You are responsible for security in a company and you will have to protect industrial systems. All
Question:
You are responsible for security in a company and you will have to protect industrial systems. All industrial systems are in a well-defined subnet and only engineering stations have the right to communicate with them. Engineering systems are also in a well-defined subnet
To do: In your Control Things machine, writ a single Snort rule that will generate an alert when it detects a connection to an industrial system from a network other than the engineering one. Implement the rule and make it trigger.
Instructions
ANSWER FROM HERE PLEASE , USE THUNT VM , AND SHOW ALL THE SCREEN SHOT SO THIS EXERCISE CAN WORK
a. Document everything with screenshots
b. In snort.conf define a new variable which contains the IPs of the industrial systems (ex ICS_NET)
c. In snort.conf define a new variable which contains the ports of industrial systems (ex ICS_PORTS)
d. In snort.conf define a new variable which contains the engineering systems authorized to communicate with the industrial systems (ex INGINERIE_NET)
e. Create a Snort rule that will detect
i. Traffic to an industrial system (IP and Port via variables)
ii. Traffic from a system other than the engineering systems (via variables)
iii. In the alert, the message must contain your name / first name
f. Generate traffic that will trigger the rule and show that the rule has been hit
Operations Management Processes And Supply Chains
ISBN: 9781292409863
13th Global Edition
Authors: Lee Krajewski, Naresh Malhotra, Larry Ritzman