Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
Ç¥ÁعøÈ£ | TTAK.IT-X.1333 | ±¸Ç¥ÁعøÈ£ | |
---|---|---|---|
Á¦°³Á¤ÀÏ | 2023-12-06 | ÃÑÆäÀÌÁö | 30 |
ÇѱÛÇ¥Áظí | »ê¾÷Á¦¾î½Ã½ºÅÛ ¿ø°ÝÁ¢¼Óµµ±¸ »ç¿ë º¸¾È Áöħ | ||
¿µ¹®Ç¥Áظí | Security guidelines for the use of remote access tools in industrial control systems | ||
Çѱ۳»¿ë¿ä¾à | ÀÌ Ç¥ÁØÀº ¿ø°ÝÁöÀÇ ÄÄÇ»Æà ÀåÄ¡¿¡¼ RAT¸¦ ÀÌ¿ëÇÏ¿© »ê¾÷Á¦¾î½Ã½ºÅÛ¿¡ Á¢¼ÓÇϴ ȯ°æ¿¡¼ ¹ß»ýÇÏ´Â º¸¾È À§ÇùÀ» ½Äº°ÇÏ°í, ÀÌ º¸¾È À§Çù¿¡ ´ëóÇϱâ À§ÇÑ º¸¾È ÁöħÀ» Á¦°øÇÑ´Ù.
»ê¾÷Á¦¾î½Ã½ºÅÛÀÇ ¿î¿µ°ú À¯Áöº¸¼ö¸¦ À§Çؼ ¿ø°ÝÀÇ ¿î¿µÀÚ ¶Ç´Â À¯Áöº¸¼ö ¿£Áö´Ï¾î°¡ »ê¾÷Á¦¾î½Ã½ºÅÛ ³» »ç¿ëÀÚ ±â°è ÀÎÅÍÆäÀ̽º(HMI, Human Machine Interface), ¿î¿µÀÚ ¿öÅ©½ºÅ×À̼Ç(OWS, Operator WorkStation) µî¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¶ÇÇÑ, ¿ø°ÝÀÇ ¿î¿µÀÚ ¶Ç´Â À¯Áöº¸¼ö ¿£Áö´Ï¾î´Â RAT¸¦ ÀÌ¿ëÇÏ¿© ÇöÀå Á¦¾î½Ã½ºÅÛ¿¡ ¿¬°áµÈ HMI¿¡ Á÷Á¢ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. À̶§, RATÀÇ ¹ÌÈíÇÑ Çü»ó(¼ÒÇÁÆ®¿þ¾î ¼³Á¤°ª) ¶Ç´Â ¾ÈÀüÇÏÁö ¾ÊÀº ³×Æ®¿öÅ© Çü»ó(±¸¼º)À» ÅëÇØ °ø°ÝÀÚ°¡ ħÅõÇÒ ¼ö ÀÖ´Â º¸¾È À§ÇùÀÌ ¹ß»ýÇÑ´Ù. ÀÌ·¯ÇÑ º¸¾È À§ÇùÀ» ¿ÏÈÇϱâ À§Çؼ ÀÌ Ç¥ÁØÀº RAT Ŭ¶óÀ̾ðÆ®, ¼¹ö, Ŭ¶óÀ̾ðÆ®¿Í ¼¹ö °£ Åë½Åä³Î ¹× ³×Æ®¿öÅ© µî¿¡ ´ëÇÑ º¸¾È ÁöħÀ» Á¦°øÇÑ´Ù. º¸¾È ÁöħÀº º¸¾È ÅëÁ¦, º¸¾È ÅëÁ¦ÀÇ ¸ñÀû(Çʿ伺), º¸¾È ÅëÁ¦ ±¸Çö Áöħ µîÀ¸·Î ±¸¼ºµÈ´Ù. |
||
¿µ¹®³»¿ë¿ä¾à | The standard identifies security threats that arise in the environment where RATs are used on computing devices at remote locations to access ICSs and provides security guidelines to address these security threats.
For the operation and maintenance of ICSes, remote operators or maintenance engineers may need to access human machine interfaces (HMI) and operational workstations (OWS) within the ICS. Additionally, remote operators or maintenance engineers can directly access HMIs connected to the field-side control system using RATs. However, security threats can arise if RATs are inadequately configured or if the network configuration is not secure, potentially allowing attackers to penetrate the system. To mitigate these these threats, this standard provides security guidelines for RATs such as clients, servers, communication channels between clients and servers, and network configurations. The security guidelines consist of security controls, the purpose of security controls, and implementation guidelines for security controls. |
||
±¹Á¦Ç¥ÁØ | |||
°ü·ÃÆÄÀÏ | TTAK.IT-X.1333.pdf |