Collecting ports and services information in a control network is a tedious and manual task. Rarely do vendors provide guidelines for asset configuration rules leaving the asset owners to find the right configuration to ensure a balance of performance, reliability, and security. Due to the level of work it takes to configure assets, comprehensively managing ports and services often gets overlooked. Not because it isn't important, but because it’s not absolutely critical to system performance. Understanding open ports and services is obviously a critical component of securing and maintaining automation systems environments in order to minimize system vulnerabilities. Ports and services auditing has also become a very prominent piece of critical infrastructure regulatory standards, such as NERC CIP and CFATS.
Most of the time what we see people do is just run a port scan using one of the widely available open source tools. These tools have been developed for the IT world, most only capable of being run locally, are risky, and generally difficult to configure in a control systems environment.
Industrial Defender has taken a different approach with Automation Systems Manager. We automatically retrieve ports and services information with our automated data collection models. So if your IT department advises of a Conficker outbreak on the corporate network you can quickly run a query against all the Windows systems with port 445/TCP listening to identify those at risk. With this information you can issue a ticket to have Windows patches (KB95864, 957097, and KB958687 in case you’re wondering) applied to the vulnerable systems.
To help control system professional understand the semantics of the standards and how to manage ports and services we have compiled a technical white paper which describes the requirements, processes and complexity in detail that can be downloaded here.