1 SCADA Security and Terrorism: We re not crying wolf. RG & DM
2 Agenda Introduction to the problem Rumors and claims that have achieved press Our own experiences over the last 5 years New data to add to the debate Hard data we stand behind We can confirm some of those claims in the press NAMES HAVE BEEN CHANGED TO PROTECT THE INNOCENT Conclusion There is neither cause to panic nor cause to ignore the issue Our own experience penetrating systems leads us to believe that it should be taken seriously.
3 What is SCADA? Press buzzword to discuss cyberterrorism control systems is better term Supervisory Control and Data Acquisition Monitor and control industrial systems Oil and Gas Air traffic and railways Power generation and transmission Water management Manufacturing Defined by threat Massive power blackout Oil refinery explosion Waste mixed in with drinking water
4 What is SCADA and control systems? The power your home The water in your home Where the water goes from your home The traffic lights on the way to the office The commuter train controls The air conditioning system in your office building The phone system to your home
5 What are the stories so far Warnings of doom by famous people Richard Clark, former cybersecurity czar and terrorism expert Claims that mock intrusion scenarios have always succeeded. Accuses industry of spending more on coffee than security. Howard Schmidt, former cybersecurity czar and business expert Well-known incidents Computers and manuals seized in Al Qaeda training camps full of SCADA information related to dams and related structures. Ohio Davis-Besse Nuclear power plant safety monitoring system was offline for 5-hours due to Slammer Worm in January In 2000, former employee Vitek Boden release a million liters of water into the coastal waters of Queensland, Australia. In 2003, the east coast of America experienced a blackout, while not the cause, many of the related systems were infected by the Blaster worm In 1992, former Chevron employee disabled it s emergency alert system in 22 states, which wasn t discovered until an emergency happened that needed alerting. In 1997, a teenager breaks into NYNEX and cuts off Worcester Airport in Massachusetts for 6 hours, affecting both air and ground communications. In the action to liberate Kosovo, NATO used information warfare techniques against the Serbs, Russian hackers attacked NATO computers, Chinese hackers (in response to accidental U.S. bombing of Chinese embassy) attacked United States computers. In 2000, the Russian government announced that hackers succeeded in gaining control of the world s largest natural gas pipeline network (owned by Gazprom). In 2005, Hurricane Katrina affected a few refineries in the southern coast of the United States, affecting gasoline prices world-wide.
6 What are the counter-stories so far? Nobody has every been killed by a cyberterrorist Unless people are injured, there is also less drama and emotional appeal. Dorothy Denning Despite the fact that both hackers and terrorists scare the public, what cyberterrorists could actually do (ground airplanes, power blacks, minor explosion in oil refinery) would not scare them nearly as much as 9/11. Many stories are juiced up to scare people Blaster did not cause the north-east power outage Many stories of teenage geniuses gaining control of things are often exaggerated. Yes, Al Qaeda had SCADA information, but nothing indicated an actual plan. Companies do spend more on security than coffee (in my personal experience) Many predictions have so far been wrong Tech research firm IDC named 2003 the year of cyberterrorism, predicting that a major cyberterrorism event would bring the Internet to its knees for a day or two. They are trained to cope with emergencies They practice for all sorts of problems, from floods to earthquakes to hurricanes
7 SCADA is daunting, but our existing knowledge is adequate Just this is sufficient PLC RTU EMS DNP3 ModBus OPC DCS IEC RPC ICCP TASE-2 Ethernet HMI/MMI SMB TCP/IP Fieldbus Windows ASCII IED Solaris RS-232 Linux Telnet SQL TFTP NFS NetBIOS b WEP SSID HTTP This helps, and it s all on the Internet
8 How does SCADA work? Multi-tier systems Physical measurement/control endpoints RTU, PLC Measure voltage, adjust valve, flip switch Intermediate processing Normally based on commercial 3 rd party OSes VMS, Unix, Windows, Linux Human interfaces Windows GUIs, for example Communication infrastructure A variety of transport mediums Analog, serial, Internet, radio, wi-fi
9 Protocols The heart of a SCADA system - communication protocols Raw data protocols Examples: modbus, DNP3 Designed for serial/radio links, but can also be tunneled over Internet Reads data (such as measuring voltage, pressure, fluid flow) Sends alerts (when something breaks) Send commands in other direction (flip a switch) High-level data protocols Examples: ICCP, OPC Designed to send bulk data and commands between various applications/databases Designed to provide info for humans They often bridge between the office-network and the control-network
10 Network Components Human interface OPC DNP3 ICCP
11 Protocols DNP3 generation ICCP OPC substation Data flows up to humans, commands flow down OPC ICCP DNP3 Optimized for making it easy to write human applications Optimized for passing bulk data around to systems like historical databases and power trading/analysis systems Optimized for collecting data from simple devices
12 Security DNP3 ICCP OPC Where is the human located? Does she have access to the Internet? Bulk data, who gets access to it? Partners? Office computers? Where is the authentication in this network? Which of my 300 humans can monitor/control more than 10,000 devices in the network Where do firewalls go? and impact the delay in the network causing response to happen too late?
13 Another view of that network
14 Typical example of user-interface
15 Another example: vegetable oil production
16 OPC Runs without authentication In their own words: Blaster worm exposed the problem with DCOM So Microsoft SP2 turned off anonymous by default for DCOM This breaks SCADA systems because they don t have logins No security X-Force research: looks like OPC problem has lots of buffer-overflows in it, but since everyone uses it with no authentication anyway, it s pointless researching them. Go to download trial software, test the authentication, binary review their code
17 Problems with SCADA Lesson #1 SCADA = no authentication What is the identity of an automated system? How would policies such as change your password monthly be applied to automated systems that are supposed to run unattended for years? How do you manage rights for each person? Lesson #2 Which, of the thousands of possibilities, can they can monitor/control? SCADA = no patching Systems have never needed security patches in the past Old: install a system, replace it in 5 years New: install a system, patch it every month The gulf between the old and the new is too wide
18 Problems with SCADA Lesson #3 SCADA = industry in denial about how much they are connected to the Internet Belief: not interconnected at all Reality: numerous uncontrolled interconnects Reality: even networks that are separate frequently get connected via links or simple things like roaming notebooks
19 Cyberterrorism Threat Analysis Our experience You can go to the store and buy a book on pentesting that will give you all the knowledge you need to cause a widespread power blackout. We can create 0-day exploits, but we ve never used them in SCADA pen-tests Instead, we ve used old-school techniques such as portscanning and password-guessing
20 ISS Cyberterrorism Threat Analysis Who? Al Qaeda? We have no visibility into this We guess it s not a near-term threat We know hackers are notoriously hard to organize/direct by such an organization We guess they would rather blow something up Individuals? We have a lot of visibility into this Example: when we posted our first whitepaper on SCADA, the majority of downloads were from the Arab world We know hacking skills are prevalent everywhere Example: author of Zotob was Muslim (though a normal person, not an extremist) It s not just religious fanatics, it s any individual who wants to quarrel with us, including our own citizens Example: Timothy McVeigh followed a recipe for building fertilizer bombs Example: Animal-rights activists, eco-extremists.
21 Real world examples
22 ISS Professional Services: pen-testing ISS pen-testing as part of our professional services offering Standard pen-test services like many others in the industry We ve been contracted by many SCADA/control-systems organizations The more simple the methods, the more compelling the results NO: 0day exploits from the ISS X-Force team YES: guess simple passwords YES: SQL injection YES: port-scanning YES: SNMP MIB walking YES: anonymous FTP, SMB null sessions, Telnet no password YES: old/common exploits on unpatched systems YES: sniffing YES: backdoors/trojans
23 Example #1: WiFi at power plant Sitting in conference room negotiating pen-test Denial: Why should we buy your services, we are secure so you won t be able to break in We have no WiFi Turn notebook around and show that there is an open (no WEP) access point reachable from the conference room Oh, but you can t get an IP address or anything from it We connect, it gives us a DHCP address It s just in the lab We run scans and show that it s connected to the rest of the office network The office network (where people work) is not connected to the control network (where the power plant is). We get into Solaris system using 10 year old exploit Please stop We had broken into a system that was on both networks and, indeed, was in direct control of something extremely sensitive and we were in danger of breaking it Confirmation The skills of average hackers are adequate to gain access to the systems.
24 WiFi at power plant lab SCADA office
25 Example #2: oil company Claim: We are secure because the oil production network is completely separate from the rest of the corporate network Pulls out network diagram proving his case Flaw #1: diagrams don t match reality It s the desired configuration, not the actual configuration. The networks are interconnected at numerous points. Unfortunately, most people in the company believe in the fiction. Flaw #2: diagram OBVIOUSLY doesn t match reality Supercomputer that s processing oil pumping data in order to optimize extraction sits on office network Pulls data from production network, sends configuration commands back to production network: therefore, the two networks MUST be interconnected at some point In our experience, such data crunching systems are a key hopping point between networks. Flaw #3: notebooks Production stopped at a couple of sites due to a network worm (Blaster) because somebody plugged in a notebook computer when diagnosing a problem at an oil platform. The worm quickly spread. The lost production caused million of dollars lost in revenue. Flaw #4: production network has zero protection Example: once systems go into production they are never patched Example: even patchable systems (consoles) have no authentication Conclusion: An Internet storm could disrupt oil production like Katrina
26 Example #3: Component of U.S. power grid Same claim: Customer: Backend networks are not interconnected with the Internet Same flaw: But don t you have power-trading websites on the Internet? Don t those have some interconnection with the backend networks? Customer: yes Pen-test proved it Got in via SQL injection on website/portal Established VPN-like tunnel through SQL server Followed the data from system to system to the backend network, which of course was weak on authentication and patches Confirmation Indeed, there was no air-gap between the backend network and the Internet A hacker on the Internet could press a button and shut off the system.
27 Example #4: Another nation s power grid Unlike United States, most nations have a single power grid and a single target Pen-test engagement used multiple vectors Via Internet Via dialup Via wireless Again: Office networks not interconnected to production networks Again: false, for example the time on the production network that gets the 50/60 Hz sine wave is synchronized primarily with NTP across the Internet Backend network again insecure Network equipment provided by one of the big companies Example: Solaris machine with software installed and accounts already created Manufacturer recommends to change passwords, but customer never does Everybody in the organization logs in with same username/password in order to do things like monitor and control the power Confirmation Access from the Internet to the backend network existed. Sample: accessing a specially crafted (long) URL with a web-enabled phone was all that was needed to shutdown the entire grid.
28 Example #5: Finding targets Where to start? Google Vendors list their customers on their web-site Marketing: trying to impress you with well-known customers Sales: detailed case-studies of how these customers have implemented their systems, which products they have Availability: software is usually available on their website, hardware is often cheaply available on ebay. Anecdote Customer: We think the threat is low because outsiders know nothing about our systems Us: Here is what we know about your systems Customer: <shocked> How did you get that information? Us: <showed them the web-site from the vendor> Confirmation Information needed to educate enemies about the systems is widely available. Speculation Hackers would not need to actually target the infrastructure itself, they could instead target the suppliers. Examples: Rockwell, ABB, Siemens, GE, etc. At the Abyss: An Insider's History of the Cold War, by Thomas C. Reed Claims that United States provided trojan firmware to the Soviet Union, causing a pipeline to explode in one of the biggest non-nuclear explosions the world has ever seen.
29 Example #6: Finding target Customer claims SCADA too obscure for hackers SCADA not connected to office or Internet Contents of pen-test report Listed accounts on FTP site Penetrated dual-homed machine Had firewall, but this machine both inside and outside the network Account was same username and password Found public shares on Windows file servers Found intranet websites Documents found Spreadsheets listing all accounts on the SCADA network (and DNS or IP addresses) Maps of the network, both physical and cyber Firewall policies Training materials for operators of the SCADA network Vendor manuals Source code to major applications Backup/sample configuration files for the control systems Intranet search engine that made locating much of this easy Word, PowerPoint, Excel, text and a listing of what they thought were things hackers could do Confirmation Complete outsiders can obtain the information necessary to become experts on the system
30 Example #7: Sniffing (multiple targets) Security assessment technique Once you find the usernames and passwords, put them into IDS as signatures Watch where they trigger Sniff specific applications to assess, manually search those packets for clear-text information. What we have found When accounts exist, username and password information almost always sent in the clear. Applies to human-to-machine applications. Applies to machine-to-machine communications. Confirmation Critical infrastructure communication is largely in the clear and is not encrypted.
31 Example #8: Physical access Driving with customer through rural area Us: What is that? Customer: That is one of our power substations Us: Can we take a look? What we found Door was unlocked. Windows PC running in shed connected to all the equipment and connected to the Internet SCADA backbone through wireless connection and TCP/IP protocols. Similar stories Petroleum customer relates how offshore platforms are unmanned and have no security, and how in one case, it was a mobile maintenance person with an infected laptop at one of those platforms that had caused an infection in the network. Confirmation While physical security is strong in some areas, wide-area SCADA systems are nearly impossible to physically secure.
32 Example #9: Dams Dams control flooding Disruption of control systems during floods can cause downstream flooding of inhabited areas. Dams control water Example: release of excess water from the damn can disrupt the temperature of the water, thereby making it unsuitable for industrial uses, shutting down nearby plants. Example: changes in water levels could seriously disrupt navigation and transport in the area. Dams provide power Sustained power all the time Peak power on-demand Power storage when other systems push water back up hill A release of the water can represent a huge economic loss due to the lost power Confirmation We demonstrated to the customer that we had the knowledge to use the systems we penetrated to effect these outcomes.
33 Example #10: audit trails (multiple incidents) What we found No per-user authentication: users logged in with names like console or administrator rather than alice or bob This meant that activities of malicious insiders was effectively untraceable. Available audit trails were usually turned off. Intrusion detection systems were often not updated or regularly monitored. What we reported to the customer In many cases, if an incident had occurred, there would be little or no ability to tell if it was malicious (caused by a human) or accidental (caused by accident). Indeed, during our pen-tests, much of our activity was not logged. Confirmation Victims may not even be aware that they have been attacked.
34 Example #11: modems (multiple incidents) Modems Use #1: imbedded in many equipment to allow the vendor to support the product. Use #2: an easy way to retrieve non-realtime data from the device. Problems Most had banners. We simply googled the banners, found the manuals, and used that information to compromise the devices. Devices often had default usernames/passwords that were never changed since shipped by the vendor. Devices often had backdoor usernames/passwords that couldn t be changed. Devices often had other tricks that could be used to bypass security Example: a keystroke that would dump the 64k memory on the device, which often included the previous login session, including username/password. Confirmation Forget the Internet, cyberterrorists can still attack us by war-dialing.
35 Example #12: core reviews What we have done Cursory binary audits of implementations Cursory source audits of implementations What we have found Insecure coding practices Trusting input from the network (e.g. ASN.1 buffer-overflows) Widespread use of the known villains: strcpy(), sprintf(), etc. Little or no ability for authentication or encryption Clear-text Difficulty in firewalling, patchings, hardening, and other security techniques. Confirmation Assuming they fix everything else, they still have vulnerabilities to contend with.
36 Conclusion We can confirm a lot Outsiders can gain control of the systems via cyberspace This control can lead to major disruptions in the infrastruture It doesn t take genius hacker skills We can disprove a lot An air-gap between control-networks and the Internet is not the norm (we saw it only once) The systems are not to complex for outsiders to understand (and we haven t even begun talking about insiders) It s enough to take the problem seriously There is no need to panic Yet there we shouldn t ignore the problem either
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
HACKING RELOADED Hacken IS simple! Christian H. Gresser email@example.com Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security
SCADA Fear, Uncertainty, and the Digital Armageddon Presented By Morgan Marquis Boire Whois Hi, My Name is Morgan Whois Hi, My Name is Morgan I m a security guy Whois Hi, My Name is Morgan I m a security
State of the State of Control System Cyber Security Joe Weiss, PE, CISM IEEE PES San Francisco Section October 15, 2007 What Are the Goals Maintain reliability and availability Minimize intentional and
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: firstname.lastname@example.org Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
Network Security in Power Systems Maja Knezev and Zarko Djekic Introduction Protection control Outline EMS, SCADA, RTU, PLC Attacks using power system Vulnerabilities Solution Conclusion Introduction Generator
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
Assessment and Remediation of Vulnerabilities in the SCADA and Process Control Systems of Utilities Copyright 2005 Internet Security Systems, Inc. All rights reserved worldwide Assessment and Remediation
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
technical datasheet Application Note Using Tofino to control the spread of Stuxnet Malware This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs email@example.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION
Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks
Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
Meeting IED Integration Cyber Security Challenges Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Jacques.Benoit@cybectec.com INTRODUCTION The Nature of the Risk Utilities
Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department
An ISS Technical White Paper The Truth about False Positives 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Overview In the security industry, many security analysts remark that
Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 A system or combination of systems that enforces a boundary between two or more networks - NCSA Firewall
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. WiFi is proliferating fast.
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik firstname.lastname@example.org The problem Most manufacturing facilities are more connected (and
86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DR V2.0 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, email@example.com 1 Juan Ortega, firstname.lastname@example.org 2 Document Properties Title Version V1.0 Author Pen-testers
Edith Cowan University Research Online ECU Publications Pre. 2011 2009 SCADA Forensics with Snort IDS Craig Valli Edith Cowan University This article was originally published as: Valli, C. (2009). SCADA
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
Making the most out of substation IEDs in a secure, NERC compliant manner Jacques Benoit, Product Marketing Manager, Cybectec Inc. Jean-Louis Pâquet, Chief of Technology, Cybectec Inc. Abstract An increasing
Student Name : School of Information Science (IS 2935 Introduction to Computer Security, 2003) Firewall Configuration Part I: Objective The goal of this lab is to allow students to exploit an active attack
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
Training Training Sessions Schedule Attempt for General Intelligence Presidency of Saudi Arabia Milan, February 2 th 2011 Part 1: IT Security Fundamentals - 2 - Session 1 Session 1.1:?? Welcome reception
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
OPC UA vs OPC Classic By Paul Hunkar Security and Communication comparison In the world of automation security has become a major source of discussion and an important part of most systems. The OPC Foundation
Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4
System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever Dana Tamir, Product Marketing Manager, Imperva Consider this: In the first half of 2008, SQL injection was the number one attack vector
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4