Designing secure networks for substation automation and control systems
|
|
- Aubrie Boone
- 8 years ago
- Views:
Transcription
1 Designing secure networks for substation automation and control systems Niculescu Eliodor Sorin, Rusta Constantin, Mircea Paul Mihai, Ruieneanu Liviu and Daianu Adrian Abstract Development of the energy systems and utilities (water, gas) and the process information related to them but also their interconnection with other equipments and information systems led to increasing the risk and vulnerability; thus occurring the access possibility to the command /control systems and data for an unauthorized persons that may influence the operational safety. It also results need to take measures to increase security systems by removing all data connections or linkages that are not necessary for the operative management of the energy system. This paper focuses on describes a possible solution to increase safety for better management as well as to obtain more precise information (accurate) about events that occur while also reducing the vulnerability of the systems. Keywords Network security planning, process information system, risk, safety data, SCADA systems. I. INTRODUCTION NFORMATION systems security process is a relatively new I IT technology, and was released as a result of the inherent diversification of communication in modern society based on efficiency and speed in decision making processes. services, web, data transfer, etc. is based on a sense of security often false, which can generate potential gains rapid access to information, but can cause major losses due to theft of data or insert false or misleading [1]. Command-control systems and automation in power systems are a special category of information process, which combined with the computer systems of the utilities (water, gas) are the backbone of technical civilization. Power systems are a special category of industrial systems with high sensitivity and can go in case of errors / mistakes in the states of partial or total unavailability (the blackout) as E. S. Niculescu, Romanian National Power Grid Company Transelectrica Co., SCADA and Substation Control Systems Dept. Currently is PhD student at the University of Craiova, Faculty of Electrical Engineering sniculescu@pasys.ro;eli.sorin@gmail.com C. Rusta, Romanian Hydro Power Company Hidroelectrica Co., SCADA and Industrial Systems Dept. (constantin.rusta@gmail.com). P. M. Mircea, University of Craiova, Faculty of Electrical Engineering, Decebal Boulevard, no.107, Craiova, Romania; mmircea@elth.ucv.ro. L. Ruieneanu is with the University of Craiova, Faculty of Electrical Engineering, Decebal Boulevard, no.107, Craiova, Romania: lruieneanu@elth.ucv.ro. A. Daianu, Romanian Hydro Service Power Company Hydroserv Co., Automation and Protection Relay Dept. (daianuadrian@gmail.com). having a strong impact on business and everyday life. Moreover, if the decommissioning of the source system has an "intruder" external or external cause, the impact is even greater because the entire basic infrastructure is compromised, and could thus make "scenarios" different from any geographic points of the world. If until few years ago these systems automation data network operated as "isolated" (self), new communications technologies have allowed their interconnection and implementation processes and telemanagement remote, which to some extent vulnerable security systems [3]. This integration of the local computer subsystems and motivation was to achieve high coverage networks (WAN Wide Area Network) to: faster data acquisition, low propagation delay information to post-factum analysis centers, increasing the time response, optimization of decision making and maintaining a close link to the center to coordinate with various sublevels of subordination (Company / Branches / Centers / Substations / Process). II. PROCESS INFORMATION SYSTEMS - BOUNDING ENERGY DOMAIN A. Definition. Features. Requirements Process Information Systems (PIS) is an information system as part of the collection, transmission, storage and processing is done using the elements or components of IT (Information Technology) [4], means that computers and modern communications, software specialized procedures and techniques plus trained personnel. In other words, PIS is that part of the information system, including acquisition, processing and automatic transmission of data and information within a macro information system [5]. Characteristics of information systems: there any system should have as a central database in real time (RTDB - Real Time Data Base), the stored data to be interrelated among themselves from internal and external sources; an information system must be authentic, accurate, and support presentation range from management level to another; a system must include a variety of mathematical models, technical, economic, eg, optimization models, simulation models, models of efficiency; ISBN:
2 a system should be designed as a man-machine (HMI - Human Machine Interface) offering the possibility of an immediate and friendly interaction between user and system; a system must provide the highest possible degree of integration in two aspects: internal integration and external integration. Computer system requirements: To achieve systems that meet the required characteristics of systems is necessary to take into account the following requirements: a grounding system design to be made on grounds of economic efficiency; a direct participation in the design of management information system unit; ensuring a high technical level of the solutions adopted; a solution adopted in accordance with available resources and restrictions. Structuring of information systems requirements in the overall design stages: one on each level of the structure must ensure the uniqueness criterion for decomposition of the system; a structure made up later to allow the entire system by aggregating separate modules. B. SCADA Systems It was tried to delimit the scope of the above systems and their implementation to investigate how the National Power Grid System reacts. Thus, process control systems for power are known in literature as SCADA (Supervisory Control and Data Acquisition) systems. They are the "tools" based on the computers, which energy operators used to assist in controlling the operation of complex energy systems [2]. Base entire scaffold which contribute to the supervision, control and monitoring of electrical substation equipment and power networks is the control and data acquisition. The functions of SCADA Systems supervising and control of equipment or parts of the facility and power networks. an alarm to "recognition" of the system with inadequate state supervision of equipment and networks; post factum analysis maintain a running history of events in the surveillance; a graphical user interface (GUI - Graphical User Interface); a self-diagnostics for continuous monitoring of their functional parameters; planning and tracking a maintenance process. The architecture of control systems must comply with the requirements of open systems OSI - ISO (Open Systems Interconnection International Standard Organization). An open system provides opportunities that make applications such as: a system can be implemented from several suppliers of equipment; one can work with other applications made in open systems; to present a consistent style of interaction with the user; The more open open-concept system that brings in SCADA system design is the ability to distribute processing functions Fig.1 general architecture of a basic Substation Automation System ISBN:
3 in various knots. Each node is functionally independent of the hardware resource. Dependence between nodes is variable, however the hardware must be provided as independent as possible, this way, and it can get the opportunity to expand further or replacement. Also, the independence of processing nodes used to minimize transmission of messages and data network load. Within the node redundancy increases availability and reduces the risk of loss and loss distribution functions for other nodes. A characteristic of open systems is that nodes can be located at any distance, distributed architecture becomes a necessity, and used as a support for local data communication networks (LAN Local Area Network) and remote (WAN Wide Area Network) made using standard procedures and interfaces [7]. In Fig.1 is presented the general architecture of a distributed SCADA system, the key is to connect various components through communication networks. C. The integration concept of distributed information systems If in the early stages, information systems at power station were isolated entities, and their only external connection is made only with the dispatch center (the serial protocols IEC , invulnerable to attacks) [9], the integration of these new policies structures of complex computer systems using competitive communication protocols (based on TCP / IP) led to an increase in default and vulnerability. In order, to maximize technical and economic supervised process, the centralization of information and increase safety of National Power System were created regional information infrastructure (Control Center) which are able to download the complete information flow on all electric substations under the action of these centers. Thus, developing the concept of Wide Area SCADA (Fig. 2) which requires a full integration of these sub-control protections (SAS), in the compact and complex computer entity capable of providing a remote management of all facilities automation without the need for continuous operational tour [6]. To achieve this goal, it is necessary the use of communication protocols capable of managing the entire amount of exchange of information between control centers and the process itself. III. THE SAS SECURITY A. Network Security Planning In a computer network, there must be assurance that sensitive data is protected so that only authorized users have access to them [6]. The vulnerability of computer networks is manifested in two ways: modification or destruction of information (attack the physical integrity); a possibility of unauthorized use of information; Providing "safety data" stored in a computer network involves procedures for handling data that can not lead to the accidental distribution of their measures and / or duplication of important data to be restored if necessary. Having a secure computer network with access to data requires a user authentication procedure and / or differentiated authorization for certain resources. Any network should be protected against intentional or accidental damage. There are four major threats to the security of computer networks, as below: unauthorized access; electronic data alteration; data theft; on purpose or accidental damage. Is the responsibility of the network administrator to ensure a secure, reliable and ready to face the dangers above? It is believed that a computer system / computer network is safe(s) if all its operations are always carried out according to strictly defined rules, which results in a complete protection of entities, resources and operations. The list of threats is the defining security requirements. Once they are known that the rules should be developed to control all network operations. These operational rules are called "security services", and implementation services are by security protocols [6]. To define a secure computer network should be developed as follows: a list of security requirements; rules for protection and security. Fig. 2 wide area SCADA concept ISBN:
4 B. Defining security policies In a computer network security model assumes the existence of three levels: a physical security; a logic of security levels; a secure connection. Establish security policies and provide general orientation guidelines for network administrators and users in case of unforeseen circumstances. The most important security policies are: prevention, authentication and training. IV. ISSUES TO BE TAKEN INTO ACCOUNT IN THE DESIGN PROCESS SYSTEMS RELATED NETWORKS A. Identify all existing connections to the SCADA Systems This entails a detailed analysis of network structure of the SCADA system for assessing risk and the need for all network connections. In this stage are assessed the following types of connections: Connecting to a SCADA computer network management of LAN, WAN (business networks); Connecting SCADA Systems to the Internet; Connecting to a SCADA Systems, the certain equipment including wireless connections via satellite; An existence of modems or other dial-up connections; An adjacent connection with partners, regulatory agencies, etc. B. Disconnect from the SCADA systems all unnecessary connections To ensure the highest degree of security of SCADA systems, recommended a "containment" of networks related to other adjacent networks or connections that are not related to the process. Any connection to / with another network introduces security risks, especially in if it creates a path or connection to the Internet. Although direct interconnection with other networks / subnets can allow efficient and convenient information exchange, risk of insecure connections vulnerable to process network is large, the optimum is why the "isolation" of the SCADA network. Can be used strategies such as using the "demilitarized zones" (DMZs De Militarized Zones), and virtual sharing of computer related applications regarding managerial and process applications, but all of them, must be designed and implemented properly to avoid placing an additional risk by an incorrect configuration. C. Evaluation and strengthening of securing all remaining connections to the SCADA system This goal involves conducting penetration testing or vulnerability of all remaining links to the SCADA network to be able to assess the security of these connections [5]. In this respect, it is essential that every entry point to be used to process network firewalls and detection systems "Intruder" (IDS - Intrusion Detection Systems). Physically, the firewall can be a simple PC, workstation, router or mainframe. From a logical standpoint, the firewall determines what information or services can be accessed from outside the network and who has the right to access these resources. The firewall is located in the internal network makes the junction with the external network, called the checkpoint area. The main functional components of a firewall: a packet filtering router; an application-level proxy gateway; a circuit-level gateway. Packet filtering router is a network that transmits packets based on filtering rules implemented rules that are based on security policy. If it is known the source or destination addresses, filtering rules on the router can accept or reject a packet depending on this information. Data packets have a destination other than the IP address of those servers will not be allowed into the network. Application-level control is achieved most often through a gate (gateway) or proxy server. The gateway must be properly installed proxy code for every application that wants to pass the gate. During the dialogue between a client and a server, the proxy server acts as the client and also becomes the target server or client. For the original client, proxy server functions in a transparent but is able to monitor and filter out certain commands or information. Proxy server is a dedicated server application running on the computer network that connects our world. Because customers can access a proxy server as the client software must be modified to support proxy connection and proxy server log on. D. Avoiding possible use of proprietary protocols in SCADA systems Some SCADA systems use (purely commercial reasons) proprietary protocols for communication between the terminals in the field" and servers; this is very risky because network security is often based solely on the security of these protocols obscure low. In addition, the developer of such protocols can provide communication interfaces to other producers of some of its protocol specifications thereby increasing the vulnerability of the network indirectly through attacks backdoors. E. Remove or disable unnecessary services SCADA servers built on open operating systems are easily exposed to attacks via the default network services. To reduce the risk of direct attack is recommended to remove or disable unused network services, this is particularly important when SCADA networks to interconnect with other ISBN:
5 networks. An example of such a network service is "Remote maintenance, which should always be carried out only off and on the ground and only by authorized personnel in this regard. It is also recommended that access these systems to management / administration to make only a single external point of access and only the system administrator based on the company's internal regulations. V. CONCLUSION IT security mechanisms described above is a possible solution to achieve the perspective LANs process allowing better management of facilities, a more precise and accurate information on the events run, decrease the vulnerability of computer systems, high reliability and technology tends to occupy all the industries. REFERENCES [1] K.C. Claffey, Internet measurement: myths about Internet data CAIDA, UCSD [2] E.J. Byres, Network secures process control, InTech, Instrument Society of America, pp , Oct [3] Smith, T.; Hacker jailed for revenge sewage attacks, The Register, October 31, 2001, [4] E.J. Byres and D. Hoffman; IT Security and the Plant Floor, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 76, December [5] E.J. Byres; Designing Secure Networks for Process Control, IEEE Industry Applications Magazine, Institute of Electrical and Electronics Engineers, New York, Vol. 6, No. 5 p , September/October [6] J.C. Netzel, Network Security Across Wide Area Networks & the Internet, IndComm 2003, Melbourne Australia, May [7] S. Kunsman and M. Braemdle; Cyber security for substation automation protection and controls systems, ABB Inc., [8] F.Hohlbaum, M.Braendle, F.Alvarez, Cyber security Practical considerations for implementing IEC 62351, PAC Conference [9] International Standard IEC , Second edition , Telecontrol equipment and systems Part 5-101: Transmission protocols Companion standard for basic telecontrol tasks. ISBN:
The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationCyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)
Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms
More informationSecurity threats and network. Software firewall. Hardware firewall. Firewalls
Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationCYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.
21, rue d Artois, F-75008 PARIS D2-102 CIGRE 2012 http : //www.cigre.org CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS Massimo Petrini (*), Emiliano Casale
More informationWhat would you like to protect?
Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber
More informationPractical Considerations for Security
Practical Considerations for Security Steven Hodder GE Digital Energy, Multilin 1. Introduction This paper has been prepared to outline some practical security strategies for protection & control engineers
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationSEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationAgenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures
Firewall Agenda Unit 1 Understanding of Firewall s definition and Categorization Unit 2 Understanding of Firewall s Deployment Architectures Unit 3 Three Representative Firewall Deployment Examples in
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationNetworking Basics for Automation Engineers
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
More informationHow To Protect Power System From Attack From A Power System (Power System) From A Fault Control System (Generator) From An Attack From An External Power System
Network Security in Power Systems Maja Knezev and Zarko Djekic Introduction Protection control Outline EMS, SCADA, RTU, PLC Attacks using power system Vulnerabilities Solution Conclusion Introduction Generator
More informationBy David G. Holmberg, Ph.D., Member ASHRAE
The following article was published in ASHRAE Journal, November 2003. Copyright 2003 American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. It is presented for educational purposes
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSystem insecurity ± firewalls
Mayur S. Desai Assistant Professor, School of Business, Indiana University Kokomo, Kokomo, Indiana, USA Thomas C. Richards Professor, Business Computer Information Systems Department, The University of
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationSCADA Security Measures
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA SCADA Security Measures
More informationSECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007
SECURING AN INTEGRATED SCADA SYSTEM Network Security & SCADA Systems Whitepaper Technical Paper April 2007 Presented by: Scott Wooldridge Managing Director of Oceania Citect 1 Abstract This paper discusses
More informationChapter 20. Firewalls
Chapter 20. Firewalls [Page 621] 20.1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations 20.2 Trusted Systems Data Access Control The Concept of Trusted Systems
More informationImproving SCADA Control Systems Security with Software Vulnerability Analysis
Improving SCADA Control Systems Security with Software Vulnerability Analysis GIOVANNI CAGALABAN, TAIHOON KIM, SEOKSOO KIM Department of Multimedia Hannam University Ojeong-dong, Daedeok-gu, Daejeon 306-791
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationSecure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
More informationOverview - Using ADAMS With a Firewall
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationOverview - Using ADAMS With a Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationOn the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks
CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationIntroduction to Computer Networks and Data Communications
Introduction to Computer Networks and Data Communications Chapter 1 Learning Objectives After reading this chapter, you should be able to: Define the basic terminology of computer networks Recognize the
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationEndless possibilities
Endless possibilities ENDLESS POSSIBILITIES 03 Endless possibilities Iskra Sistemi is a developer and provider of process automation, communications and security systems for power distribution, telecommunications
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationPCI Security Scan Procedures. Version 1.0 December 2004
PCI Security Scan Procedures Version 1.0 December 2004 Disclaimer The Payment Card Industry (PCI) is to be used as a guideline for all entities that store, process, or transmit Visa cardholder data conducting
More informationFirewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.
ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex,
More informationFirewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex, r2958
More informationNetwork Technologies
Network Technologies Career Cluster Information Technology Course Code 10101 Prerequisite(s) Introduction To Information Technology Careers (Recommended), Computer Applications (Recommended), Computer
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationWhite Paper. Cyber Security. Power Industry Locks Down. What s Inside:
Invensys is now White Paper Cyber Security Authors: Ernest Rakaczky, Director of Process Control Network Security, Invensys Paul Dacruz, Vice President, Power Industry Solutions What s Inside: 1. Introduction
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationChapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationCom.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks
Com.X Router/Firewall Module Use Cases White Paper Version 1.0, 21 May 2014 2014 Far South Networks Document History Version Date Description of Changes 1.0 2014/05/21 Preliminary 2014 Far South Networks
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationOPERATIONS CAPITAL. The Operations Capital program for the test years is divided into two categories:
Filed: September 0, 00 EB-00-0 Tab Schedule Page of OPERATIONS CAPITAL.0 INTRODUCTION Operations Capital funds enhancements and replacements to the facilities required to operate the Hydro One Transmission
More informationFirewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationSecurity issues in Voice over IP: A Review
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu
More information87-01-30 Secure External Network Communications Lynda L. McGhie Payoff
87-01-30 Secure External Network Communications Lynda L. McGhie Payoff Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional
More informationImplementation of Virtual Local Area Network using network simulator
1060 Implementation of Virtual Local Area Network using network simulator Sarah Yahia Ali Department of Computer Engineering Techniques, Dijlah University College, Iraq ABSTRACT Large corporate environments,
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationGetting started. Creating a Web Server support application
Getting started Creating a Web Server support application Document revision Date Edition Comments 08/09/2010 1.0 - Sielco Sistemi srl via Roma, 24 I-22070 Guanzate (CO) http://www.sielcosistemi.com Getting
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationCAISO Information Security Requirements for the Energy Communication Network (ECN)
Page 1 of 11 REVISION HISTORY VERSION DATE DESCRIPTION DRAFT 0.1 11/27/2002 Initial Draft 1.0 10/13/2003 Initially Released Version 1.1 11/15/2005 Minor clean-up. 1.2 05/30/2006 New logo and appendix change
More information