During this exercise, you will monitor both network traffic and data accesses to identify potentially malicious behaviour on the I&C network. As you understand the normal traffic, changes in network traffic can be identified. The engineering work station (EWS) contains all of the files necessary to setup, configure, and monitor the I&C system. Knowing and understanding the data paths within the I&C environment is necessary to protect EWS’s critical assets.
For the network analysis, this exercise will utilize Wireshark for monitoring and analyzing I&C network traffic to determine what network traffic is normal. Using your network traffic baseline you can quickly identify unexpected traffic. Another objective is to view and modify a firewall configuration.
We will be using the following tools during the exercise:
Building on the previous exercises, you will use Microsoft Management Console (MMC) to observe access to the file system of the EWS.
Log on to the Engineering Workstation (EWS):
Verify the EWS Siemens Totally Integrated Automation (TIA) project view and RT (runtime) Simulator windows are open.