1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

When you isolate your industrial control systems don't forget about DNS

Discussion in 'Network World' started by RSS, Jun 9, 2016.

  1. RSS

    RSS New Member Member

    Many organizations that run industrial control systems strive to isolate them from the Internet, but sometimes forget to disallow Domain Name System (DNS) traffic, which provides a stealthy way for malware to exfiltrate data.

    Sometimes referred to as supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS) are notoriously insecure. Not only is their firmware full of flaws, but the communication protocols many of them use lack authentication or encryption.

    Since most ICS systems are typically meant to last over a decade once deployed, they're not easily replaceable without considerable costs. As such, ICS operators tend to focus on securing the perimeter around control systems instead of patching the devices themselves, which is not always possible. This is done by isolating ICS environments from corporate networks and the larger Internet, an action sometimes referred to as airgapping.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page