After learning from the experience of the security level protection inspection toolbox of the industrial control system through the security team's attack and defense research and risk assessment project, and combining with the relevant standards of the information security inspection of the industrial control system, summarizing a large number of security vulnerability information and attack methods, a kind of industrial control equipment, network communication equipment, security protection equipment, workstation Servers and other professional equipment for safety management and compliance inspection. At the same time, it can analyze the data flow of the industrial control system, use the equipment information database, vulnerability database, abnormal behavior signature database, evaluate the security risks of all kinds of equipment and the whole network, and find the equipment with relevant security problems in time. Provide important support for the information security inspection of industrial control system, and further improve the information security evaluation and inspection level of industrial control industry.
Product function
- The questionnaire survey is based on the authoritative standard basic requirements for classified protection of information security technology network security; the user-defined inspection indicators are based on the basic requirements for classified protection of information security technology network security; there are corresponding inspection standards, inspection methods and rectification methods for each inspection item; the questionnaire distribution is supported for inspection and the results of questionnaire inspection are summarized.
Questionnaire investigation
Based on the authoritative standard "basic requirements for classified protection of information security technology network security" as the inspection basis; based on the "basic requirements for classified protection of information security technology network security" as the customized inspection index; for each inspection item, there are corresponding inspection standards, inspection methods and adjustment methods; Support Questionnaire distribution for inspection and summary of inspection results.
- Industrial control vulnerability inspection supports more than 150 kinds of industrial control equipment vulnerability inspection; bypass image inspection; batch detection of multiple IP address segments, multiple IP addresses and multiple IP address masks; online inspection and offline inspection.
Inspection of industrial control loopholes
It supports more than 150 industrial control equipment vulnerability checks, bypass image mode checks, multiple IP address segments, multiple IP addresses, multiple IP address masks for batch detection, online checks and offline checks.
- The inspection of industrial host vulnerability supports the inspection of operator station, engineer station, server and other host equipment in the industrial control system; supports the inspection of windows leakage XP / 2003 / Vista / 2008 / 7, Linux, BSD and other operating systems are used for vulnerability inspection; Web, FTP, e-mail and other applications are supported for vulnerability detection; O ffi CE, Apache and other commonly used software are supported for vulnerability detection; low-risk and lightweight fingerprint vulnerability detection is supported for vulnerability detection; vulnerability information includes coding, oil leakage risk information, rectification method, impact range, etc.
Industrial host vulnerability check
Support the inspection of operator station, engineer station, server and other host equipment in the industrial control system; support the inspection of windows leakage XP / 2003 / Vista / 2008 / 7, Linux, BSD and other operating systems are used for vulnerability inspection; Web, FTP, e-mail and other applications are supported for vulnerability detection; O ffi CE, Apache and other commonly used software are supported for vulnerability detection; low-risk and lightweight fingerprint vulnerability detection is supported for vulnerability detection; vulnerability information includes coding, oil leakage risk information, rectification method, impact range, etc.
- Industrial control protocol traffic analysis supports OSI model analysis, including link layer, network layer, transmission layer and application layer analysis; supports abnormal behavior analysis, including firmware code modification, equipment abnormal operation, overflow attack support, etc.; supports more than ten industrial control protocol analysis, such as PROFINET, S7, MODBUS, ies104, etc.; supports analysis summary and scoring, supports analysis report export; supports Set the total flow and duration to grab the flow packet.
Analysis of industrial control protocol traffic
Support OSI model analysis, including link layer, network layer, transmission layer and application layer analysis; support abnormal behavior analysis, including firmware code modification, equipment abnormal operation, overflow attack support, etc.; support PROFINET, S7, MODBUS, ies104 and other industrial control protocol analysis; support analysis summary and scoring, support analysis report export; support specified total traffic and time Grab the flow packet.
- Database vulnerability inspection supports the monitoring of the main database systems such as Oracle, Sybase, DB2, mysql, SQL, server, etc.; supports the vulnerability inspection of domestic database of Dameng and Kingbase; the vulnerabilities mainly include insecure configuration, patch upgrade, permission allocation, weak password, etc.
Database vulnerability check
The branch and unified development bank monitors the vulnerability of Oracle, Sybase, DB2, mysql, SQL, server and other mainstream database systems; supports the vulnerability inspection of domestic database of Dameng and Kingbase; the vulnerability mainly includes insecure configuration, patch upgrade, permission distribution, weak password, etc.
- Configuration and malicious code check support more than 150 industrial control equipment vulnerability checks, such as industrial hosts, industrial firewalls, etc.; support to check the weak configuration of industrial hosts and firewalls; support to check industrial viruses such as shock network virus, Duqu virus, flame virus, etc.
Configuration and malicious code check
It supports more than 150 industrial control equipment vulnerability checks, such as industrial hosts, industrial firewalls, etc.; it supports checking the weak configuration of industrial hosts and firewalls; it supports checking industrial viruses such as network viruses, Duqu viruses, flame viruses, etc.
Questionnaire investigation
Based on the authoritative standard "basic requirements for classified protection of information security technology network security" as the inspection basis; based on the "basic requirements for classified protection of information security technology network security" as the customized inspection index; for each inspection item, there are corresponding inspection standards, inspection methods and adjustment methods; Support Questionnaire distribution for inspection and summary of inspection results.
Industrial control vulnerability inspection
It supports more than 150 industrial control equipment vulnerability checks, bypass image mode checks, multiple IP address segments, multiple IP addresses, multiple IP address masks for batch detection, online checks and offline checks.
Industrial host vulnerability check
Support the inspection of operator station, engineer station, server and other host equipment in the industrial control system; support the inspection of windows leakage XP / 2003 / Vista / 2008 / 7, Linux, BSD and other operating systems are used for vulnerability inspection; Web, FTP, e-mail and other applications are supported for vulnerability detection; O ffi CE, Apache and other commonly used software are supported for vulnerability detection; low-risk and lightweight fingerprint vulnerability detection is supported for vulnerability detection; vulnerability information includes coding, oil leakage risk information, rectification method, impact range, etc.
Analysis of industrial control protocol traffic
Support OSI model analysis, including link layer, network layer, transmission layer and application layer analysis; support abnormal behavior analysis, including firmware code modification, equipment abnormal operation, overflow attack support, etc.; support PROFINET, S7, MODBUS, ies104 and other industrial control protocol analysis; support analysis summary and scoring, support analysis report export; support specified total traffic and time Grab the flow packet.
Database vulnerability check
The branch and unified development bank monitors the vulnerability of Oracle, Sybase, DB2, mysql, SQL, server and other mainstream database systems; supports the vulnerability inspection of domestic database of Dameng and Kingbase; the vulnerability mainly includes insecure configuration, patch upgrade, permission distribution, weak password, etc.
Configuration and malicious code check
It supports more than 150 industrial control equipment vulnerability checks, such as industrial hosts, industrial firewalls, etc.; it supports checking the weak configuration of industrial hosts and firewalls; it supports checking industrial viruses such as network viruses, Duqu viruses, flame viruses, etc.
Product characteristics
Object information collection capability
Support the collection of inspection object data, including but not limited to the basic information, regional information, system basic information, system service information, system interconnection information and system data information of the inspected unit.
Compliance inspection capability
Scalable assessment framework
It supports the extensible evaluation framework and allows the user-defined inspection and evaluation content by selecting inspection indicators in the knowledge base, so as to facilitate the rapid integration of inspection content of special inspection tasks.
Safety inspection ability of industrial control equipment
The vulnerability is detected by querying the vulnerability database based on the fingerprint information of the device, without using the vulnerability trigger code for vulnerability detection; for the active detection mode, it supports the flow rate control of the fingerprint information detection process of the industrial control system device, provides the default low flow rate configuration, and provides the interface for the inspectors to control the flow rate.
Safety analysis ability of industrial control flow
It provides the analysis of industrial control protocols including DNP3.0, MODBUS, eCom, BACnet, Hollysys UDP, and analyzes their security. Including data package compliance analysis, security risk classification, diagnosis flow analysis, etc.
User value
- Through the industrial control toolbox, the public security supervision department can get rid of the awkward situation that the security inspection of industrial control system is powerless, realize the low-risk and efficient information security inspection, and at the same time, make the operation unit feel at ease. Its automatic professional inspection means can greatly improve the work efficiency of information security inspection and reduce personnel investment. According to the generated inspection report, it can effectively grasp the safety status of the industrial control system of the inspected unit and the implementation of the information security policy, so as to ensure the safety of people's lives and properties.
Public security supervision department
Through the public security supervision department of industrial control toolbox, we can get rid of the awkward situation that the security inspection of industrial control system is powerless, realize the low-risk and efficient information security inspection, and at the same time, make the operation unit feel at ease. Its automatic professional inspection means can greatly improve the work efficiency of information security inspection and reduce personnel investment. According to the generated inspection report, it can effectively grasp the safety status of the industrial control system of the inspected unit and the implementation of the information security policy, so as to ensure the safety of people's lives and properties.
- Through the industrial control toolbox evaluation organization, the safety evaluation organization can carry out orderly and comprehensive safety inspection on the industrial control system based on the inspection process, method and content provided by the industrial control toolbox. The results are objective, accurate and convincing, which can greatly improve the professionalism and authority of evaluation institutions in the industry. In terms of personnel quality training, it can also greatly save training investment and research funds for industrial control system inspection. The evaluation personnel can quickly start professional inspection on the industrial control system, so as to improve the efficiency and authority of the organization.
Security evaluation organization
Based on the inspection process, method and content provided by the industrial control toolbox, the assessment organization of industrial control toolbox can carry out orderly and comprehensive safety inspection on the industrial control system. The results are objective, accurate and convincing, which can greatly improve the professionalism and authority of evaluation institutions in the industry. In terms of personnel quality training, it can also greatly save training investment and research funds for industrial control system inspection. The evaluation personnel can quickly start professional inspection on the industrial control system, so as to improve the efficiency and authority of the organization.
- The industrial control system operation unit can carry out safety, effective and comprehensive safety inspection on the system by relying on the industrial control toolbox and the industrial control system operation unit itself, without having to ask experts for evaluation at a high cost every time. To some extent, it can also reduce the cost input of safety inspection and improve the operation efficiency of the unit. In addition, the inspection can be included in the normal work scope, the risk can be found in time, and the risk can be eliminated in time, so as to achieve the purpose of comprehensively mastering the system safety status, and ensure the normal operation of the system and the safety of people's lives and properties.
Operation unit of industrial control system
Relying on the industrial control toolbox, the operation unit of industrial control system can carry out safety, effective and comprehensive safety inspection on the system itself, without having to ask experts for evaluation at a high cost every time. To some extent, it can also reduce the cost input of safety inspection and improve the operation efficiency of the unit. In addition, the inspection can be included in the normal work scope, the risk can be found in time, and the risk can be eliminated in time, so as to achieve the purpose of comprehensively mastering the system safety status, and ensure the normal operation of the system and the safety of people's lives and properties.
Public security supervision department
Through the public security supervision department of industrial control toolbox, we can get rid of the awkward situation that the security inspection of industrial control system is powerless, realize the low-risk and efficient information security inspection, and at the same time, make the operation unit feel at ease. Its automatic professional inspection means can greatly improve the work efficiency of information security inspection and reduce personnel investment. According to the generated inspection report, it can effectively grasp the safety status of the industrial control system of the inspected unit and the implementation of the information security policy, so as to ensure the safety of people's lives and properties.
Security evaluation organization
Based on the inspection process, method and content provided by the industrial control toolbox, the assessment organization of industrial control toolbox can carry out orderly and comprehensive safety inspection on the industrial control system. The results are objective, accurate and convincing, which can greatly improve the professionalism and authority of evaluation institutions in the industry. In terms of personnel quality training, it can also greatly save training investment and research funds for industrial control system inspection. The evaluation personnel can quickly start professional inspection on the industrial control system, so as to improve the efficiency and authority of the organization.
Operation unit of industrial control system
Relying on the industrial control toolbox, the operation unit of industrial control system can carry out safety, effective and comprehensive safety inspection on the system itself, without having to ask experts for evaluation at a high cost every time. To a certain extent, it can also reduce the cost input of safety inspection and improve the operation efficiency of the unit. In addition, the inspection can be included in the normal work scope, the risk can be found in time, and the risk can be eliminated in time, so as to achieve the purpose of comprehensively mastering the system safety status, and ensure the normal operation of the system and the safety of people's lives and properties.