A. Implementing allow lists: Allow lists (whitelisting) restrict network communication to only authorized devices and applications, significantly reducing the attack surface by ensuring that only pre-approved traffic is permitted.
F. Implementing a site-to-site IPSec VPN: A site-to-site VPN provides a secure, encrypted tunnel for data transmission between the OT systems and the vendor, protecting the data from interception and tampering during transit.
Other options:
B. Monitoring network behavior: While useful for detecting anomalies, it does not proactively reduce the risk of compromise or sabotage.
C. Encrypting data at rest: Important for protecting data stored on devices, but does not address network communication risks.
D. Performing boot integrity checks: Ensures the integrity of the system at startup but does not protect ongoing network communications.
E. Executing daily health checks: Useful for maintaining system health but does not directly reduce the risk of network-based compromise or sabotage.
[References:, CompTIA Security+ Study Guide, NIST SP 800-82, "Guide to Industrial Control Systems (ICS) Security", "Industrial Network Security" by Eric D. Knapp and Joel Thomas Langill, , , , , ]
Submit