What is StruxNex Virus?
All of the vulnerabilities in the Windows operating system have now been patched. As always, it is important to stay current with security updates. Unix-like hosts, such as Linux, BSD, OSX, etc, are not vulnerable Stuxnet. Going further, disabling USB mass storage on control system hosts (needed for some S7 control functions) would prevent an infected flash drive from loading the malware onto mission critical machines. Segregating SCADA & control system hosts from other infrastructure and using access control lists between zones is a good preventative method, but the most effective protection to this attack is white listing or host intrusion prevention systems. Removing or restricting access to shared network folders is also recommended. Up to date anti-virus definitions can identify Stuxnet, but zipped files must be unpacked in order for scans to be completely accurate. Siemens has provided the Sysclean utility, which can be used to remove the infection from a compromised host. It is also important to apply the SIMATIC security updates. And of course, mission-critical servers/systems should never be used for general web browsing, email, etc.
All of the vulnerabilities in the Windows operating system have now been patched. As always, it is important to stay current with security updates. Unix-like hosts, such as Linux, BSD, OSX, etc, are not vulnerable Stuxnet. Going further, disabling USB mass storage on control system hosts (needed for some S7 control functions) would prevent an infected flash drive from loading the malware onto mission critical machines. Segregating SCADA & control system hosts from other infrastructure and using access control lists between zones is a good preventative method, but the most effective protection to this attack is white listing or host intrusion prevention systems. Removing or restricting access to shared network folders is also recommended. Up to date anti-virus definitions can identify Stuxnet, but zipped files must be unpacked in order for scans to be completely accurate. Siemens has provided the Sysclean utility, which can be used to remove the infection from a compromised host. It is also important to apply the SIMATIC security updates. And of course, mission-critical servers/systems should never be used for general web browsing, email, etc.
No comments:
Post a Comment