ICS-SCADA Cyber Security: ICS-SCADA Cyber Security

Ingress filtering is a method used in network security to ensure that incoming packets are allowed or blocked based on a set of security rules.

This type of filtering is often implemented at the boundaries of networks to prevent unwanted or harmful traffic from entering a more secure internal network.

The term 'ingress' refers to traffic that is entering a network boundary, whereas 'egress' refers to traffic exiting a network.

Reference

Cisco Networking Academy Program: Network Security.

'Understanding Ingress and Egress Filtering,' Network Security Guidelines, TechNet.

In the context of physical to logical asset protection in network security, several threats can be directed against the network, including:

Elevation of Privileges: Where unauthorized users gain higher-level permissions improperly.

Flood the Switch: Typically involves a DoS attack where the switch is overwhelmed with traffic, preventing normal operations.

Crack the Password: An attack aimed at gaining unauthorized access by breaking through password security. All these threats can potentially compromise the network's security and the safety of its physical and logical assets.

Reference:

CompTIA Security+ Guide to Network Security Fundamentals.

An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious activities or policy violations and can perform several functions:

Monitor: Observing network traffic and system activities for unusual or suspicious behavior.

Detect: Identifying potential security breaches including both known threats and unusual activities that could indicate new threats.

Respond: Executing pre-defined actions to address detected threats, which can include alerts or triggering automatic countermeasures.

Reference:

Cisco Systems, 'Intrusion Detection Systems'.

The Authentication Header (AH) in the context of IPsec has a fixed header portion of 24 bits and a mutable part that can vary, but when considering the fixed structure of the AH itself, the width is typically considered to be 32 bits at its core structure for basic operations in providing integrity and authentication, without confidentiality.

Reference:

RFC 4302, 'IP Authentication Header'.

The maximum transmission unit (MTU) for Ethernet, which is the largest size of an Ethernet packet or frame that can be sent over the network, is typically 1500 bytes. This size does not include the Ethernet frame's preamble and start frame delimiter but does include all other headers and the payload. Ethernet's MTU of 1500 bytes is a standard for most Ethernet networks, especially those conforming to the IEEE 802.3 standard.

Reference:

IEEE 802.3-2012, 'Standard for Ethernet'.

IEC 62443 defines multiple security levels (SLs) tailored to address different types of threats and attackers in industrial control systems.

Security Level 4 (SL4) is designed to protect against sophisticated attacks by adversaries such as hacktivists or terrorists. SL4 involves threats that are targeted with specific intent against the organization, using advanced skills and means.

This level assumes that the adversary is capable of sustained and focused efforts with significant resources, including state-level actors or well-funded groups, aiming at causing widespread disruption or damage.

Reference

IEC 62443-3-3: System security requirements and security levels.

'Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems,' by Eric Knapp.