When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?
A.
Deploying identical application firewalls at the border
B.
Incorporating diversity into redundant design
C.
Enforcing application white lists on the support workstations
D.
Ensuring the systems’ anti-virus definitions are up-to-date
Explanation:
If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system
from a different vendor and so is not affected by the vulnerability.
Incorrect Answers:
A: An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and
potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. We don’t know what the vulnerability is but it’s
unlikely that a firewall will prevent the vulnerability or ensure availability.
C: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exceptionlist. It does not prevent vendor-specific vulnerability already inherent in the application, nor does it ensure availability. D. Antivirus software is used to protect
systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Ensuring the systems’
anti-virus definitions are up-to-date is always a good idea. However, a vendor specific vulnerability is usually not caused by a virus.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 161-162, 340