Page 639 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 639
monitor engine performance and optimize braking, steering, and
suspension, but can also include in-dash elements related to driving,
environment controls, and entertainment. Early in-vehicle systems
were static environments with little or no ability to be adjusted or
changed, especially by the owner/driver. Modern in-vehicle systems
may offer a wider range of capabilities, including linking a mobile
device or running custom apps.
Methods of Securing Embedded and Static Systems
Security concerns regarding embedded and static systems include the
fact that most are designed with a focus on minimizing costs and
extraneous features. This often leads to a lack of security and difficulty
with upgrades or patches. Because an embedded system is in control
of a mechanism in the physical world, a security breach could cause
harm to people and property.
Static environments, embedded systems, and other limited or single-
purpose computing environments need security management.
Although they may not have as broad an attack surface and aren’t
exposed to as many risks as a general-purpose computer, they still
require proper security government.
Network Segmentation
Network segmentation involves controlling traffic among networked
devices. Complete or physical network segmentation occurs when a
network is isolated from all outside communications, so transactions
can only occur between devices within the segmented network. You
can impose logical network segmentation with switches using virtual
local area networks (VLANs), or through other traffic-control means,
including MAC addresses, IP addresses, physical ports, TCP or UDP
ports, protocols, or application filtering, routing, and access control
management. Network segmentation can be used to isolate static
environments in order to prevent changes and/or exploits from
reaching them.
Security Layers
Security layers exist where devices with different levels of
