Management of operating system hardening in industrial control systems
Siik, Petteri (2018)
Siik, Petteri
2018
Automaatiotekniikka
Teknisten tieteiden tiedekunta - Faculty of Engineering Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2018-02-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201801261158
https://urn.fi/URN:NBN:fi:tty-201801261158
Tiivistelmä
Hardening improves security by removing unnecessary features from the system. Hardening can be performed for a network, a device, an operating system and single applications. As virtualization is added, the virtualization environment must also be hardened. In this thesis, the focus is on operating system hardening and its management. Frequent operating system updates cause system changes that make hardening management challenging. System hardening is presented using the ICS lifecycle model. This includes tasks, such as designing of the hardening configuration, implementation and testing, and maintaining the system hardening. To make implementation and maintaining of the hardening configuration possible two PowerShell scripts are made. One for automating hardening and other for auditing of Windows hosts. The scripts use a new hardening configuration template which is designed in this thesis. As a result, effective scripts were implemented, though some features had to be dropped due to lack of proper tools. Discarded features and other development ideas are presented in further development section. Additionally, several challenges for hardening and using Windows 10 in control systems, are observed in this thesis. Most notable discovery is that Windows 10 restores hardened settings and even broke the operation of system without any apparent reason. For this reason, the hardening configuration should be monitored and its management continued through the systems lifecycle.