Рейтинг темы:
  • 0 Голос(ов) - 0 в среднем
  • 1
  • 2
  • 3
  • 4
  • 5
Обновления на станции
#1
Shocked 
Доброго времени суток.

В связи с последними событиями вирусных атак (которые не затронули наше производство), начальство просит найти некий рекомендуемый Роквеллом список обновлений на операционные системы.
Всё, что я нашел в просторах интернета, это список всех обновлений с информацией о том, протестировано это обновление на ПО от Роквелл или нет.

Может кто нибудь сталкивался с такой задачей или подскажет, существует такой список или нет?

Спасибо.
Ответ
#2
Если Вы имеете в виду Petya, то см. KB 1052876, а если Wanna Cry, то KB1047348
Ответ
#3
(07-Jul-2017, 11:43:10)oldDad Написал: Если Вы имеете в виду Petya, то см. KB 1052876, а если Wanna Cry, то KB1047348

Вопрос не про конкретные заплатки, а есть ли у Роквелла список рекомендуемого обновления.
В инструкции перед установкой надо отключить автоматическое обновление, вся технология изолированна от внешних сетей.
Но начальство хочет некий список рекомендуемых Роквеллом обновлений для работы...
Ответ
#4
Обновлений чего именно? Если операционных систем, то Вы не по адресу, Rockwell операционными системами не занимается, это Вам в Microsoft.  Если по поводу обновления Rockwell Software, то его на работающей системе обновлять незачем.
Ответ
#5
Ну, кое-какие рекомендации и указания всё же имеются:

Цитата:Rockwell Automation is releasing this notice titled "Rockwell Automation Recommended Mitigations For "Petya" Malware." The notice is available on our Knowledgebase as article number #1052876. A link to the article is provided here but the entire article is provided in this email for your benefit. https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1052876
You are receiving this notification as our records indicate that you are a registered software user of our products or may have downloaded software / firmware from our website.
On June 27, 2017, a new malware variant named “Petya” (also known as “NotPetya” or “Nyetya”) began affecting Microsoft Windows personal computers (PCs) around the world. NotPetya is a Petya-inspired malware variant and behaves in a manner similar to how the “WannaCry” ransomware that surfaced in May 2017 did, specifically in that it is a self-propagating "worm" that infects any vulnerable host that has not patched the Windows SMBv1 vulnerability. Microsoft patched this vulnerability, named “MS17-010,” in March 2017.

However, it is worth noting that this malware has some key differences from WannaCry, including how it propagates to other machines and how it attacks the victim’s PC.

As of this writing, there is no known direct impact to Rockwell Automation products from this malware, though all files present on a machine (including files used by Rockwell Automation products) may be encrypted in the event of a successful attack. However, customers who use Rockwell Automation software products may be vulnerable to this attack since most of the Rockwell Automation software products run on Microsoft Windows platforms containing the underlying vulnerability which enables this attack.

Rockwell Automation decided to provide this advisory since customers running Rockwell Automation software on Microsoft Windows may be vulnerable to this attack. Information and links to Microsoft-provided resources are provided below, as well as our qualification report for MS17-010. We are continuing to monitor this situation, and we will update this advisory as we learn more.
AFFECTED PRODUCTS
According to Microsoft’s MS17-010 Security Bulletin, the following operating systems contain the vulnerability:
  • Windows XP
  • Windows 7
  • Windows 8
  • Windows 10
  • Windows Server 2003
  • Windows Server 2008 R1/R2
  • Windows Server 2012
  • Windows Server 2016
Note: Both 32-bit and 64-bit versions are vulnerable.

Note: At the time of this writing, and according to Microsoft, no versions of Windows CE are affected.
VULNERABILITY DETAILS
This malware is similar in many ways to the WannaCry malware that surfaced in May 2017, but it also includes different methods for the encryption of files and propagation across the network to infect new machines. Reports suggest that if the Petya malware has administrative privileges, it does not encrypt files individually through a whitelist approach, but instead will encrypt the entire filesystem, rendering the machine completely in-accessible. Industrial control system (“ICS”) specific files, which may not have been specifically included in past whitelists, will now also be encrypted along with any other file on the filesystem.

The initial Petya infection comes from opening an infected file, attached to an email. Once a machine on a victim’s network is infected, Petya utilizes multiple mechanisms to propagate through the victim’s network without any type of user interaction, such as is common with the following social engineering-based attacks:

- EternalBlue, the same SMB exploit which allowed WannaCry to propagate.
- Microsoft Windows Management Instrumentation (WMI), using the user’s credentials.
- Microsoft PSexec tool, using the user’s credentials.
RISK MITIGATIONS and RECOMMENDED USER ACTIONS
The risk from EternalBlue can be mitigated by applying updates from MS17-010. The other two attack vectors can be mitigated through blocking ports utilized by those protocols.

Rockwell Automation strongly recommends that customers review the Microsoft MS17-010 Security Bulletin, evaluate the potential risks, and implement a mitigation plan. Microsoft has provided patches for ALL affected operating systems, including XP and 2003. Rockwell Automation suggests that before implementing any Microsoft updates, the updates should be verified on a non-production system, or when the facility is non-active, to help ensure that there are no unexpected results or side effects.

The Rockwell Automation Microsoft Patch Qualification team has qualified versions of our products on Windows 7 and Windows Server 2008 R2 with MS17-010 installed. For detailed information on versions tested, visit the Rockwell Automation Microsoft Patch Qualification site: http://www.rakb-patchtests.com/data/MS_Patch_Qualification/qualifications.htm

  1. For any supported operating systems, use the “Windows Update” feature to download and apply updates

  2. For unsupported operating systems, download English language security updates directly, these patches could be loaded onto existing Windows Server Update Services (WSUS) servers to ease large-scale deployments:
    o Windows Server 2003 SP2 x64
    o Windows Server 2003 SP2 x86
    o Windows XP SP2 x64
    o Windows XP SP3 x86
    o Windows XP Embedded SP3 x86
    o Windows 8 x86
    o Windows 8 x64

  3. For non-English unsupported operating systems, download localized versions for Windows XP, Windows 8 or Windows Server 2003: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

  4. Alternatively, Microsoft recommends that you disable the SMB service following these instructions: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
    o Note: This may prevent file shares from working in some instances.

  5. Restrict SMB and WMI traffic from untrusted networks if possible.
    o BPorts TCP/135, TCP/139, TCP/445, and TCP/1024-1035.
    o Note: This may prevent file shares from working in some instances.

  6. Establish and execute a proper backup and disaster recovery plan for your organization's assets.
The Rockwell Automation MS Patch Qualification team has fully qualified MS17-010 on Windows 7 and Windows Server 2008 R2 SP1.

However, the Rockwell Automation Microsoft Patch Qualification team has NOT qualified versions of our products with MS17-010 installed on Microsoft operating systems that are End of Life. We consider this patch to be a relatively 'low risk' in impacting Rockwell Automation products and should be applied at your discretion.

Lastly, we recommend customers continue to monitor the situation by monitoring this advisory, subscribing to Knowledgebase Article 35530 for updates to Microsoft Patch Qualifications Reports, and by monitoring MS17-010. Be aware that the attack strategies can change as defenses are built up, and further action may be required.
GENERAL SECURITY GUIDELINES

  1. Refer to Knowledgebase Article 546987 for Rockwell Automation recommended customer hardening guidelines, including information about compatibility between antivirus software and Rockwell Automation products. For a list of Rockwell Automation tested antivirus software, refer to Knowledgebase Article 35330.
  2. Use of Microsoft AppLocker® or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989.
  3. Run all software as User, not as Administrator.
  4. Use trusted software and software patches that are obtained only from highly reputable sources.
  5. Employ training and awareness programs to educate users on the warning signs of
    a phishing or social engineering attack.
  6. Locate control system networks and devices behind firewalls, and isolate them from the business network, helping to make sure that messages with mismatched IP and interface origination do not reach the target system.
  7. Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.
  8. When remote access is required, use secure methods, such as Virtual Private Networks (“VPNs”), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that a VPN is only as secure as the connected devices.
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to deliver these measures.

Refer to the Industrial Security Services website for information on security services from Rockwell Automation to assess, protect, detect, respond and recover from incidents. These services include assessments, designs, implementations, industrial anomaly detection, patch management, and remote infrastructure monitoring and administration.

We also recommend concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at 54102 - Industrial Security Advisory Index. Customers may also reference the public Security page for Rockwell Automation for new and relevant information relating to this matter.

If you have questions regarding this notice, please send an email to our product security inbox at: secure@ra.rockwell.com.
ADDITIONAL LINKS
Ответ
#6
Это как раз статья KB1052876, ссылку на которую я давал выше.
Ответ
#7
(09-Jul-2017, 11:38:02)oldDad Написал: Это как раз статья KB1052876, ссылку на которую я давал выше.

Эх... надо быть точнее мне в объяснениях.

На другие системы (к примеру Delta-V) выходит список рекомендуемых для работы обновлений на Windows. Теперь моё руководство от меня просит такой же список от Rockwell.
Ответ
#8
(10-Jul-2017, 08:16:56)Pshko Написал: список рекомендуемых для работы обновлений на Windows.
Если Вам нужны рекомендуемые для Windows обновления, то Вам сюда:
https://blogs.technet.microsoft.com/msrc...e-attacks/
https://blogs.technet.microsoft.com/msrc...t-attacks/

Извините, но не очень понятно какие же рекомендации Вам нужны, если Вам не подходят рекомендации ни от Rockwell, ни от Microsoft. Может, расскажете, как Вы себе представляете рекомендации, которые Вам подойдут (и от кого)?

Вы хотите обновить свои программные продукты Rockwell? Так обновите их, в чем проблема?
Ответ
#9
(10-Jul-2017, 08:56:32)Pshko Написал: Извините, но не очень понятно какие же рекомендации Вам нужны, если Вам не подходят рекомендации ни от Rockwell, ни от Microsoft. Может, расскажете, как Вы себе представляете рекомендации, которые Вам подойдут (и от кого)?

Вы хотите обновить свои программные продукты Rockwell? Так обновите их, в чем проблема?

Ох, ну редактировать моё сообщение, думаю, что не стоило.
Я полагаю, что идёт недопонимание моего вопроса.
И в последний раз:
Есть ли список рекомендуемых Роквеллом обновлений на операционную систему Windows для работы Роквеловского ПО? Не на конкретную проблему, а вообще от релиза операционки и по настоящее время.
Если такого списка нет, то нет так нет.
Ответ
#10
Извините, редактирование Вашего сообщения получилось непреднамеренно, случайно нажал не ту кнопку, sorry Smile

О каких-то определенных списках, которые Вы имеете в виду, нам ничего не известно.
Если речь идет о совместимости того или иного программного продукта Rockwell, то см. по следующей ссылке:
https://compatibility.rockwellautomation.../Home.aspx
Ответ
#11
(10-Jul-2017, 10:19:06)oldDad Написал: Извините, редактирование Вашего сообщения получилось непреднамеренно, случайно нажал не ту кнопку, sorry Smile

О каких-то определенных списках, которые Вы имеете в виду, нам ничего не известно.
Если речь идет о совместимости того или иного программного продукта Rockwell, то см. по следующей ссылке:
https://compatibility.rockwellautomation.../Home.aspx

Там я всё просмотрел. Спасибо за потраченное время.
Ответ


Перейти к форуму: