First of all, how are you handling patch management?
These guidelines will help you grade your own “report card” as to how your current security measures stack up against our recommended security measures under NERC CIP-007: Systems Management:
We at THE SATURN PARTNERS recommend that you:
- Disable unused ports and services. We have cited this basic security rule forever. You would be surprised at how many ports we find left open in our assessments which are unused and therefore a security risk for entry.
- Track security patches for critical cyber assets.
- Shouldn’t you patch? If you think there aren’t compelling reasons to patch document them!
- Capture traffic to see what ports are in use. (It is useful to capture traffic for ten to fifteen minutes first to see what the typical ports and settings are being used).
- Test all patches on development/beta systems FIRST.
- Document implementation of the patches in detail.
- Document known ports and services
- Pay attention to prevention of malicious software by using anti-virus/anti-malware prevent tools which are able to detect, prevent, deter or limit exposure.
- DEPLOY such anti-virus software on the wire at the perimeter than on systems within it!
- Use security monitoring controls which can issue automated or manual alerts when they detect something out of the norm
- Stay current on latest and best processes for enabling ports on hosts, routers and firewalls
- Maintain logs a minimum of 90 days. We at THE SATURN PARTNERS recommend six months due to length of time it takes to get litigation for prosecution to court as these logs can be used as evidence if properly preserved. NOTE: PLEASE GO TO www.saturnpartners.com AND VISIT OUR FORENSICS SECTION FOR MORE DETAILS ON THE IMPORTANCE OF PRESERVING ELECTRONIC EVIDENCE!
At The Saturn Partners, we have over a dozen years of hands on experience working with utilities and other highly regulated industries to help keep our clients safe from intrusion/theft of precious data and cyber assets. Contact us today at firstname.lastname@example.org for a consultation with one of our engineers.