Furthermore, the issue is compounded by the fact that consumers when provided with transparency (by at least knowing what permissions exist) either do not read or understand what data are being requested by the app in question. The issue of leaky apps is clearly a key problem, and absence of transparency about how data are stored or transmitted poses an issue. Indeed, if we review the data protection authorities (Canada, Netherlands) investigation into WhatsApp, there is a disparity between what was stated (regarding how long data is stored and transmitted), and what actually happened. However, there is no doubt that the level of transparency regarding what happens with the data, how it is transmitted, and what happens with the data once collected does not have the same level of transparency. Of course, there is no suggestion that the applications themselves are doing anything malicious, indeed for Android, the user is provided with details regarding the permissions the application is requesting. In addition, the research also found that almost 10% of apps had permission to read the contact lists on the mobile device. Equally, 1 in 30 divulged e-mail addresses over the Internet, with 1749 doing so over an encrypted connection and 1661 over an unencrypted connection. If we take this number and then consider research by security firm BitDefender, 13 which found that based on analysis of the 836,021 applications in the Play Store (at the time of conducting the research), 1 in 20 were able to locate and open photographs on installed devices. This of course is hardly surprising when it is estimated the average number of apps downloaded by smartphone users equals 25 12 (and a whopping 40 in South Korea). How many apps do you have on your mobile device? If you can answer that question, then congratulations that is impressive, but can you confirm what data these apps collect, and more importantly what they do with your data? It is unlikely that many can even answer the first question, let alone the proceeding questions. Jim Reavis, in CSA Guide to Cloud Computing, 2015 Threat 3: Data Loss and Data Leaking through Poorly Written Applications Threat Level: Medium Interception and modification of ICCP messages (i.e. alteration of energy metrics used in trading), or various other malicious intents. theft of command function codes), financial disruption (e.g. Malware infecting the ICCP server or other devices on the network could be used to exfiltrate sensitive information for purposes of sabotage (e.g. Ī DoS attack resulting from repeated information requests (“spamming”) that utilize the server’s available resources and prevent legitimate operation of the ICCP link.Insider threats, including unauthorized information access and transmission, alteration of secure configurations, or other malicious actions can be the result of a physical security breach within a control center, or of a disgruntled employee. Intruders gaining unauthorized access to the control center network, via overlooked access points, such as dial-up or remote access connections to partner or vendor networks with weak access control mechanisms. Many malicious behaviors can be detected through monitoring of the ICCP link, including the following: Many of the recommendations described for other industrial protocols are equally applicable for ICCP, including the creation of network baselines and deployment of network whitelists. As with other industrial protocols, preference should be given to security practices that are capable of deep-packet inspection of ICCP traffic, if available. ICCP clients and servers should also be isolated into a unique zone consisting only of authorized client–server pairs (multiple zones can be defined for devices communicating to multiple clients), and the zones(s) should be thoroughly secured using standard defense-in-depth practices, including a firewall (industrial grade if installed in production environments) and/or intrusion protection system that enforces strict control over the type, source, and destination of traffic over the ICCP link. Malicious commands issued via ICCP could directly alter or otherwise impact control center operations. The bilateral table is the primary enforcement of policy and permissions between control centers. Proper system hardening and regular system assessments and patching of ICCP servers and clients is recommended because there are known exploits in the wild and ICCP is a WAN protocol.Įxtreme care should be taken in the definition of the bilateral table. There are several known vulnerabilities with ICCP that have been reported by ICS-CERT. Secure ICCP variants should be used wherever possible and supported by the current vendors installed within a particular site.
Knapp, Joel Thomas Langill, in Industrial Network Security (Second Edition), 2015 Security recommendations
0 kommentar(er)
