Blue Coat ICS PROTECTION Scanner Station Version

Similar documents
Decrypt Inbound SSL Traffic for Passive Security Device (D-H)

Blue Coat Security First Steps. Solution for HTTP Object Caching

Blue Coat Security First Steps Solution for Controlling HTTPS

Blue Coat Security First Steps Transparent Proxy Deployments

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Blue Coat Security First Steps Solution for Recording and Reporting Employee Web Activity

Web Application Classification Feature

Blue Coat Security First Steps Solution for Streaming Media

Blue Coat Security First Steps Solution for Controlling Web Applications

SECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

NEXT GENERATION SECURE WEB GATEWAY: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

WAN OPTIMIZATION FOR MICROSOFT SHAREPOINT BPOS

Blue Coat Systems. Client Manager Redundancy for ProxyClient Deployments

Security Report. Security Empowers Business DO NOT ENTER. Blue Coat Research Maps the Web s Shadiest Neighborhoods. September 2015

Blue Coat Security First Steps Solution for Integrating Authentication

A TECHNICAL REVIEW OF CACHING TECHNOLOGIES

VIRTUALIZED SECURITY: THE NEXT GENERATION OF CONSOLIDATION

Content Analysis System Guide

SNMP Critical Resource Monitoring

Reverse Proxy Deployment Guide

Integrating the ProxySG and ProxyAV Appliances. For SGOS 6.5 and later and AVOS 3.5 and later

BOOSTING INTERNET ACCESS LINK PERFORMANCE WITH BLUE COAT WAN OPTIMIZATION TECHNOLOGIES

Policy Guide. Version 6.8.2/Doc Revision: 10/23/15

Blue Coat Cloud Data Protection Server Administration Guide

IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES

Administration Guide. Content Analysis x

Blue Coat ProxySG Authentication Guide. SGOS 6.5.x

Initial Configuration Guide

Proxy Forwarding Access Method

Proxy Forwarding Access Method

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS

Secure Web Gateway Virtual Appliance Initial Configuration Guide Platform: VMware vsphere Hypervisor

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

BCAAA 6.1 Service Requirements

Blue Coat Systems. PacketShaper Redundant Setup

ProxySG 510/810 Series. Hard Disk Drive Installation

Security Empowers Business

Blue Coat Systems Cloud Security Service Overview. Blue Coat Cloud Security Service (ThreatPulse)

Products & Services. Security Empowers Business SHIFT FORWARD. Security powers business acceleration.

EXPLORING ADVANCED THREATS

BLUE COAT SYSTEMS 2014 MOBILE MALWARE REPORT

REVOLUTIONIZING ADVANCED THREAT PROTECTION

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM

Unified Agent Access Method

Installation Guide Wireless 4-Port USB Sharing Station. GUWIP204 Part No. M1172-a

SSL Proxy Deployment Guide

SV800 and SV1800 Getting Started Guide

SNMP Monitoring with Cacti

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version /12/13. Product Information. Version & Platform SGOS 6.

F-Secure Client Security. Administrator's Guide

Exchange Security. User Manual

COMPUTER SETUP GUIDE LAPTOP

Blue Coat Systems Reporter 9.x

GRAVITYZONE HERE. Deployment Guide VLE Environment

An Oracle Technical White Paper May How to Configure Kaspersky Anti-Virus Software for the Oracle ZFS Storage Appliance

Initial Configuration Guide

ScanShell.Net Install Guide

AVG File Server User Manual. Document revision (8/19/2011)

Each ievo reader needs its own network cable, as each reader has its own IP address. Ensure this has been taken into consideration

ProxySG ICAP Integration

Threat Containment for Facebook

F-Secure Anti-Virus. for Windows Servers. Administrator s Guide

Xerox Security Bulletin XRX13-006

TREND MICROTM ServerProtectTM for EMC Celerra TM

Using PacketShaper to Control Bring Your Own Device Traffic

McAfee MOVE / VMware Collaboration Best Practices

Asset Inventory Reference

Project management integrated into Outlook

User Manual. HitmanPro.Kickstart User Manual Page 1

Blue Coat Systems ProxySG Appliance

Version: 2.0. Effective From: 28/11/2014

Downloading and Configuring WebFilter

Wireless Network Guide

McAfee VirusScan Enterprise 8.7 Users Guide

McAfee Endpoint Encryption for Files and Folders (EEFF) User Documentation

Android App User Guide

Sophos for Microsoft SharePoint Help. Product version: 2.0

T E C H N I C A L S A L E S S O L U T I O N

Guide to Installing BBL Crystal MIND on Windows 7

User Guide - escan for Linux File Server

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

Avira AntiVir Exchange User Manual

FOUR STEPS TO HIGH PERFORMANCE WAN AND INTERNET

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Using the ievo fingerprint reader with Net2

Proven LANDesk Solutions

Data Protection. Administrator Guide

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

ThinkPad USB Portable Secure Hard Drive User Guide

Winzer Corporation 1 Revision: 4.0

Net Protector Admin Console

AccXES Account Management Tool Administrator s Guide Version 10.0

Getting Started Guide for Symantec On-Demand Protection for Outlook Web Access 3.0

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA MITA Corporation

IceWarp Unified Communications. AntiVirus Reference. Version 10.4

F-Secure Anti-Virus for Windows Servers. Administrator's Guide

Transcription:

Blue Coat ICS PROTECTION Scanner Station Version USB Malware Defense for Industrial Computers User Guide, version 5.3.1

Contents Contents 1. ABOUT... 3 1.1. About this Guide... 3 1.2. System Requirements... 3 1.3. Help and Support... 3 2. INTRODUCTION... 4 2.1. Blue Coat Shark ICS Protection... 4 2.1.1. What is ICS Protection?... 4 2.1.2. What is the Scanner Station Version?... 4 2.1.3. What is the ICS Protection Workflow?... 4 2.1.4. Blue Coat SandBox Technology... 5 2.1.5. Internet Update... 5 2.1.6. Decompression Supported File Formats. 5 3. USING ICS PROTECTION SCANNER STATION... 7 3.1. Functional Overview... 7 3.2. Scan Removable USB Device for Malware... 8 3.2.1. Case 1 USB Validated... 10 3.2.2. Case 2 USB Infected... 11 3.2.3. Case 3 USB Partially Validated... 13 3.3. Create Portable Malware Cleaner... 14 3.4. Create ICS Protection Driver Package... 14 www.bluecoat.com Page 2

About 1. About 1. About this Guide This manual is intended for users and service providers of Industrial Control Systems who utilize portable USB devices to access ICS devices such as Windows-based HMI computers and engineering workstations. This manual assumes no technical knowledge on the part of the reader. 2. System Requirements The Blue Coat ICS Protection Scanner Station contains all of the necessary hardware, software, and connectivity needed to protect industrial control system computers against malicious files from portable USB devices. 3. Help and Support The Blue Coat ICS Protection Scanner Station is an intuitive, easy-to-use anti-malware solution designed to perform a limited number of functions repeatedly across a wide range of industrial environments. Please see the companion manual, Blue Coat ICS Protection Scanner Station Administrator Guide, for instructions on how to install and configure the appliance and how to upgrade licensed software. Support Resources http://www.bluecoat.com/support/ Figure 1 ICS Protection Scanner Station protects Windows-based HMI computers and engineering workstations from USB-borne malware www.bluecoat.com Page 3

Introduction Blue Coat ICS Protection Introduction 2.1. Blue Coat ICS Protection 2.1.1. What is Blue Coat ICS Protection? Blue Coat ICS Protection stops malware from entering ICS environments and comes in two versions: ICS Protection - Network version ICS Protection - Scanner Station version By combining both versions in one, you will get a comprehensive protection of your ICS environment. This document covers only the usage of ICS Protection Scanner Station version. 2.1.2. What is the Scanner Station Version? The Scanner Station version of ICS Protection is a new technology from Blue Coat providing protection for ICS infrastructure. ICS Protection scans and cleans USB devices for malware, and provides the option to technologically enforce security policies for USB device usage. 2.1.3. What is the ICS Protection Workflow? ICS Protection works as a scanner station for all USB based removable media. It can scan USB media for malware, clean them from the USB media before it s used in any HMI computer, Engineer PC or any other Windows based computer. By installing a small agent on the system you want to protect, ICS Protection can enforce iron-clad USB security policies across the entire ICS infrastructure, meaning that no USB device can be used on these Windows computers if they have not been scanned by ICS Protection. ICS Protection is a two-folded solution: 1) The physical scanner station This is where you scan and clean your USB devices. 2) The non-interruptible kernel driver This is the driver that will stop non-scanned USB devices from being used. The typical workflow/usage of ICS Protection is to scan your USB devices before they will be used in any Windows based ICS computers. Figure 2 Validated USB device permitted to access ICSP protected computer www.bluecoat.com Page 4

Introduction Blue Coat ICS Protection Any attempt to use a USB device in an ICSP protected computer without first scanning it with the ICS Protection Scanner Station will be denied. Figure 3 Malware infected USB device is denied access to ICSP protected computers 2.1.4. Blue Coat SandBox Technology Blue Coat SandBox technology enables ICS Protection to detect new malware before a detection signature has been released by analyzing code behavior in a virtual environment before it runs on a real machine. 2.1.5. Internet Update InternetUpdate can be set to automatically update the virus scanning engine and signature files at hourly intervals. See the companion manual Blue Coat ICS Protection Scanner Station Administrator Guide. 2.1.6. Decompression Supported File Formats ICSP can decompress packets representing files compressed in a number of different formats before scanning the content. ACE ACE Apple Single ARJ BZip2 CAB CAB CHM/ITSF GZ InnoSetup Installer LZH Mail / MIME MSI self extractors (compression / decompression) (compression / decompression) self extractors (compression / decompression) with Base 64, QP, or UUE encoding (compression / decompression) www.bluecoat.com Page 5

Introduction Blue Coat ICS Protection Nullsoft Installer RAR RAR RAR TAR Wise SFX ZIP ZIP 7Zip Version 2 Version 3 (store / decompression) Version 3 (self-extractors) (compression / decompression) (compression / decompression / append new objects) self extractors www.bluecoat.com Page 6

Using ICS Protection Scanner Station Functional Overview 2. Using ICS Protection Scanner Station The ICS Protection Scanner Station scans USB devices for malware so they can be safely used within the ICS environment. Connect portable USB devices using the included mini-usb-to-usb cable in the front of the Scanner Station, or use the built-in USB ports located on the underside of the Scanner Station. Figure 4 Mini-USB-to-USB cable Figure 5 Built-in USB ports Note: Using the removable and replaceable mini-usb cable will reduce wear-and-tear on the build-in USB ports and may extend the useable lifespan of the ICS Protection Scanner Station. 3.1. Functional Overview Blue Coat ICS Protection Scanner Station provides three (3) primary functions: Scan Removable Device Quickly scans USB devices for malware so they can be safely used on target ICS devices, such as Windows-based HMI computers and engineering workstations. Create Malware Cleaner Scans Windows computers for malware from a USB device and cleans infected systems, regardless of the source of the infection. Create Driver Package Copies the driver package to the mounted USB storage device. This executable package can then be used to install the Kernel driver at the target computer that is to be protected. www.bluecoat.com Page 7

Scan Removable USB Device for Malware 3.2. Scan Removable USB Device for Malware Insert a USB device into the Scanner Station. The three icons will be enabled. 1. Click Scan removable device. Figure 6 ICS Protection Home screen 2. (Encrypted USB devices only) If you are scanning an encrypted USB device, the Enter password for USB memory stick screen displays alongside a password entry field. Otherwise, skip to step 3. Enter the USB device password using the attatched keyboard and click continue. www.bluecoat.com Page 8

Scan Removable USB Device for Malware Validated 1. If the password is accepted, click continue again to finish unlocking the encrypted USB device. When the USB device is unlocked, it automatically proceeds to the scanning stage.. 2. If the password is incorrectly entered, the Wrong password! screen appears with the remaining number of attempts allowed before content on the encrypted USB device is wiped. 3. The Scanning removable device screen appears as all files on the USB device are scanned for malware. Figure 7 Scanning Removable Device screen www.bluecoat.com Page 9

Scan Removable USB Device for Malware Validated 3.2.1. Case 1 USB Validated If no malware is detected, the Validated screen appears. Remove and use the USB device. Figure 8 USB device has been validated for use on protected ICS computers www.bluecoat.com Page 10

Scan Removable USB Device for Malware Infected 3.2.2. Case 2 USB Infected If malware has been detected, the Infected screen appears. The user must choose to keep the file and not be allowed to use the USB device or to delete the malicious file, and then have use of the device. Note: Cleaning or deleting malicious files is optional, and the option must be set by the administrator at the Web Admin console. See the Blue Coat ICS Protection Administrator Guide for additional details. Figure 9 USB device is infected and user must choose to delete or keep the file Keeping the infected file informs the user that the USB device will not be usable for the ICSP enabled computers. The Details button displays more information about the malicious file that was detected. Figure 10 Infected USB device will be blocked from use on protected ICS computers www.bluecoat.com Page 11

Scan Removable USB Device for Malware Infected ICS Protection displays details about the malicious file. Please follow your company policies concerning the proper resolution of the identified condition. Figure 11 Details of malicious file detected on USB device If the user agreed to delete the malicious file, the following screen confirms that one or more malicious files were found and either cleaned or deleted. The USB device may now be used on ICSP enabled computers. Figure 12 Infected files have been removed and the USB device may now be used www.bluecoat.com Page 12

Scan Removable USB Device for Malware Partially Validated 3.2.3. Case 3 USB Partially Validated Note: The Partially Validated screen may appear in other cases such as when ICS Protection cannot scan a file due to either the presence of password-protected archives or encrypted files. In these cases, the unknown file(s) will not be usable but the rest of the files on the USB device will continue to be available. Figure 13 Partially valided USB device will be allowed access to ICSP computers Pressing Details displays additional information about the file that was found to be malicious and deleted. Figure 14 Details of a password-protected file that could not be scanned www.bluecoat.com Page 13

Scan Removable USB Device for Malware Infected 3.3. Create Portable Malware Cleaner The portable malware cleaner can be used in situations where you suspect that a Windows computer may have been infected by malware. The malware cleaner is a tool that is always updated and can scan and clean Windows computers from a USB device. Figure 15 ICS Protection Home screen Insert the USB device and click Create Malware Cleaner. ICS Protection first scans the USB device to make sure that it is not already infected with malware before allowing it for use on ICSP enabled computers. Figure 16 Malware cleaner files successfully copied to the USB device 3.4. Create ICS Protection Driver Package A USB-based driver package installs the ICS Protection driver on Windows-based HMI computers and engineering workstations stations to prevent access by USB devices that have not been scanned by ICS Protection. Insert a USB device and click the Create Driver Package icon. www.bluecoat.com Page 14

Scan Removable USB Device for Malware Infected Figure 17 ICS Protection Home screen A confirmation displays when the driver package has been created on the USB device. The USB device is then scanned to make sure it is not already infected with malware before allowing access to ICSP enabled computers. Figure 18 Driver installation files successfully copied to the USB device www.bluecoat.com Page 15

Scan Removable USB Device for Malware Infected 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE, POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS APPLIANCE, CONTENT ANALYSIS SYSTEM, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSINESS, BLUETOUCH, the Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU. Americas: Rest of the World: Blue Coat Systems, Inc. Blue Coat Systems International SARL 420 N. Mary Ave. 3a Route des Arsenaux Sunnyvale, CA 94085 1700 Fribourg, Switzerland www.bluecoat.com Page 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information