Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationBuilding automation and control systems - System Catalog 2016
21222324252627282930
> White Paper | Best Practices in Digital Transformation
24
The Threat Environment
The operators of MTDCs are faced with the tasks of securing
growing and evolving network architectures against increasingly
sophisticated and targeted attacks, while at the same time meeting
ever more stringent compliance and regulatory requirements to
protect the data with which they are entrusted. The most common
current security threats on the cyber level faced include:
DDoS attacks – which have increased since the rise of botnets
and have moved the scope of attack from PCs to servers. DDoS
attacks are increasingly launched in conjunction with SSL-
induced security ‘blind spots’.
Web Application attacks such as SQL injection and cross-site
scripting.
Brute Force Attack - A basic attack method in which the attacker
tries to gain access to a website by repeatedly trying usernames
and passwords. This may cause disruption as large numbers of
repeated requests may tie up memory and processing capacity.
Ransomware (where data is held for ransom supposedly until a
ransom is paid).
DNS Infrastructure Attacks which have the capacity to disrupt
users accessing Internet services and which have occasionally
led to class actions against the ISP
Malware (code directed with malicious intent to steal data or
incapacitate computing equipment) including Trojans, viruses
and worms. This has now morphed into malware that can act
across platforms.
XSS - Cross-site scripting: a security vulnerability typically found
in web applications which enables an attacker to inject client-
side script into web pages viewed by other users and can be
used by attackers to bypass access controls.
Man-in-the-middle attack - a network attack whereby the
attacker secretly relays and possibly alters the communication
between two parties who believe they are communicating
directly with each other.
Phishing (illegitimate requests for information and passwords).
Unpatched software, most commonly browser add-in programs.
APT - Advanced persistent threat: a network attack in which
an unauthorized entity gains access to a network and stays
undetected for a long period.
Social media threats
Advanced persistent threats (APTs) via (spear) phishing
Just like natural viruses which mutate in order to survive against
antibiotics, so the list above will mutate and combine in order to
present a more sustained and complex mode of attack.