Stay safe, stay ST Secure
All computers connected to the control network should only run applications and essential services to perform the designed control functions. Non-essential services or applications provide additional attack surfaces for hackers to exploit. Here is what we do at Swinton Technology to how to eliminate these dangers to client systems.
Disabling Non-Essential Software Applications and Services
From a security perspective, all computers connected to the control network should only run applications and essential services to perform the designed control functions. Non-essential services or applications provide additional attack surfaces for hackers to exploit. The typical problems may include bugs in the code, open network ports, flaws in the underlying libraries and network protocols. It is therefore essential to remove or disable non-essential services and applications.
Removing and Disabling Non-Essential Services
Control systems vendors should carry out an internal assessment at the design stage to identify services required to perform control functions. Any other services should then be disabled. Alternative solutions should be utilised if any services are deemed required but insecure, such as services that transfer data in plaintext. Individual assessments need to be carried out independently for every system, as some requirements vary depending on the functionality (such as a requirement for OPC connectivity or remote access).
Removing Non-Essential Applications
Similarly, as in the case of services, any non-necessary applications should be uninstalled before the internal and factory acceptance testing. This especially applies to workstations running Windows 10, which comes preinstalled with a lot of unwanted applications. In such cases, special editions of the Windows operating system should be considered (e.g. LTSC – long term support channel).
For new systems, these actions should be completed at the factory before the installation and commissioning. It is equally important to implement such controls for older systems, which were not designed with security in mind. However, this may require additional testing in a non-production environment to ensure that the critical control functions are not jeopardised in the process.
Once unnecessary services and applications are disabled or uninstalled, it is equally important to continually monitor the systems for any changes, to ensure no rogue applications or services are installed. This can be typically achieved by:
- Performing periodic audits of services and applications and comparing the current state of the system with the “master” record, this can be either done manually or with the use of dedicated tools or scripts.
- Installation of whitelisting software that monitors the system continuously for any changes, blocks any unauthorised installation attempts and provides automatic logging and reporting functionality.
All Swinton Technology systems undergo a thorough assessment at the design and implementation stage.
Our experienced CompTIA Security+ certified engineers can also support customers in auditing the existing systems to help identify any areas requiring improvement. If you would like to find out more about how we can support your system and prevent attacks, contact us today.