Semiconductor Equipment Security: Virus Protection ... - Sematech

SemiconductorEquipment Security:Virus ProtectionGuidelinesHarvey Wohlwend512.356.7536harvey.wohlwend ismi.sematech.orgSEMATECH, the SEMATECH logo, AMRC, Advanced Materials ResearchCenter, ATDF, the ATDF logo, Advanced Technology Development Facility,ISMI and International SEMATECH Manufacturing Initiative are servicemarks ofSEMATECH, Inc. All other servicemarks and trademarks are the property oftheir respective owners.

Agenda• Background• Purpose / Scope• Process Equipment Security Goals• Security Risks / Source of Vulnerabilities• IC Maker Guidelines• OEM Guidelines• Summary11/28/2005 • j://stdpres/template.pot • Slide 2

Cyber Security Risks80706050403020100SlammerLovegateSendmailSobigBlasterSasserNachi# InstancesFebMarAprMayJunJulAugSepOctNovDecJan'03FebMarAprilMayJuneJulyAugustSeptemberOctoberNovemberDecemberSAS Virus Alerts # of High Risk Assessments• Cyber threats are growing at alarming rate• High rate of critical vulnerabilities (5-10patches/quarter)• Significant business impact during attacks• Shrinking time between vulnerability andattacks (< 1 month)11/28/2005 • j://stdpres/template.pot • Slide 3

Shrinking Time to VulnerabilitiesVulnerabilityreported; Patchin progressBulleting andpatch available;No exploitExploit code inpublicWorm in the worldDays between patch andexploit331180151“… there is no more patchwindow," wrote Johannes Ullrich,chief research officer at the SANSInternet Storm Center, "Defensein depth is your only chance tosurvive the early release ofmalware."SQL SQL250 Zero Day Attack: Vulnerabilityexploited before it wasreported to the rest of thesecurity communityNimda NimdaWelchia/ Welchia/Blaster BlasterNachiZoToB ZoToBSlammer SlammerNachi11/28/2005 • j://stdpres/template.pot • Slide 4

Purpose / Scope• ISMI and Member Company Working Group reviewedthe issues and requirements and establishedguidelines to address semiconductor equipmentsecurity for IC Makers and Equipment suppliers– Establish guidelines at factory network andequipment level• Describe capabilities to successfully integrateequipment into an IC Maker’s Intranet, including:– Guidelines based on standard capabilities– Configuration guidelines for the IT personnel forcomponents such as network equipment,computers, operating systems, and products– Security design guidelines for equipmentapplication architects and designers11/28/2005 • j://stdpres/template.pot • Slide 6

Out of Scope• Recommend products or services• Endorse or advocate security businessmodels• Use cost estimations in the recommendations• Recommend deviations from these guidelinesbased on individual company policies andpractices11/28/2005 • j://stdpres/template.pot • Slide 7

Goals: Protect Equipment from…• Unsolicited virus infections from anyplace in the network• Network-based denial of service fromworm-based attacks• Exploitation of weaknesses inequipment computer software11/28/2005 • j://stdpres/template.pot • Slide 8

IC Maker Guidelines – Best Practices• Use firewalls in the IC Maker Factory Networkto control access• Provide proxies for communications betweenequipment and factory– Proxies provide virus protection capabilities• Institute business process for local equipmentusers– Backup and recovery procedures– Scanning of removable media (memory sticks,floppies, CDs, etc.)– Security Requirements for mobile devices (laptops,PDA,Tablets, etc.)– Infrastructure for anti-virus protection11/28/2005 • j://stdpres/template.pot • Slide 9

Equipment Supplier Guidance• Institute business process– Backup and recovery procedures– Procedures and training for field service engineers• Hardened Computer configurations– Strong password, non-blank password, etc.– No public network shares– Avoid installing or enabling unnecessary programs and serviceson equipment (e.g., telnet, ICMP, FTP)– Support applications running with minimum privileges– Wherever applicable, equipment runs independently of eachother from network perspective– Support logging and audit of security related configurationchanges– Record all security related errors11/28/2005 • j://stdpres/template.pot • Slide 10

Equipment Supplier Guidance (cont’d)• For new equipment, provide operating systems and anti-viruscapabilities that are in the currently supported phase of their lifecycle• Security software upgrade support for equipment is optional andprovided as a service for interested IC Makers.– The service details include qualification and support for operatingsystem, applications, and anti-virus capabilities– The IC Maker and the equipment supplier shall agree upon thefrequency of security updates• Network Security layer 3 device for equipment (Optional)– Allow only controlled access to/from equipment– Additional packet filtering and firewall technology for equipment• Wireless: Not Allowed– Equipment internal wireless networks / LAN replacements– Wireless networks between equipment• Wireless: Allowed– Factory components and equipment11/28/2005 • j://stdpres/template.pot • Slide 11

Field servicelaptopsRemotediagnosticsUtilityPCVulnerability PathsAutomationAppsOfficePCRemovablemediaHSMS enabledProcess toolFactory with 100’s of toolsDirect totoolSECURITYSafeguard against viruses“Isolate, Segment, andLockdown” approach• Isolate fab network from restof company• Segment tools and lock down• Business processes toaddress removable mediarisk“Keep current” approach• Keep patching equipmentsoftware to stay up-to date• Use anti-virus to preventinfections• Staying currentsystem for toolmanagement11/28/2005 • j://stdpres/template.pot • Slide 12

Summary• e-Manufacturing era brings need for enhancedsecurity– Interface A standards define equipment levelsecurity– Interface C defines moving data securely from thefactory to supporting organizations– ISMI Virus Protection Guidelines published• Provides IC Maker best practices you shoulduse• Gives guidance to equipment suppliers onexpectations and requirements• Virus Protection, 04104567B-ENG,ismi.sematech.org/docubase/abstracts/4567beng.htm11/28/2005 • j://stdpres/template.pot • Slide 13