translating gateways.
89
How does Hopper address legacy compatibility?
By using delegates, zones, overlays, and risk analysis of legacy protocols.
90
Why is remote access needed in industrial networks?
Because service contracts, distributed workforces, hard-to-reach field devices, commissioning, backups, alarm investigations, and compliance tasks require it.
91
Why is remote access described as a necessary evil?
Because it is operationally needed but also creates significant security risk.
92
What does remote access mean in this chapter?
Any communication through conduits to external zones.
93
What are the three remote-access types shown in the lecture?
Internet uplink, vendor remote support, and on-demand access.
94
What is Internet-uplink remote access?
Remote access passes through the dedicated Internet uplink and all deployed security measures.
95
What is vendor remote support?
Dedicated remote access for vendors over private lines or Internet uplinks.
96
What is on-demand remote access?
Ad-hoc remote access set up by vendors or contractors, for example over the phone.
97
Why is secure remote access still risky even when secure methods are used?
Because the underlying infrastructure is connected to public and untrusted networks such as the Internet.
98
Why is secure remote access still better than ignoring the need?
Because otherwise insecure workarounds are likely to emerge.
99
What is the basic and most popular remote-access solution?
A proxy or jump host.
100
What is a jump host typically used for?
It acts as an entrance point to a secured network.
101
What is a weakness of a simple jump-host setup?
Once access to the proxy is granted, the remote user may get overly broad access to internal devices.
102
What kinds of policies are often missing in weak jump-host setups?
Restrictions based on time of day, session length, access reason, or manager approval.
103
What is the first security consideration for remote access?
Provide only one dedicated path for remote access.
104
How should that dedicated remote-access path be controlled?
By specialized VPNs or remote-access servers limited to explicitly defined point-to-point secure channels from known entities.
105
Which access-control improvements are recommended for remote access?
Multifactor authentication and separate accounts specifically for remote access.
106
What does functional isolation mean for remote access?
Remote connections should be further segmented so they can reach only exactly the required devices and functions for a limited time.
107
Why should systems with remote access be isolated from others?
To reduce attack spread and enforce least privilege.
108
What is the role of application control for remote users?
It limits them to only the applications they are authorized to use.
109
Why should critical systems not be accessed directly over remote links?
Because remote access should be mediated through a DMZ and controlled infrastructure.
110
How secure should remote-access endpoints be compared to directly connected hosts?
They should have equal or stronger security.
111
Why should trusted ICS credentials not be stored on remote endpoints?
Because compromise of the endpoint would expose direct access credentials to the industrial environment.
112
Why is enforcing endpoint security especially hard with third parties?
Because the organization often has limited technical control over vendor or contractor systems.
113
What incident-handling capability should remote access provide?
The ability to terminate the remote connection immediately if anomalies are observed.
114
Why is logging important for remote access?
It records connection attempts and all activities performed by remote users for monitoring and incident response.
115
What is the first stage of the recommended two-stage remote-access authentication?
Authenticate to the VPN server using a dedicated remote-access account.
116
Why should the VPN account be separate from the target-domain account?
To avoid reusing trusted internal credentials on the outer remote-access layer.
117
What should remote-access rights be constrained to after VPN login?
They should be constrained to the proxy or jump host.
118
What is the second stage of two-stage remote-access authentication?
Authentication to the proxy or jump host with target-network credentials.
119
What should detailed remote-session logging capture?
Every step of the session, enabling real-time monitoring and post-hoc analysis.
120
Why is immediate session termination useful when logging remote sessions?
Because anomalies can be detected and the session can be stopped before further damage occurs.
121
Why is plain remote access unnecessary for file transfer only?
Because file transfer can be handled through dedicated file-transfer mechanisms instead of interactive access.
122
How is secure cross-zone file transfer realized in the lecture?
Using two file servers, one in each zone, with automatic synchronization and malware scanning.
123
How are files transferred between the two-zone file servers?
Data is written to a write-only directory, scanned for malware, and copied to a read-only directory on the other server.
124
Why are separate directories used in the file-transfer design?
To separate direction and user context and reduce confusion and abuse.
125
What is a data diode?
A data diode is a physically enforced one-way communication channel.
126
How can a data diode realize one-way communication physically?
For example by using only a single fiber-optic direction instead of a complete transmit/receive pair.
127
Why is a data diode called half an air gap?
Because it physically blocks return communication but still allows one-way transfer.
128
What security property does receive-only mode help protect in the more secure network?
It helps protect confidentiality by preventing data from leaving the secure network.
129
What security properties does transmit-only mode help protect in the more secure network?
It helps protect availability and integrity by preventing traffic from entering the secure network.
130
Why are data diodes considered bug safe and mistake safe compared to firewalls?
Because software bugs or configuration mistakes are less critical when no reverse physical path exists.
131
What practical problem do data diodes create for many industrial protocols?
Many industrial protocols require bidirectional communication, acknowledgments, and handshakes.
132
How can this protocol problem be handled with data diodes?
By placing agents around the physical diode so one side spoofs the expected feedback behavior.
133
When do diode agents work well?
They work only if no meaningful feedback to the application layer is needed for correct functionality.
134
What is the uncertainty limitation of data diodes?
The sender cannot know whether data was successfully received because acknowledgments are missing.
135
What is the inconvenience limitation of data diodes?
The sender cannot check the status of receivers.
136
What is the inflexibility limitation of data diodes?
The receiver cannot request what data should be sent or when it should be sent.
137
When should data diodes be used despite their limitations?
Only when strong security requirements justify their operational limitations.
138
Which three protocol properties are emphasized for constrained networks?
Efficiency, adequacy, and elasticity.
139
What does efficiency mean for a security protocol in constrained networks?
The protocol should avoid excessive overhead, extra packet flights, fragmentation, and unnecessary bandwidth consumption.
140
What does adequacy mean for a security protocol in constrained networks?
Its features should match the actual problem instead of carrying unnecessary ballast.
141
What does elasticity mean for a security protocol in constrained networks?
It should adapt to different scenarios and be extensible without breaking compatibility.
142
What is the bootstrapping-security problem statement in the lecture?
A new device arrives at a Layer-2 secured network and a gateway must authorize it to join.
143
What threat model is assumed for bootstrapping security?
A passive eavesdropper and an active brute-forcer.
144
Why must bootstrapping be lightweight?
Because constrained devices and networks have tight resource limits.
145
Why is configuration difficult during bootstrapping?
Because devices may have only minimal interfaces.
146
Why must bootstrapping scale well?
Because industrial and IoT deployments can contain high numbers of devices.
147
Why is network topology relevant for bootstrapping?
Because constrained environments are often multi-hop networks.
148
Why are standard public-key algorithms often problematic for constrained devices?
Because RSA, DSA, and classic Diffie-Hellman are too heavyweight computationally.
149
Why is elliptic-curve cryptography preferred in constrained environments?
Because it is computationally more lightweight than classic public-key alternatives.
150
Which elliptic-curve mechanisms are named in the lecture?
ECDH for key exchange and ECDSA for signatures.
151
What trade-off is mentioned for meeting stricter resource constraints with ECC?
Static ECDH can be used instead of ephemeral ECDH.
152
What is lost when static ECDH is used instead of ephemeral ECDH?
Forward secrecy is lost.
153
What is cryptographic agility?
The ability to flexibly negotiate and switch among cryptographic mechanisms or cipher suites.
154
What is the motivation behind cryptographic agility in the lecture?
To flexibly negotiate cipher suites.
155
Which end-to-end security protocols are explicitly shown as supporting agility?
TLS/DTLS, HIP, and IKEv2.
156
What kinds of identities can these protocols use?
Certificates or raw public keys.
157
Which key-establishment options are mentioned for these protocols?
Diffie-Hellman key agreement or public-key-encrypted shared-key agreement.
158
What protects application data after key establishment?
Symmetric-key cryptography protects the application data.
159
Why is cipher-suite negotiation useful in constrained networks?
Because it allows lighter cryptographic options such as elliptic-curve mechanisms to be selected.
160
Which protocols in the lecture also support pre-shared keys?
TLS/DTLS and IKEv2 also support pre-shared keys.
161
Why do secure connections occupy resources in constrained systems?
They require cryptographic material and state to be kept in memory.
162
Why are connections often closed in constrained devices?
To free resources.
163
What is the downside of reopening a secure connection without session resumption?
A full handshake is needed again, which increases bandwidth, latency, and computation.
164
What is session resumption?
An abbreviated handshake that reuses stored keying material to resume a secure connection.
165
What is shared-state session resumption?
Both client and server store their respective session state.
166
What is server ticket offloading?
The client additionally stores the server state needed for resumption.
167
What is client ticket offloading?
The server additionally stores the client state needed for resumption.
168
Why does the storage location of session state matter?
Because it changes which party bears the resource costs.
169
What coarse classes of resource constraints are listed for industrial devices and networks?
Limited computing resources, latency, bandwidth, storage or memory, and energy.
170
Why must secure communication design account for the most constrained devices?
Because industrial environments are highly heterogeneous and the weakest devices often determine practical feasibility.
171
What is delegation as a design pattern to reduce resource consumption?
It offloads expensive computations to a more powerful device.
172
Give an example of delegation mentioned in the lecture.
Certificate validation can be delegated to a stronger device.
173
What is the main drawback of delegation?
It requires a trusted device, which is not always a realistic assumption.
174
What is pre-validation in the delegation context?
The constrained device receives only already validated certificates.
175
How can revocation handling be separated in a delegation approach?
Other devices can check revocations so that the constrained device does not accept arbitrary certificates.
176
What is pre-computation as a design pattern?
Expensive security computations are performed ahead of time during less critical periods.
177
Why is pre-computation attractive in industrial settings?
Because critical processing often starts only after a sensor reading, while idle time may exist beforehand.
178
What are two limits of pre-computation?
Not all computations can be done ahead of time, and the overall workload is not reduced.
179
What is lightweight cryptography?
Cryptography designed to provide sufficient security at lower resource cost for constrained devices.
180
Why is lightweight cryptography controversial compared to standard crypto?
Because it is generally not as well tested as widely deployed standard cryptography.
181
What level of security is often accepted in lightweight cryptography?
Sufficient rather than maximal security, often with key sizes below 128 bits.
182
Why is lightweight cryptography often especially relevant for hardware implementations?
Because some algorithms such as AES may be acceptable in software but relatively expensive in hardware.
183
Name examples of lightweight-crypto approaches mentioned in the lecture.
ECC or NTRU for public key, Grain or Trivium for stream ciphers, Photon or Quark for hash functions, and CLEFIA, PRESENT, KLEIN, or LED for block ciphers.
184
What is minimal protocol design?
Protocols are designed to be as concise as possible.
185
What is a key ideal behind minimal protocol design for constrained systems?
A proxy should ideally be able to translate to standard Internet protocols.
186
Give two protocol-translation examples from the lecture.
6LoWPAN can be translated to IPv6, and CoAP can be translated to HTTP.
187
What is the major challenge when translating protocols in the presence of security?
Security properties can be difficult to preserve across translation.
188
What does efficient encoding or data aggregation try to achieve?
It reduces packet sizes and overall communication overhead.
189
How can custom encoding reduce overhead?
By using compact, application-specific data representations.
190
Why is aggregation difficult when data is encrypted?
Because encrypted data cannot easily be combined or interpreted without additional techniques.
191
What is optimistic security?
A design pattern that assumes received messages are genuine and delays some verification or protection to save resources.
192
Why can optimistic security not be used for safety-critical messages?
Because delayed verification is unacceptable for messages such as emergency shutdown commands.
193
What is selective packet authentication?
Only security-critical packets are authenticated or signed and validated.
194
Why would selective packet authentication save resources?
Because not all packets are protected equally, reducing expensive cryptographic operations.
195
What is batch or aggregated packet authentication?
Packets are authenticated and validated in groups to save operations at the cost of delayed verification.
196
What is the basic delegation-on-path gateway idea?
A trusted gateway translates between a special-purpose security protocol and a standard IP security protocol.
197
Why is an on-path translation gateway not ideal?
It introduces constant delay, requires a trusted middlebox, and is inflexible with respect to mobility.
198
What is the better delegation idea described after on-path translation?
A delegation server establishes ready-to-use security state and transfers it to the constrained device.
199
How is session resumption leveraged for delegation?
Offloaded state is later used by the constrained device to resume a session with an abbreviated handshake.
200
What is the first step in the delegation-with-session-resumption approach?
An out-of-band secret exchange, for example during bootstrapping.
201
What else is exchanged during bootstrapping in that approach?
The device’s supported cipher suites are also communicated.
202
What is the second step in delegation with session resumption?
A user triggers a handshake with state offloading.
203
What is the third step in delegation with session resumption?
The constrained device performs session resumption using the offloaded state.
204
Why is this attractive for constrained devices?
Because it avoids public-key cryptography during the abbreviated handshake.
205
What is antedated encryption?
Expensive encryption work is precomputed before the actual data to be protected is available.
206
Which cipher mode is used in the antedated-encryption example?
AES in CTR mode.
207
Why is CTR mode suitable for antedated encryption?
Because the keystream can be computed in advance and later XORed with the plaintext.
208
What operation is still needed online in antedated encryption?
Only the lightweight XOR of plaintext with the precomputed keystream is needed online.
209
Why is pre-computation harder for message authentication than for CTR encryption?
Because MAC computation often depends on the actual message and on previous blocks.
210
Which MAC mode is used as an example where pre-computation is hard?
AES CBC mode.
211
What is templating in precomputed authentication?
Known parts of the packet, such as headers or lengths, are preprocessed in advance.
212
How can packet reordering help with precomputed authentication?
Reordering packet parts can create additional savings, but it requires receiver support.
213
What is Compact TLS?
A compact version of TLS and DTLS derived from TLS 1.3 that saves space.
214
How does Compact TLS reduce size?
It omits TLS 1.2-related values, omits backward-compatibility fields, uses compact encoding, and can use application-specific templates.
215
What is one example of Compact TLS simplification?
Version negotiation can be omitted by limiting use to TLS 1.3.
216
How much handshake reduction is cited for Compact TLS?
The handshake is reduced from about 1158 bytes for TLS to about 279 bytes for Compact TLS in the example.
217
What is the downside of Compact TLS?
It is not directly interoperable with ordinary TLS or DTLS.
218
What problem does Talos address in the lecture?
It reduces message sizes in encrypted query processing for sensor data, especially with public-key cryptography.
219
Why does ECC help in Talos-like efficient encoding?
ECC uses shorter keying material because the underlying hard problem is stronger per bit.
220
Why is mapping payloads onto elliptic-curve coordinates feasible in the Talos example?
Because the payloads are typically small numbers, such as 32-bit integers, so lookup-based recovery is practical.
221
Why is retrofitting security necessary in industrial networks?
Because most industrial protocols lack native security features and replacing them is often unrealistic.
222
What are the two fundamental approaches for retrofitting security?
Custom security extensions and transport-layer security below the application protocol.
223
What does the transport-layer-security approach add to legacy protocols?
Authentication, integrity protection, and encryption below the application protocol.
224
Why can adding security functionality break legacy industrial protocols?
Because adding fields or handshake messages can violate compatibility with hosts and network devices.
225
Why is compatibility especially important in industrial environments?
Because devices have long lifetimes and are difficult to replace.
226
What is the example protocol used to discuss compatibility-preserving retrofits?
Modbus/TCP.
227
What is the core idea of repurposing protocol fields for security?
Reuse existing sender-controlled or legacy-unused fields to carry security information.
228
Which kinds of fields are candidates for repurposing?
Fields freely chosen by the sender or fields unused for legacy purposes in the specific deployment.
229
How much space can be obtained in the Modbus/TCP example while remaining mostly compatible?
Up to 36 bits can be reused while staying mostly compatible.
230
How can authenticity be added with repurposed protocol fields?
By embedding a variable-sized MAC into those repurposed fields.
231
How is replay protection addressed in the retrofit example?
With a nonce, an implicit sequence number on reliable transport, or synchronization bits for unreliable transport.
232
Where can retrofit MAC generation and verification be deployed?
Directly on devices, on gateways or bump-in-the-wire devices, and even by passive monitors.
233
Why is variable-sized MAC design a challenge?
Because secure MACs are normally much larger than the number of repurposable bytes found in legacy protocols.
234
What is the simplest way to obtain a shorter MAC?
Truncate the MAC.
235
What is the main trade-off of MAC truncation?
It saves bandwidth but reduces security.
236
What is MAC chaining or aggregation?
A single authentication value covers multiple messages instead of each message carrying a full MAC.
237
What are the trade-offs of aggregated authentication?
It saves bandwidth but can increase delay and complicate security properties.
238
What are ProMACs?
Progressive Message Authentication Codes that distribute or aggregate authentication over multiple messages using small tags.
239
How do ProMACs behave when a message first arrives?
Initially they give only limited security guarantees, similar to truncated tags.
240
How does security evolve in ProMACs?
As subsequent messages arrive, the guarantees progressively increase.
241
What is the main challenge in secure ProMAC design?
Dependencies must prevent attackers from selectively removing authentication information.
242
Why are many earlier ProMACs insecure on unreliable transport?
Because selective removal of messages can break their authentication dependencies.
243
What is the sandwich attack mentioned in the lecture?
Selective removal of two messages can create a gap that defeats the intended progressive authentication structure.
244
What are Golomb rulers used for in ProMAC design?
They provide dependency patterns with unique distances that give optimal fixed security guarantees.
245
What is a key security property of Golomb-ruler-based dependencies?
A packet drop reduces another message’s security by at most one tag.
246
What are g-Sidon sets in this context?
They generalize Golomb-ruler ideas so that each drop impairs at most g tags.
247
What is the overall trade-off in g-Sidon-set-based dependencies?
Slightly slower authenticity in exchange for guaranteed resilience to packet loss.
248
Which trade-offs must be tuned for progressive authentication?
Tag length, delay tolerance, and resilience to packet loss.
249
What is physical protection of industrial networks?
Any active or passive physical measures that limit physical access to assets in the industrial network.
250
What does physical security try to prevent in ICS?
Unauthorized physical access, modification, theft, destruction, observation, and introduction of malicious devices.
251
Why is physical access especially dangerous in OT?
Because physical access to a control room or control-system asset often implies logical access to the process-control system.
252
What is sender identification in this chapter?
A passive fingerprinting system that identifies a sender using unique device characteristics.
253
Give an example of a device characteristic used for sender identification.
Voltage characteristics are given as an example.
254
What is sender identification useful for?
It can raise alarms for unauthorized transmissions.
255
When is sender identification particularly attractive?
In extremely bandwidth-constrained environments or as an additional protection layer.
256
How should sender identification usually be positioned in a defense strategy?
As a complementary protection measure rather than a full standalone replacement.
257
Why do sender-identification methodologies need comparison?
Because they differ in hardware requirements, reliability, and operational trade-offs.
258
What can be done if sender identification is fast enough during transmission?
The message can potentially be invalidated during the transmission, for example in CAN by overlaying the dominant state.
259
What is the main challenge for automatic reaction based on sender identification?
The identification may not be 100% reliable.
260
Why might sender identification be better suited for detection than for automatic prevention?
Because uncertainty in identification can make aggressive automated reactions unsafe.
261
What is remote attestation?
A mechanism to verify the integrity of a remote device or system.
262
How are remote-attestation types classified in the lecture?
By how and where correctness of the integrity measurement is ensured.
263
What are the three remote-attestation types named in the lecture?
Hardware-based, software-based, and hybrid remote attestation.
264
What does hardware-based remote attestation rely on?
Trusted-computing hardware components.
265
What is the main advantage of hardware-based remote attestation?
It offers stronger security.
266
What is the main disadvantage of hardware-based remote attestation?
It requires additional hardware costs, space, and power.
267
What does software-based remote attestation rely on?
Cryptography, checksums, and timing measurements.
268
What is the main advantage of software-based remote attestation?
It needs no additional hardware.
269
What is the main disadvantage of software-based remote attestation?
Its security relies on stronger assumptions and is generally weaker.
270
What is hybrid remote attestation?
It combines minimal hardware changes with software-based techniques.
271
Why use hybrid remote attestation?
To combine advantages and reduce disadvantages of pure hardware- and software-based approaches.
272
Why are security and vulnerability assessments needed?
Because security controls must be verified and networks and vulnerabilities change over time.
273
What concrete configuration questions do assessments answer?
Whether access rules are correct, whether open ports and reachable services are intended, and whether the network is still adequately secured.
274
What changes can invalidate a previously secure industrial network?
New devices, process changes, changed communication, and newly discovered vulnerabilities or broken primitives.
275
What do security and vulnerability assessments do in practice?
They perform tests to discover devices, identify configuration, and check for known vulnerabilities.
276
What is network scanning?
Identification of network configuration and discovery of devices connected to the network.
277
What is vulnerability scanning?
Executing scans on discovered devices to find security weaknesses.
278
What is log review?
Inspecting system and security logs for traces of vulnerabilities or suspicious conditions.
279
What is integrity checking?
Reviewing system files using checksums and hash values to reveal tampering.
280
Why are industrial systems difficult to assess thoroughly?
Because safety and operational availability constrain testing.
281
Why can assessments themselves be risky in ICS?
Because they place additional load on systems and may behave partly like attacks.
282
What real-world consequence can a careless ICS assessment have?
It can trigger unsafe behavior, outages, or product loss.
283
Why do online tests provide strong security assurance?
Because they run in the real industrial network and physical process.
284
What limits online security testing in ICS?
Careful planning, scheduling, rules of engagement, and the need to avoid disruption.
285
Why do online tests still leave uncertainty?
Untested parts may still contain unknown vulnerabilities.
286
Why are offline laboratory tests common in ICS security?
Because real systems are too sensitive to availability and performance impacts.
287
What is the limitation of offline laboratory tests?
They reproduce only part of the ICS, so results depend on the fidelity of the mockup.
288
What is closed-box testing?
Testing performed without substantial system knowledge.
289
What is an advantage of closed-box testing?
It can approximate a realistic attacker view and does not require disclosing sensitive information to the test team.
290
What is a disadvantage of closed-box testing?
It may fail to expose all vulnerabilities and may underestimate attacker knowledge.
291
What is open-box testing?
Testing performed with substantial system knowledge.
292
What is an advantage of open-box testing?
It can reveal more vulnerabilities and provide stronger assurance.
293
What is a disadvantage of open-box testing?
It requires disclosing sensitive information to the test team.
294
What is active network analysis?
It injects probe traffic into the industrial network to analyze behavior and configuration.
295
What is passive network analysis?
It observes existing traffic without injecting probes.
296
What is a strength of active analysis?
It gives control over probe traffic and can test scenarios that rarely or never occur naturally.
297
What is a limitation of active analysis?
It may overload systems and usually does not reveal real usage patterns.
298
What is a strength of passive analysis?
It observes real traffic without interfering with the system.
299
What is a limitation of passive analysis?
It only sees what naturally occurs and can suffer from privacy, security, or vantage-point bias.
300
What host-based passive-analysis tools are mentioned?
netstat and tcpdump.
301
What does netstat provide in this context?
Statistics about network activities such as open ports.
302
What does tcpdump provide in this context?
It records traffic, for example on selected ports.
303
What are network-based passive-analysis mechanisms?
Passive sensors such as mirror ports, T-pieces, or WiFi/radio sniffers.
304
What is industrial network scanning?
An active-analysis method to gather information about devices present in an industrial network.
305
What are the main goals of industrial network scanning?
To discover active hosts and identify which services are being offered.
306
Why should industrial network scanning not be confused with vulnerability scanning?
Because scanning identifies devices and services, while vulnerability scanning tests for weaknesses.
307
What is Nmap?
A tool used to discover hosts and services on a network and build a map of the network.
308
What does Nmap do fundamentally?
It sends packets to hosts and analyzes responses.
309
Name core Nmap features mentioned in the lecture.
Operating-system detection, open-port identification, version scanning, ARP scanning, and adaptability to latency and congestion.
310
What is the Nmap Scripting Engine?
An extensibility mechanism using simple Lua scripts for automating networking tasks.
311
What is host discovery in Nmap?
Identifying which devices on a network exist or are alive.
312
What is port scanning in Nmap?
Enumerating open ports on target devices.
313
What is service and version detection in Nmap?
Determining which service and which version are running on an open port.
314
What is operating-system detection in Nmap?
Remotely determining the OS, version, and some hardware characteristics of a device.
315
What is the goal of host discovery?
To find active IP addresses and create the first step of a topology map.
316
What is an ICMP sweep?
Host discovery using ICMP echo request and reply messages.
317
What are pros and cons of ICMP sweeps?
They are easy to implement but fairly slow and easy to block.
318
What is broadcast ICMP discovery?
Sending an echo request to a network or broadcast address.
319
Why is broadcast ICMP often ineffective?
Windows ignores it and most routers block it.
320
What is non-echo ICMP discovery?
Using other ICMP messages such as timestamp or address-mask requests.
321
What is a TCP sweep?
Host discovery using TCP ACK or TCP SYN packets to popular ports.
322
Why can TCP-sweep results be unreliable?
Because firewalls may spoof TCP reset packets.
323
What is a UDP sweep?
Host discovery that relies on ICMP port-unreachable responses.
324
Why can UDP sweeps be unreliable?
Because routers or firewalls may block UDP or the resulting ICMP errors.
325
How does Nmap classify ports during scanning?
As open, closed, filtered, or unfiltered.
326
What is a TCP connect scan?
A classic port scan using a full TCP three-way handshake.
327
What is a main downside of TCP connect scans?
They are easily visible in log files.
328
What is a TCP SYN scan?
A half-open scan that sends SYN packets without completing the full connection.
329
Why are TCP SYN scans popular?
They are fast and harder to detect, though they require root privileges.
330
What is an idle scan?
A scan that exploits IP fragment identification through a third-party host to hide the attacker’s IP.
331
What is an FTP bounce scan?
A scan that misuses an FTP server to perform scanning indirectly.
332
Why is FTP bounce scanning uncommon?
It is slow and only rarely works today.
333
What database does Nmap use for service and version detection?
The nmap-service-probes database.
334
What does OS fingerprinting rely on in Nmap?
Differences in IP-stack behavior such as flag handling, sequence numbers, windows, ICMP behavior, and fragmentation details.
335
What does testssl.sh assess?
TLS server configuration, supported ciphers, preferred ciphers, certificate validity, and known vulnerabilities such as Heartbleed.
336
Why can testssl.sh be problematic in industrial environments?
It causes many TLS handshakes and can put significant load on the host.
337
Why are trust anchors a challenge when assessing industrial TLS deployments?
Because the certificate trust basis is often unclear in industrial environments.
338
Name some industrial-network-specific scanners mentioned besides Nmap.
Redpoint scripts, nmap-scada scripts, PLCSCAN, mbtget, Snap7, and SCADA tools.
339
What does PLCSCAN do?
It scans for PLCs, especially on Siemens and Modbus ports, and tries to extract information such as firmware versions and modules.
340
Why can active probing be dangerous in industrial networks?
It can overload hosts or networks and effectively cause denial of service.
341
What are best practices for scanning industrial networks?
Throttle probing, spread load, include contact information, and keep exclusion lists.
342
What Nmap timing recommendation is explicitly given for ICS?
Use a scan delay so only one port is scanned at a time.
343
Why does the lecture recommend TCP scans instead of SYN scans for ICS?
Because half-open scanning is less desirable in fragile industrial networks.
344
Why should UDP scans generally be avoided in ICS scanning?
Because they can create unnecessary load and unreliable behavior on fragile devices.
345
Why should fingerprinting be avoided during cautious ICS scans?
Because it can stress fragile hosts and increase operational risk.
346
Why should scripts be selected manually in ICS scanning?
Because broad default script sets can be too aggressive.
347
What does vulnerability scanning produce at a high level?
A prioritized list of vulnerabilities based on their criticality and impact.
348
How is vulnerability scanning related to risk assessment?
It is similar in spirit because findings are prioritized according to likely impact on system objectives.
349
What do vulnerability scanners rely on?
They rely on vulnerability databases and test definitions for known weaknesses.
350
Why are vulnerability scanners imperfect?
Their results are only as good as the database, so false positives and false negatives occur.
351
Why are human attackers often more dangerous than automated scanners?
Because humans can reason beyond database-driven signatures and combine techniques creatively.
352
What is the role of exploitation frameworks compared to vulnerability scanners?
They help verify whether a discovered vulnerability is really present and exploitable.
353
Why are exploitation frameworks useful in penetration testing?
Because they can actually launch exploits to validate scanner results.
354
What is OpenVAS?
An open vulnerability assessment scanner for identifying vulnerabilities in networks and hosts.
355
What protocols can OpenVAS handle according to the lecture?
It supports various high-level and low-level Internet and industrial protocols.
356
What are OpenVAS NVTs?
Network Vulnerability Tests that define what to test and how to test it.
357
How often is the OpenVAS feed updated according to the lecture?
It is updated daily.
358
Which external tools and expertise does OpenVAS leverage?
Nmap, ncrack, and web-application audit tools such as w3af, arachni, and wapiti.
359
Which standards and taxonomies are referenced in the OpenVAS ecosystem?
CVE, CVSS, CPE, OVAL, and IT-Grundschutz.
360
What is an authenticated OpenVAS scan?
A local security check using credentials such as SSH, Samba, or Windows Management Instrumentation.
361
What can authenticated scans verify better than unauthenticated scans?
Missing updates and correctness of configuration.
362
What is an unauthenticated OpenVAS scan?
An active measurement approach using network scanning, credential brute force, and web-application auditing.
363
Why should both authenticated and unauthenticated scans be used?
Because together they give a more comprehensive security picture.
364
What industrial support does OpenVAS include?
NVTs that detect PLCs, extract firmware versions, and search for common PLC vulnerabilities.
365
What cautious workflow is recommended before a full OpenVAS scan in OT?
Start with discovery-only scans and then gradually add port scanning and service detection.
366
What timing settings are recommended for OpenVAS in OT?
Use polite timing, disable parallel requests per host, and add delay between requests.
367
What is Metasploit?
A penetration-testing framework for developing and executing exploit code against remote machines.
368
What four major module types does Metasploit provide?
Scanners, exploits, payloads, and encoders.
369
What does an exploit module do?
It leverages a particular vulnerability.
370
What does a payload do in Metasploit?
It is the code executed through the exploit, such as a remote shell or desktop.
371
What do encoders do in Metasploit?
They encode or obfuscate payloads to hinder detection.
372
Why can security teams use Metasploit ethically?
To proactively identify and validate vulnerabilities in their own systems.
373
What must be selected when configuring a Metasploit exploit?
Operating system or application version, target IP and port, payload type, and encoding.
374
What is a bind shell payload?
It opens a port on the exploited host and offers an unauthenticated shell there.
375
What is a reverse shell payload?
It makes the exploited host connect back to the attacker-controlled server and offer a shell.
376
What is a remote-desktop payload?
It creates remote desktop access using technologies such as VNC, RDP, or X11.
377
What is Meterpreter?
An advanced payload with post-exploitation modules such as keylogging, sniffing, and screen capture.
378
What does the Metasploit database track?
Activities, scans, discovered hosts, ports, services, and imported results.
379
What are Metasploit workspaces?
A way to organize assessment data into separate contexts or projects.
380
How does Metasploit integrate with Nmap?
Nmap results can be imported directly to populate the Metasploit database.
381
What is the purpose of an exploit module’s 'check' option?
It tests whether the target is vulnerable without immediately launching a full exploit.
382
What industrial-specific Metasploit functionality is mentioned?
Modbus client utilities, SCADA scanners, SCADA administration and DoS modules, and Windows SCADA exploits.
383
Why are standard interfaces on PLCs still relevant in pentesting?
Because many industrial devices expose services such as HTTP or FTP that may be exploitable.
384
What is the overall takeaway from security and vulnerability assessments?
They are necessary practical tests to verify secure configuration and identify remaining weaknesses, but they must be performed very carefully in OT.
Industrial Network Security
flashcards
Decks in class (6)
# Cards
