In June 2010 was detected Stuxnet, a computer worm designed to attack industrial SCADA, motorization and control systems. It was the first known virus that allowed access to PLC and the reprogramming of these. This malware allowed to infiltrate Siemens WinCC programs (one of software most used in the industry). It is possible that the target was some industry criticism as a nuclear power plant. That is why systems industriasles (ICS) have been forced to be forewarned against malicious attacks.
Prevention first is human, the user, who is in front of the machine must have certain knowledge to avoid being infected. It is important to highlight that an antivirus is not perfect that a firewall is vulnerable and that any system can be target of a hacker. The first gateway is the naivety of the user, whether a computer home or an industry. I have always made have put the following example:
«A computer is as a House, if leave the key implementation provide the work to the thief to enter.» «The problem is that much people not knows that is leaving the key of the door of the computer put or open»
More common is often called «social engineering» is so to speak, the rogue computer. From a friend who asks you the key to your facebook to look at something and thus makes an unethical use up to an email from your «so-called Bank» that you must give them passwords because they have lost them. Always wary of giving keys to nowhere, also use different keys in each internet site that we register, since in many ask us the e-mail and the password, if this is the same as the own mail that we’ve given, could gossip we all emails.
But the subject matter, we will discuss industrial antivirus, there are several brands, but we highlight CIM a tool of Phoenix Contact, one of the brands best known in industrial environments. They used to not parcheables systems, i.e. systems where the manufacturer has given them such which and they must not be modified or outdated operating systems, also for equipment that may not have anti-virus because they would consume many resources. This software does not detect viruses like any other, detect changes in files of Windows .exe or. dll. It creates a database of files and you are checking that they have not been modified. In case contrary sends an email to check a possible malware.
There are applications that enable external antivirus runs on industrial PCs, in moments where they are not being used, it must be emphasized that many times these PCs not can be turned off, and the antivirus applications require updates.
Good practices the use of antivirus:
- Antivirus management:
- Definition of security policies: application of signatures time requirements.
- Definition of procedures: testing signatures before pre-production equipment. Distribution gradual of the signatures.
- Antivirus signature distribution architecture:
- Distribute updates using an own updates server.
- The update server must be located in the DMZ semiconfiable.
- OpenSolaris systems:
- Reduce the attack surface by disabling unnecessary services
- Activate them records of audit to identify behaviors anomalous
- Principle of the minimum privileges, run the services with non-privileged users
- Control of access to the network:
- Limit the access to the network implementing NAC 802.1 x achieving so equipment not belonging to the organization access to the network.
- Monitor attempts to access the network with the aim of identifying unauthorized connection attempts to the network of industrial control.
- Control of devices external:
- To limit virus infections, limit the use of USB devices using the operating system settings.
- When it is necessary to use, force encryption.