Copyright

Vulnerability Assessments in Industrial Networks: Definition, Overview & Methods

Instructor: Prashant Mishra

Prashant is currently pursuing his bachelors in Computer Science and Engineering.

In this lesson, we will discuss the need for vulnerability assessments in industrial networks, and its goals. We will also see the methods used in ICS and SCADA systems to conduct vulnerability assessment.

Okay, so you have designed, setup and configured a network and want to open it for access to the intended users. But wait! Have you checked the risks or the attacks that can take place and how to avoid them? When we design a network, we shouldn't open it up for use until we check for risks or attacks that may happen and how to avoid them. We don't want to deal with a situation where an attacker has accessed and stolen important data before we have understood, addressed and mitigated risks and issues on the network. This would be a very grave situation with severe repercussions to the organization's operations.

What is Vulnerability Assessment?

As the name suggests already, vulnerability assessment is a detailed report of the insecurities that a network can face. This assessment serves as a manuscript to understand the weaknesses in a network and devising methods to minimize them.

The goals that are achieved by vulnerability assessments are:

  • Identification of insecurities and vulnerabilities present in the network infrastructure. This includes identifying potential threats of data stealing, data altering, illegal access, etc.
  • Ranking of these vulnerabilities. This to done to handle threats if they many of them are posed at once. If more than one threat is posed to the network, then this ranking helps to decide which should be tackled first to avoid much damage.
  • Understanding the consequences of these vulnerabilities. This includes all the consequences that will happen if the threats are posed. The level of damage, cost of repairing it, etc. is discussed here.
  • Developing strategies to tackle these vulnerabilities. Finally, we develop strategies to tackle these threats if they occur.

Remember, Vulnerability Assessment is not a one time thing. It is done periodically to check on the network with the advancement of time and technology.

The Vulnerability Assessment is done in accordance with the help of some standards which provide an overview of security techniques. ISO/IEC 27002:2013 is the most commonly used standard.

Methods to implement Vulnerability Assessment

Vulnerability Assessment can be conducted by three methods:

Black Box Vulnerability Assessment

In this method, a team of hackers is assigned and is asked to attack the network from outside as it would happen in a real-world scenario. Because of this, any access to any kind of data regarding the network is not given to them. They are asked to then form a report explaining the components which they could attack and how to avoid them.

White Box Vulnerability Assessment

In this method, a team of security experts are assigned to the task and given all the data regarding the network. They then search for vulnerabilities from inside the system. They not only check for vulnerabilities but also understand the configurations pertaining to security of the different components present in the network.

Gray Box Vulnerability Assessment

This method is a combination of the above two methods. A team of hackers are asked to view the network from outside and attack it but some partial information like login credentials are provided to them so that they have partial access to the network.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support