2012 CIP Spring Compliance Workshop May 7-11. Testing, Ports & Services and Patch Management

Similar documents
Notable Changes to NERC Reliability Standard CIP-010-3

Standard CIP Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management

Patch and Vulnerability Management Program

CIP R1 & R2: Configuration Change Management

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Reclamation Manual Directives and Standards

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Service Description Remote Yearly Maintenance of Dell PowerEdge Servers and PowerVault Storage

Cyber Security Compliance (NERC CIP V5)

NERC CIP VERSION 5 COMPLIANCE

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

GE Measurement & Control. Cyber Security for NERC CIP Compliance

BSM for IT Governance, Risk and Compliance: NERC CIP

Best Practices for Cyber Security Testing. Tyson Jarrett Compliance Risk Analyst, Cyber Security

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Notable Changes to NERC Reliability Standard CIP-005-5

Patch Management Policy

CIP Ben Christensen Senior Compliance Risk Analyst, Cyber Security

Office of Information Technology Hosted Services Service Level Agreement FY2009

Industrial Security for Process Automation

GE Measurement & Control. Cyber Security for Industrial Controls

NERC CIP Tools and Techniques

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Information Shield Solution Matrix for CIP Security Standards

TOSM Server Backup Service

Patch Management. FITS OM Directory Services Administration Contents. Key

Managed Services OVERVIEW

Virtualization and Cloud Computing

Patching & Malicious Software Prevention CIP-007 R3 & R4

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

SUSE Manager. A Comprehensive Linux Server Management the Linux Way. Name. Title

NERC CIP-007 v. 5 Patch Management: Factors for Success

Safety Share Who is Cleco? CIP-005-3, R5 How What

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Lessons Learned CIP Reliability Standards

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

A Decision Maker s Guide to Securing an IT Infrastructure

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

NERC CIP Compliance Gaining Oversight with ConsoleWorks

A Rackspace White Paper Spring 2010

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist

Acronis Backup & Recovery 11.5

Proactively Managing Servers with Dell KACE and Open Manage Essentials

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

IT Networking and Security

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Critical Controls for Cyber Security.

Best Practices. Understanding BeyondTrust Patch Management

Eric Weston Compliance Auditor Cyber Security. John Graminski Compliance Auditor Cyber Security

CYBER SECURITY. Is your Industrial Control System prepared?

CDH. Microsoft System Center Configuration Manager & Mobile Device Management

Industrial Control Systems Security Guide

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Internal Controls And Good Utility Practices. Ruchi Ankleshwaria Manager, Compliance Risk Analysis

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE. Computer Basics and Virtual Machines.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Technology Solutions for NERC CIP Compliance June 25, 2015

Patch Management Integration

Summary of CIP Version 5 Standards

Testing Control Systems

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Cyber Security Standards Update: Version 5

vcloud Automation Center Support Matrix vcloud Automation Center 5.1

EMC Smarts SAM, IP, ESM, MPLS, NPM, OTM, and VoIP Managers Support Matrix

Intro to Patching. Thomas Cameron, Chief Architect, Western US, Red Hat twitter: thomasdcameron IRC: choirboy on Freenode

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

ServerView Integration Pack for Microsoft SCCM

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

MANAGE VULNERABILITIES

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

How to install software on VMware ESXi 4.0/4.1

Developing A Successful Patch Management Process

GOALS. Server Management Program Review / Training. To Review SMP structure, requirements, logistics. To increase quality and benefit of documentation

ALTIRIS Deployment Solution 6.8 PXE Overview

vcloud Automation Center Support Matrix vcloud Automation Center 5.2

Secondary DMZ: DMZ (2)

Information and Communication Technology. Patch Management Policy

Windows Server 2003 End of Support. What does it mean? What are my options?

Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions

Software Vulnerability Assessment

Patch Management. Module VMware Inc. All rights reserved

Privileged Access Management with ConsoleWorks. A unified in-band and out-of-band solution. Solution Brief

Transcription:

2012 CIP Spring Compliance Workshop May 7-11 Testing, Ports & Services and Patch Management

Purpose This presentation provides an overview of the CIP-007-3 R1 Test Procedures which includes a discussion on related requirements: (R2) Ports and Services and (R3) Security Patch Management. 2

Agenda Testing Overview Identifying assets to be tested Developing and documenting test procedures Defining adversely affects existing cyber security controls Minimizing adverse effects on production systems 3

Agenda What is a significant change? Testing for ports and services Disabling unused ports and services Mitigation of ports and services that cannot be disabled Patch testing 4

CIP-007-3 R1 Test Procedures The Responsible Entity shall ensure that new Cyber Assets and significant changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely affect existing cyber security controls. 5

Significant Changes Includes all parts of a system including, but not limited to: Firmware for the system and any peripherals such as Network Interface Cards Operating system(s) Drivers Third party applications running on the system May include hardware such as motherboards or hard drives that have been replaced on a failed system must be tested 6

Identifying Changes for Testing Any new Cyber Assets within the Electronic Security Perimeter (ESP), as well as EACMs, and PACS. Any existing Cyber Asset that is eligible for: implementation of security patches cumulative service packs vendor releases version upgrades of operating systems, applications, database platforms, or other third-party software or firmware 7

Other Considerations Replacement of an existing Cyber Asset Does the replacement Cyber Asset contain BIOS, system, or other versions of hardware/software that has not been tested in your environment? Any other identified change that may adversely impact the security controls Consider performing a risk analysis 8

Minimizing Adverse Affects to Cyber Security Controls CIP-007-3, R1.1 The Responsible Entity shall create, implement, and maintain cyber security test procedures in a manner that minimizes adverse effects on the production system or its operation. 9

Adverse Affects to Cyber Security Controls Ensure that any new system or patches do not negatively impact security controls The new system or patch should not: Disable any configured security control already in place Introduce new vulnerabilities Modify access privileges Override configured monitoring and logging controls Open previously closed ports or create new services Send out new traffic that affects the environment 10

Testing for Adverse Affects Perform Network Packet Analysis in test environment Perform a vulnerability assessment For new patches or system software Look at your CIP-003-3, R6 Change Control and Configuration Management program for guidance Have any configuration files, registry keys, or other system variables changed (CIP-009-3, R4)? 11

Baselining Systems The following method may assist in identifying whether a change causes any adverse affects to your environment: Create a baseline network packet capture, ports/services scan, and system configuration of existing system or environment Create a post-installation capture of network traffic and system configuration Compare the above to determine the impact of the change(s) to existing cyber security controls. 12

Ports and Services Identify ports used for Normal and Emergency Operation Disable any unnecessary ports and services When introducing new systems, attempt to shutdown unnecessary services to determine impact (i.e. Windows Search, httpd, etc) Disable any ports configured for the purpose of testing 13

Ports and Services Uninstall unnecessary software Do you really need Internet Explorer on a system that shouldn t be accessing the Internet? In cases where unused ports and services cannot be disabled due to technical limitations, document the compensating measures applied to mitigate risk exposure and prepare any required TFEs 14

Test Procedures Develop test procedures for each system type Operating Systems Virtual environments such as VMWare or Citrix If patching a hypervisor, are you testing the virtual hosts running on the hypervisor? Network and security systems 15

Test Procedures Develop procedures for each application running on the system Ensure that any security controls on these applications are functional Each test procedure should identify an expected successful results 16

Testing Environment CIP-007-3, R1.2 The Responsible Entity shall document that testing is performed in a manner that reflects the production environment Change control window Consider documenting a process that ensures that any failed changes are capable of being backed out 17

Documenting Results CIP-007-3, R1.3 - The Responsible Entity shall document test results. What did you find? Were the results as expected? How did you mitigate any newly introduced security issues? Does it require a TFE? Should you update your documentation? (CIP-003-3, R3, CIP-008-3, CIP-009-3) 18

Patch Management Tracking Patches Three ways: Manual Monitoring Mailing lists and a spreadsheet Through OS Management Tools Red Hat Enterprise Linux Spacewalk Windows Management Interface (WMI), Group Policy Objects (GPOs), and Windows Software Update Services (WSUS) Third-party software or services 19

Evaluating Patches Track patches for ALL applications in the environment You must demonstrate that you have evaluated security patches and upgrades for applicability, within 30 days of the availability of the patch or upgrade Document and schedule implementation Best practices perform risk analysis if you are delaying implementation 20

Documenting Patch Implementation Document when you implement the patch Keep a running log for each patch type Operating system Application Other If you do not install a patch: Document compensating and mitigating measures to minimize your risk exposure Consider filing a TFE 21

Supply Chain Management Do you know where your suppliers get their products? Consider wiping and reinstalling OS on new equipment Ensure your patches or system upgrades come from a trusted source Consider a policy that dictates where your administrators get their patches and upgrades 22

Questions? 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information