By Gregory Hale
Security experts remain locked into researching the Stuxnet worm. They learned how it can infiltrate a system, but now experts are learning more about mitigation strategies that can keep the nasty worm out.
Joel Langill, a security consultant at EnGlobal and host of a website at SCADAhacker.com devoted to control system security, shows in Part II of a video series on the Stuxnet worm one strategy that can help mitigate attacks like Stuxnet from infiltrating your system.
This demo focuses on the Software Restriction Policy (SRP) within the Windows operating environment.
“Introduced in 2000 as part of Windows XP, SRP helps protect systems from unknown and possibly dangerous code,” Langill said. “The SRP provides a mechanism along the lines of ‘whitelisting’ where only trusted code gets unrestricted access to a user’s privileges. Unknown code, which might contain viruses or code that conflicts with currently installed programs, is allowed to run only in a constrained environment, called a sandbox, where it is disallowed from accessing any security sensitive user privileges preventing it from performing acts like escalation of privilege.
“Software restriction policies provide administrators with a mechanism for identifying software programs running on a computer and controlling the ability for those programs to execute in a Windows environment. SRPs are not enabled by default. These policies are enabled and configured with either the Group Policy Management Console or the Local Group Policy Editor.”
Langill’s previous video showed how Stuxnet could install, inject and infect itself on a Siemens Field PG.
To view the video on how to mitigate a Stuxnet attack click on the video box below.
By Gregory Hale