How to mitigate three common industrial network vulnerabilities
By Felipe Sabino CostaAutomation Machine Building
Strategies for hardening industrial systems to mitigate damage at each stage of an intrusion.
Since industrial networks are primarily built and expanded to address growing business demands, it may be easy for administrators to overlook common system vulnerabilities. For example, when adding a device to a network, do you know which Ethernet switches have unlocked ports or do you simply connect new devices without a second thought?
In today’s world, ignoring common vulnerabilities could put your entire network at risk.The following scenarios summarize common system vulnerabilities that may be exploited during the three main stages of a cyberattack: exploration, utilization and attack.
Stage 1 Vulnerabilities: Exploration and Infiltration Recall the last time you logged onto your network. How complex was your password? Weak passwords may be easier for busy administrators to remember, but they are also easier for malicious actors to crack. Making it easy attackers to guess login credentials is like putting the keys to your house in an obvious location.
Attackers commonly exploit open ports on networks. For instance, Ethernet switches act as gates through which information is sent and received on networks. By scanning your network, hackers can identify open ports and infiltrate your network just like a burglar entering through an unlocked door.
How to Mitigate
One of the simplest ways to enhance network security is to ensure users create sufficiently complex passwords. For additional security, you should also consider a login failure lockout mechanism that limits the number of unsuccessful login attempts, which may indicate a brute-force attack. To protect your network from port scanning, you can create a whitelist of ports that are accessible through your firewall and also disable WAN pinging.
For example, a hacker may be using various scanning tools to learn about your network topology so they can find their next target and access or control more devices. The attacker can even use command injection to bypass authentication requirements or grant themselves higher levels of user privileges to execute prohibited commands and commandeer network devices.
How to Mitigate
To limit the attacker’s ability to move throughout your network and commandeer your devices, we recommend network segmentation and traffic control. For example, you should partition your network into smaller segments and control the communications that pass through these segments. In addition, deploying whitelist control to prevent command injection can also limit the severity of a security breach.
Stage 3 Vulnerabilities: Services and Data Disruption Stealing or destroying critical business data from networks will be costly and harmful to any organization. However, these malicious actions are far from the worst case scenario. During the last stage of a cyberattack, the hacker is no longer studying networks but actively causing damage.
In stage 3, the hacker could make a machine or network resource unavailable by temporarily or indefinitely disrupting services on a host. This is typically called a Denial of Service (DoS) attack, which involves overloading a targeted machine with pings.
Furthermore, a hacker could unleash malware, including ransomware to deny you access to your network resources until a ransom is paid.
How to Mitigate
Although damage has already been done by stage 3, overall harm can still be mitigated the overall harm by ensuring sufficient DoS protection and deploying industrial IPS for ransomware and other malware. You should also maintain reliable system backups and blacklist unauthorized protocols to minimize data loss.
With cyberattacks targeting more and more industrial networks, it is crucial to identify and mitigate system vulnerabilities before these weaknesses are exploited by those who intend to do harm. There are two directions you can take to enhance network security.
One is to ensure that your industrial networks have a foundation–secure network infrastructure, which allows authorized traffic to flow to the correct places. Alternatively, you can identify critical assets and give them layered protection, such as industrial IPS or whitelisting control.
Felipe Sabino Costa is a LATAM Industrial Cybersecurity (IACS) Expert at Moxa.