As infrastructure around the world advances further towards total integration, from IoT to Industrial Applications, network and device security becomes more and more important. This is more crucial when concerning utility-scale applications, such as Nor-Cal Controls’ SCADA and DAS solutions. There are dozens, if not hundreds, of vectors to help mitigate vulnerabilities and ensure a secure system, from NERC-CIP to Zero-Trust. One such mitigation is simply keeping software and services up to date, taking advantage of security updates and vulnerability patching provided by the software providers.
Nor-Cal, as a premiere systems integrator, goes above and beyond by not only providing initial systems setup but also offering support and long-term maintenance to its SCADA and DAS solutions. One of these initiatives aims to keep our provided systems up-to-date and ready to combat modern-day bad actors. While this isn’t a dissertation on the initiative itself, one of the project tasks is to efficiently gather information on existing SCADA systems—information such as currently installed software, services, and operating system metrics (including existing updates).
This can be done manually—however, this not only takes a lot of time to search through Windows services and installed programs, but it also introduces the potential for human-error, as many tools that aren’t installed directly with the Windows Installer will not appear in the ‘installed programs’ directory. Fortunately, there are ways to do this that don’t require manual work other than ‘dragging and dropping’ PowerShell scripts or simply sending a discovery command to an Ansible instance. These tools can gather network, system, software and service data without skipping a beat—and can provide the gathered data to a user in a tightly-organized, human-readable report.
What is discovery?
Network and Systems discovery is the process of identifying and mapping all devices, services, and connected systems within a network. The purpose of this is to gain visibility into the network so we can identify potential security vulnerabilities, manage assets, and mitigate any potential issues that may arise from outdated systems or software.
Why is this necessary?
The IoT and Industrial Networking landscape is constantly evolving—new defenses against bad actors and malicious intent are being built every day. However, in the same way, those bad actors are evolving as well: new vulnerabilities, system entry points, and suspicious software are being developed and utilized as you read this. Whenever a new program/service vulnerability arises, the providers are usually quick to push updates with patches or defenses against these vulnerabilities. However, to take advantage of these patches, these programs must be up-to-date and maintained.
By gathering data on versioning, security and connected devices, Nor-Cal can quickly get a comprehensive report of software that should be updated (or even upgraded) to maintain the highest level of security. Using a combination of PowerShell and the Windows Management Interface (WMI), system discovery can be made seamless and accurate, while using tools such as Ansible can do the same for network discovery.
What is Ansible?
Per the creator of Ansible—Red Hat—Ansible is “an open source, command-line IT automation software application written in Python. It can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more”, and that “It also has a strong focus on security and reliability, featuring minimal moving parts” (Red Hat ‘How Ansible Works’).
Simply put, Ansible is a tool that can quickly perform automated tasks, such as (in this case) mapping out network and device information, on dozens or hundreds of devices at once. With a click of a button, we can quickly figure out which switch ports are locked down on what device, if any unexpected device IDs or MACs are present, whether networking deployments are following expectations and are up to date… and so much more!
When combined with active polling and visualization programs such as Zabbix, Ansible can be a great tool for accurately snapshotting a high-resolution image of the current state of any system.
What about WMI and PowerShell?
Many sites don’t allow tools like Ansible to access their systems and don’t have integrated MSSP to automate network-wide discovery. Others prevent direct access to systems via VPN+RDP and instead opt to have users access their SCADA network via high-security browser-based tools. In these cases, a local PowerShell script that accesses the Windows built-in WMI provider is a better option. Using PowerShell, it is possible to get a comprehensive list of installed programs, services, and operating system information. Additionally, information like the number of RDP seats and even Windows Update information can be pulled, allowing for a comprehensive overview of the current state of any machine.
Just like with Ansible, these tools can be used to generate reports that allow Nor-Cal Controls, as well as Site OEMs, to get a thorough view of updateable/upgradeable software and services.
Conclusion
In an ever-expanding world of technology and network infrastructure, maintaining software security is increasingly important. Tools such as Ansible and built-in Windows features such as WMI and PowerShell, allow systems integrators to quickly and accurately take account of updateable and upgradeable systems and software. This allows for an efficient workflow for keeping sites up to date with the latest security updates and vulnerability patches.
Nor-Cal Controls is committed to staying ahead of the curve, both in our premiere integration solutions and in our dedication to security. Connect with Nor-Cal to discuss your next project.
