Malicious Code Prevention; Data Execution Prevention - ABB COM600 series 5.0 Cyber Security Deployment Manualline
Substation management unit
Hide thumbs
Also See for COM600 series 5.0:
- Technical reference manual (164 pages) ,
- Technical reference manual (108 pages)
Table of Contents
Advertisement
3.4.
3.4.1.
26
COM600 series 5.0
Cyber Security Deployment Guideline
Centralized user Activity Logging (CAL) server
The CAL server in COM600 is capable of receiving and storing security events in the
form of syslog messages. The security events include events generated both from within
COM600 and/or from other devices (such as protection relays/RTUs) that share the same
physical perimeter with COM600.
The security events received by CAL server, can be stored within COM600 for a max-
imum configurable time period of up to ninety days. The security events can also be
electronically forwarded to up to six entities located outside the physical perimeter of
COM600, through syslog messages. This allows for remote security event monitoring
from devices outside the physical perimeter of COM600.
The security events captured by CAL server can be viewed using COM600 WebHMI.
These security events can be viewed only with COM600-Administrator privileges.
Malicious Code Prevention
Data Execution Prevention
Data Execution Prevention (DEP) is a Windows Operating System security feature that
protects from malicious code execution.
In general, software is loaded into memory for execution. It also uses heap and stack
from memory to manage its data for its functioning. Any vulnerabilities in software like
buffer overrun, could allow malicious code to be injected in to the memory through the
data it uses. Once the malicious code is loaded in to memory there is always the risk of
it being executed.
The operating system provides isolation in memory for a software process between the
code being executed and the data it uses. Any attempt to execute code from the region
of memory marked for data used by a process will be blocked by using this DEP feature.
DEP can be hardware or software enforced.
DEP can be configured either to protect all programs or to protect only essential Windows
programs or services. In COM600 DEP is by default configured to protect essential
Windows program or services.
To configure DEP:
1. Login to COM600 using a user account that has administrative privileges.
2. Go to Control Panel.
3. Click on System.
4. In the subsequent System properties dialog, go to Advanced tab. Click Settings
under Performance.
5. In the subsequent Performance Options dialog, either select
1MRS758267
Advertisement
Table of Contents
