Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

ICCP/TASE.2 > Security Recommendations - Pg. 65

ICCP/TASE.2 65 Security Recommendations Secure ICCP variants should be used wherever possible. There are several known vulnerabilities with ICCP that are reported by ICS-CERT. Because there are known exploits in the wild and ICCP is a WAN protocol, proper penetration testing and patching of ICCP servers and clients is recommended. Extreme care should be taken in the definition of the bilateral table. The bilat- eral table is the primary enforcement of policy and permissions between control centers and malicious commands issued via ICCP could directly alter or otherwise impact control center operations. In addition, ICCP clients and servers should be isolated into a unique enclave consisting only of authorized client/server pairs (multiple enclaves can be defined for devices communicating to multiple clients), and the enclave(s) should be thor- oughly secured using standard defense-in-depth practices, including a firewall and/ or IDS system that enforces strict control over the type, source, and destination of traffic over the ICCP link. Many malicious behaviors can be detected through monitoring the ICCP link, including the following: l