FRP15 Approche de la Cyber Sécurité par Rockwell Automation avec Cisco
|
|
- Horace Wilkins
- 7 years ago
- Views:
Transcription
1 FRP15 Approche de la Cyber Sécurité par Rockwell Automation avec Cisco Christophe Magitteri, Cisco, Solutions Architect Iot Pierre Paterni, Rockwell Automation, Services Réseaux et Sécurité Mars 2016 Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 1
2 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 2
3 Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. Our Three Core Platforms deliver THE CONNECTED ENTERPRISE Faster Time to Market Lower Total Cost of Ownership Headquarters Production Improved Asset Utilization Customers Enterprise Risk Management Supply Chain Smart Grid Field-Based Assets Distribution Center Integrated Architecture Intelligent Motor Control Solutions & Services
4 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 4
5 Cisco and Rockwell Automation Technology, Network, Cultural and Organizational Convergence Common Technology View: Achieve flexibility, visibility and efficiency through a converged plant-wide / site-wide network architecture, using open, industry standard networking technologies, such as EtherNet/IP Converged Plantwide Ethernet (CPwE) Architectures: Plant-wide / site-wide focused tested, validated and documented reference architectures, comprised of Rockwell Automation and Cisco expertise, provide a foundation to successfully deploy the latest technologies optimized for both industrial automation and IT professionals Joint Product and Solution Collaboration: Stratix 5900 Services Router, Stratix 5100 Wireless Access Point/ Workgroup Bridge, and Stratix 5000 /Stratix 8000 families of managed industrial Ethernet switches, combine the best of both Rockwell Automation and Cisco People and Process Optimization: Services, education and certification to facilitate industrial automation and information technology convergence and successful architecture deployment, so that critical resources can focus on increasing innovation and productivity Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 5
6 Rockwell Automation Product Portfolio collaboration with Cisco Seamless, secure integration between plant and enterprise networks - addressing the needs of both IT and OT Managed Switches Multicast management services Diagnostic information Network Address Translation (NAT) Segmentation / VLAN capabilities Prioritization services (QoS) Network resiliency Security Appliances Secure real-time control communication Routing and firewall capabilities Intrusion protection Access control lists Quality of Service (QoS) Wireless Technology Connect hard-to-reach areas Mobile access to equipment and key business systems Minimizes hardware and wiring Premier Integration to the Rockwell Automation Integrated Architecture system and embedded Cisco Technology Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 6
7 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background : Trends, Threats - Best Practices CPwE Secure Architectures Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 7
8 Common IACS Security Issues Weak Access controls to HMI and other equipment Separation of duty for operator, administrator, audit Little or no Password management Physical segmentation of the IACS network Dual-homed servers or PLCs act as Firewall Segmented network has only physical security Unauthenticated command execution Communication is un-encrypted Outdated operating systems left unpatched Rogue wireless access points without encryption Insufficient controls on users, contractors (i.e. access policy, laptops, etc ) Humans are writing the IACS system software Aging infrastructures: machines, OS, softwares. Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 8
9 ICS Threat Agents Threat Agent General hackers Botnet operators and spammers Organized crime group (e.g. gangs and crime syndicates) Insiders Phishers Foreign intelligence services Industrial spies Activists and terrorists Profile Looking for individual prestige Having the same skillsets as general hackers, but with the intent of further distributing and operating various botnets. These botnets may be rented out to other threat agents. Looking to obtain money, either as random against the threat of a disruptive attack, or through direct monetary theft Including disgruntled employees, technology or business partners, or recently terminated employees or partners Attempting to attract individual users to web sites loaded with malicious software in order to compromise the user devices State-sponsored entities, possibly paramilitary, usually operating from identifiable networks or geographic regions (if you can trace them) Mercenary type entities hired to target specific corporate assets and industries Ideologically motivated entities typically without the resources to develop exploits independently, but with enough resources to hire compromised devices from botnet operators or leverage off-the-shelf exploit kits Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 9
10 Consequences of Successful Attacks on Industrial Networks Incident Type Change in a system, operating system, or application configuration Change in programmable logic in PLCs, RTUs, and other controllers Potential Impact Introduction of command and control channels into otherwise secure system Suppression of alarms and reports to hide malicious activity Alteration of expected behavior to produce unwanted and unpredictable results Damage to equipment and/or facilities Malfunction of the process (e.g. shutdown) Disabling control over a process Misinformation reported to operators Causing inappropriate actions in response to misinformation that could result in a change in programmable logic Hiding or obfuscating malicious activity, including the incident itself or injected code (i.e., a rootkit) Tampering with safety systems or other controls Malicious software (malware) infection Preventing expected operations, fail safes, and other safeguards with potentially damaging consequences May initiate additional incident scenarios May impact production, or force assets to be taken offline for forensic analysis, cleaning, and/or replacement May open assets up to further attacks, information theft, alteration, or infection Information theft Sensitive information such as a recipe or chemical formula are stolen Information alteration Sensitive information such as a recipe or chemical formula is altered in order to adversely affect the manufactured product Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 10
11 Industrial Security Trends Established Industrial Security Standards International Society of Automation ISA/IEC (Formerly ISA-99) Industrial Automation and Control Systems (IACS) Security Defense-in-Depth IDMZ Deployment National Institute of Standards and Technology NIST Industrial Control System (ICS) Security Defense-in-Depth IDMZ Deployment Department of Homeland Security / Idaho National Lab DHS INL/EXT Control Systems Cyber Security: Defense-in-Depth Strategies Defense-in-Depth IDMZ Deployment Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 11
12 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background : Trends, Threats - Best Practices CPwE Secure Architectures Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 12
13 IACS Security Objectives Restricting logical access to the ICS network and network activity Restricting physical access to the ICS network and devices Protecting individual ICS components from exploitation Maintaining functionality during adverse conditions. Restoring system after an incident. Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 13
14 Holistic Defense-in-Depth Industrial Security Policies Drive Technical Controls Education and awareness programs - training of OT personnel on industrial security policies and procedures on how to respond to a security incident Physical limit physical access to authorized personnel: control room, cells/areas, control panels, IACS devices. locks, gates, key cards, biometrics. This may also include policies, procedures and technology to escort and track visitors Network industrial security framework Computer Hardening patch management, anti-x software, removal of unused applications/protocols/services, closing unnecessary logical ports, protecting physical ports Application authentication, authorization, and accounting (AAA) Device Hardening change management, communication encryption, and restrictive access Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 14
15 Threat model protection Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall AAA VPN IPS -IDS Network Access Control Web security Network Behavior Analysis Posture Assessment Advanced Malware Protection Visibility and Context Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 15
16 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures: Overview - Segmentation - Identity Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 16
17 Built on Industry Standards Purdue Reference Model & ISA95 Enterprise Zone Enterprise Network Level 5 DMZ Site Business Planning and Logistics Network Demilitarized Zone Shared Access Level 4 Manufacturing Zone Site Manufacturing Operations and Control Level 3 Cell/Area Zone Area Control Level 2 Basic Control Level 1 Process Level 0 Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 17
18 Holistic Defense-in-Depth CPwE Architectures - Industrial Network Security Framework Enterprise External DMZ/ Firewall Internet Enterprise Zone: Levels 4-5 Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers Patch Management AV Server Application Mirror Remote Desktop Gateway Server Industrial Zone: Levels 0-3 Identity Services Authentication, Authorization and Accounting (AAA) Core Switches Wireless LAN (WLC) Active Control System Engineers Standby Control System Engineers in Collaboration with IT Network Engineers (Industrial IT) IT Security Architects in Collaboration with Control Systems Engineers Level 3 Site Operations FactoryTalk Client Level 2 Area Supervisory Control Distribution Switch Stack LWAP SSID 2.4 GHz SSID 5 GHz WGB Level 1 - I/O Soft Starter MCC Level 0 - Process I/O Drive Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 18
19 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures: Overview - Segmentation - Identity Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 19
20 Network Technology Convergence Continued Trend - Single Industrial Network Technology Flat and Unstructured Network Infrastructure Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 20
21 Segmentation Cell Area Cell/Area Zone #1 VLAN 10 I/O VFD HMI Multiple VLAN Routing on Stratix 8000 (REP) Ring Safety I/O HMI Drive Cell/Area Zone #2 VLAN 20 Stratix 8000 (Layer 2) Switches Management VLAN VLAN 50 VFD Drive I/O I/O Catalyst 3750 StackWise Switch Stack HMI Cell/Area Zone #3 VLAN 30 Cell/Area Zone #4 VLAN 40 Servo Drive I/O I/O I/O Industrial Zone Cell/Area Zones Levels 0 2 HMI Servo Drive VFD Drive Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 21
22 Segmentation NAT Machine to Machine Send message to Machine 2 CompactLogix Plant network switch Stratix 8300 TM Send message to Machine 2 CompactLogix Machine 1 NAT Machine 2 NAT Within a Machine Between Machine and Line Network Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 22
23 Segmentation IDMZ Level 5 Level 4 , Intranet, etc. Enterprise Network Site Business Planning and Logistics Network Enterprise Security Zone Remote Gateway Services Application Mirror Patch Management Web Services Operations AV Server Application Server Firewall Firewall Web CIP Industrial DMZ Level 3 Level 2 Level 1 FactoryTalk Application Server FactoryTalk Client Batch Control FactoryTalk Directory Operator Interface Discrete Control Engineering Workstation FactoryTalk Client Drive Control Remote Access Server Engineering Workstation Continuous Process Control Site Operations and Control Area Supervisory Control Operator Interface Basic Control Safety Control Industrial Security Zone Cell/Area Zone Level 0 Sensors Drives Actuators Robots Process Logical Model Industrial Automation and Control System (IACS) Converged Multi-discipline Industrial Network No Direct Traffic Flow between Enterprise and Industrial Zone Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 23
24 Holistic Defense-in-Depth Industrial DMZ positionning Enterprise External DMZ/ Firewall Internet Enterprise Zone: Levels 4-5 Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers Patch Management AV Server Application Mirror Remote Desktop Gateway Server Industrial Zone: Levels 0-3 Identity Services Core Switches Wireless LAN (WLC) Active Standby Distribution Switch Stack SSID 2.4 GHz LWAP SSID 5 GHz WGB I/O Soft Starter MCC I/O Drive Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 24
25 Industrial Demilitarized Zone (IDMZ) Controlling Access to the Industrial Zone Sometimes referred to a perimeter network that exposes an organizations external services to an untrusted network. The purpose of the IDMZ is to add an additional layer of security to the trusted network Enterprise Security Zone TRUSTED? UNTRUSTED? Industrial DMZ BROKER Industrial Security Zone TRUSTED Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 25
26 Industrial Demilitarized Zone (IDMZ) Design Tenants -Best practices All network traffic from either side of the IDMZ terminates in the IDMZ; network traffic does not directly traverse the IDMZ Only path between zones No common protocols in each logical firewall No control traffic into the IDMZ, CIP stays home No primary services are permanently housed in the IDMZ IDMZ shall not permanently house data Application data mirror to move data into and out of the Industrial Zone Limit outbound connections from the IDMZ Be prepared to turn-off access via the firewall Disconnect Point Replicated Services Disconnect Point Trusted? Untrusted? Enterprise Security Zone Industrial Security Zone Trusted IDMZ No Direct Traffic Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 26
27 IDMZ Replicated Data and Services Permit Secure Remote Access to Industrial Assets Permit Data from the Industrial Zone to Enterprise Stakeholders Wide Area Network (WAN) Physical or Virtualized Servers ERP, Active Directory (AD), AAA Radius Call Manager Firewall (Inspect Traffic) Physical or Virtualized Servers Patch Management AV Server Application Mirror Remote Desktop Gateway Server Firewall (Inspect Traffic) Physical or Virtualized Servers FactoryTalk Application Servers & Services Network Services e.g. DNS, AD, DHCP, AAA Call Manager Storage Array Remote Desktop Gateway Engineer Remote Access Level 3 Site Operations Web Reports Permit Remote Access Server Web Proxy Block Untrusted Access to Enterprise Zone Levels 0-2 Cell/Area Zone Plant Manager Permit Untrusted Block VantagePoint PAC Untrusted FactoryTalk Client IO Block Untrusted Access to Industrial Zone Drive Block Distribution switch MCC Core switches Firewalls (Active/Standby) Core switches PAC LWAP PAC WLC (Enterprise) ISE (Enterprise) ISE WGB WLC (Active) WLC (Standby) Enterprise Zone Levels 4-5 Industrial Demilitarized Zone (IDMZ) Industrial Zone Levels 0-3 Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 27
28 Typical Systems involved in IDMZ Designs Use Case Enterprise Zone: Levels 4-5 User Wants Historian Data and Reports Historian Domain Replication Domain User Wants Web Reports Web Reports User Wants to Send / Retrieve Files Secure File Transfer Configure, Troubleshoot Industrial Zone Asset Remote Desktop Client Update AV and Install O.S Patches O.S Patch Anti Virus Update Synchronized Time Across All Zones NTP Master Server Firewall (Inspect) 2 1 Industrial Demilitarized Zone (IDMZ) PI to PI Connector Domain Reverse Web Proxy Secure File Transfer Gateway Remote Desktop Gateway Anti Virus & WSUS Server IDMZ NTP Server Firewall (Inspect) Industrial Zone: Levels 0-3 Historian Domain Web Servers File Server Terminal Server Servers, Desktops, Laptops Ind. Zone NTP Server Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 28
29 Holistic Defense-in-Depth Cell / Zone Firewall positionning Enterprise External DMZ/ Firewall Internet Enterprise Zone: Levels 4-5 Industrial Demilitarized Zone (IDMZ) Identity Services Industrial Zone: Levels 0-3 Core Switches Wireless LAN (WLC) Active Standby Level 3 Site Operations Distribution Switch Stack FactoryTalk Client Level 2 Area Supervisory Control SSID 2.4 GHz LWAP SSID 5 GHz WGB Level 1 - I/O Soft Starter MCC Level 0 - Process I/O Drive Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 29
30 Protocol Inspection Cell/Area Zone Firewall Policy Enforcement (example) Industrial Zone SNMP Sweep Ping Sweep CIP Class 3 CIP http Class 1 icmp - CIP icmp Class - ping3 CIP Class 3 Zone Firewall Cell/Area Zone CIP Class 3 CIP Class 1 icmp - ping Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 30
31 Firewall IDS/IPS products Cisco ASA 5515-X Available ISA3000-4C-K9/Stratix5950 Coming Soon!! Industrial DMZ firewall Rack mount, High performances, HA. Cell / Zone firewall Din Rail, Industrially hardened Firewall : Segmentation, NAT, L3-L4 Stateful inspection IDS/IPS : Content security, threat signatures, ICS protocol Inspection Remote Access : Encrypted VPN, clientless remote access SSL, Anyconnect client Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 31
32 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures: Overview - Segmentation - Identity Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 32
33 Secure Access Consolidating access for employee/contractors/vendors Who? Employee Attacker Guest What? Personal Device Company Asset How? Wired Wireless VPN plant 1, zone 2 Headquarters When? Weekends (8:00am 5:00pm) PST Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 33
34 ISE Unifying policy for all mediums VPN VPN Louise Plant tech Zone 2 WIfi Kevin LOB Engr Lan ISE AD Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 34
35 Examples of Non-User Endpoints Printers IP Cameras Alarm Systems Fax Machines Wireless APs Turnstiles Video Conferencing Stations IP Phones Hubs Managed UPS Cash Registers Medical Imaging Machines HVAC Systems RMON Probes Vending Machines... and many others Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 35
36 ISE Profiler Profiling Probes OUI, DHCP, Netflow, DNS, HTTP, CDP, LLDP Collection Classification ID Group Assignment The Network Full conn Full zone only HMI1 + HMI2 HMI1 Negated ISE Apply Policies Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 36
37 ISE Policy Enforcement VLANs and dacls VLAN Assignment VLANs ISE Authorization policy sets VLAN. Infrastructure provides enforcement Typical VLAN examples: Quarantine/Remediation VLAN Guest VLAN Employee VLAN. Typically requires IP change and/or VLANs trunked throughout 802.1X/MAB/Web Auth ACL Download ISE AD CA dacls ISE Authorization policy pushes dacl or named ACL to NAD. ACL source (any) automatically converted to specific host address. Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 37
38 Adding ISE to CPwE Site Operations Level 3 Camera WGB Phone ISE PSN LWAP SSID 5 GHz WGB LWAP Cell/Area Zone - Levels 0-2 Redundant Star Topology - Flex Links Resiliency Unified Wireless LAN ISE ADMIN Primary WLC Secondary WLC Catalyst 2960 UCS Remote Access Server LWAP SSID 2.4 GHz Drive FIRE Enterprise Link for Failover Detection Firewall (Active) Catalyst 6500/4500 Rockwell Automation Stratix 5700/8000 Layer 2 Access Switch Firewall (Standby) FIREASA 5500 HMI Catalyst 3750X StackWise Switch Stack Soft Starter Cell/Area Zone - Levels 0-2 Ring Topology - Resilient Ethernet Protocol (REP) Unified Wireless LAN I/O External DMZ/ Firewall Instrumentation Internet Plant Firewalls Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Remote Desktop Services proxy Servo Drive Safety HMI Cell/Area Zone Levels 0-2 Cell/Area Zone Levels 0-2 Robot Safety I/O Employee Remote Access Enterprise Zone Levels 4 and 5 Industrial Demilitarized Zone (IDMZ) AP Industrial Zone Levels 0-3 SSID 5 GHz Safety I/O WGB NOTES 1) All endpoints must authenticate before being allowed on the network. 2) Centralizing authentication for all three mediums (wired, wireless, remote access) 3) Centralizing your network policy/privileges 4) Full reporting capability on every endpoint accessing the network. -- Device type -- Username/MAC/IP -- Where they Auth d from Cell/Area Zone - Levels 0-2 Linear/Bus/Star Topology Autonomous Wireless LAN Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 38
39 Example Wired Secure access Contractor/Vendor ISE ADMIN AD Enterprise External DMZ/ Firewall Internet Employee Remote Access Enterprise Zone Levels 4 and 5 Catalyst 2960 FIRE Link for Failover Detection Firewall (Active) Firewall (Standby) FIRE ASA 5500X Plant Firewalls Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Remote Desktop Services proxy Industrial Demilitarized Zone (IDMZ) ISE PSN AD UCS Catalyst 6500/4500 Catalyst 3750X StackWise Switch Stack Cell/Area Zone Levels 0-2 NOTES 1. Employee endpoint is examined by ISE Site Operations Level 3 Camera WGB Phone LWAP SSID 5 GHz WGB Primary WLC LWAP Secondary WLC Cell/Area Zone - Levels 0-2 Redundant Star Topology - Flex Links Resiliency Unified Wireless LAN RAS LWAP SSID 2.4 GHz Drive Rockwell Automation Stratix 5700/8000 Layer 2 Access Switch I/O HMI Soft Starter Instrumentation Ring Topology - Resilient Ethernet Protocol (REP) Unified Wireless LAN Servo Drive Safety HMI Robot RDP - Studio5000 Safety I/O AP SSID 5 GHz Safety I/O WGB 2. ISE sends back a dacl allowing access to that zone, but denies communication to other zones. 3. Employee has Studio 5000 on laptop, and receives direct access to controller Cell/Area Zone - Levels 0-2 Linear/Bus/Star Topology Autonomous Wireless LAN Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 39
40 Example Wireless Secure access Contractor/Vendor ISE ADMIN AD Enterprise External DMZ/ Firewall Internet Employee Remote Access Enterprise Zone Levels 4 and 5 ISE PSN PKI AD Catalyst 2960 UCS FIRE Link for Failover Detection Firewall (Active) Catalyst 6500/4500 Firewall (Standby) FIRE ASA 5500X Catalyst 3750X StackWise Switch Stack Industrial Demilitarized Zone (IDMZ) RDP Mgmt Software NOTES Contractor /Vendor access restricted to devices via RDP machine Site Operations dacl Level 3 RAS WLC Camera Phone WGB LWAP SSID 5 GHz WGB LWAP AP SSID 2.4 GHz Drive Layer 2 switch I/O HMI Soft Starter Instrumentation Servo Drive Safety HMI Robot Safety I/O AP SSID 5 GHz Safety I/O WGB Redundant Star Topology Ring Topology - Linear/Bus/Star Topology Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 40
41 Example - Remote Access FTView SE Server for Configuration Enterprise Zone: Levels 4-5 Industrial Demilitarized Zone (IDMZ) Remote Desktop Gateway Industrial Zone: Levels 0-3 Terminal Server View SE Client View SE Server RSLinx Enterprise FT Live Data Level 3 Site Operations Levels 0-2 Cell/Area Zone Remote Desktop Client PAC 1 2 Enterprise WAN Distribution switch External DMZ / Firewall Core switches Firewalls (Active/Standby) Core switches LWAP Internet WLC (Enterprise) ISE (Enterprise) ISE WGB WLC (Active) WLC (Standby) Propose High Level Architecture Place Assets in the Enterprise or Industrial Security Zone Place proposed Assets in IDMZ Draw communication lines between the assets and asset owners to make sure requirement are met FactoryTalk Client IO Drive MCC PAC PAC Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 41
42 Agenda L Entreprise Connectée Rockwell-Cisco at a glance Cybersecurity Background CPwE Secure Architectures Les Services Réseaux Rockwell Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 42
43 Why Rockwell Automation NSS Network & Security Services Differentiation Converged skill set of operational technology (OT) and information technology (IT) Experience across industrial control applications and networks Ability to address security risks without sacrificing productivity Full life cycle service offering with global delivery capability Global Capability Network & Security Services For plant personnel, who need secure industrial infrastructure, NSS is a team of industrial automation and IT experts that assess, implement and support plant-wide network infrastructure. Unlike large IT vendors and resellers, we offer a comprehensive and tailored solution that balances both IT requirements and production goals of your company. Because Infrastructure Matters Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 43
44 Network & Security Services Pre-Engineered Solutions Simplify and Accelerate CPwE Deployment Inclusive of Support Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 44
45 Network & Security Services Portfolio Supported World Wide by NSS Professionals Global Support. Local Address. Peace of Mind. Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 45
46 Additional Material CPwE Architectures - Cisco and Rockwell Automation Whitepapers ENET-WP022B-EN-P - Top 10 Recommendations for Plant-wide EtherNet/IP Deployments ENET-WP009A-EN-P - Achieving Secure Remote Access to plant-floor Applications and Data ENET-WP031A-EN-P - Design Considerations for Securing Industrial Automation and Control System Networks ENET-WP033A-EN-P - Resilient Ethernet Protocol in a Converged Plantwide Ethernet (CPwE) Architecture ENET-WP034A-EN-P - Deploying Wireless LAN Technology within a Converged Plantwide Ethernet Architecture ENET-WP036A-EN-P - Deploying Network Address Translation within a Converged Plantwide Ethernet Architecture ENET-WP037A-EN-P - Deploying Identity Services within a Converged Plantwide Ethernet Architecture ENET-WP038A-EN-P - Securely Traversing IACS Data Across the Industrial Demilitarized Zone ENET-WP039B-EN-P - A Resilient Converged Plantwide Ethernet Architecture ENET-WP040A-EN-P - Migrating Legacy IACS Networks to a Converged Plantwide Ethernet Architecture Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 46
47 Additional Material Rockwell Automation ENISA Protecting Industrial Control systems (2011) ANSSI La cybersécurité des systèmes industriels (2014) NIST SP Guide to Industrial Control systems Security (2011) CPNI UK (2011) ce/cyber/scada/ Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 47
48 Because Infrastructure Matters Copyright 2016 Rockwell Automation, Inc. All Rights Reserved. 48
Securing The Connected Enterprise
Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationNetwork Security Trends & Fundamentals of Securing EtherNet/IP Networks
Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationAUP28 - Implementing Security and IP Protection
AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationAUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)
AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security
More informationControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions
Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationIndustrial Security in the Connected Enterprise
Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. THE CONNECTED ENTERPRISE Optimized for Rapid
More informationREFERENCE ARCHITECTURES FOR MANUFACTURING
Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence
More informationProduction Software Within Manufacturing Reference Architectures
Production Software Within Manufacturing Reference Architectures Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet for manufacturing
More informationSecuring the Connected Enterprise
Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next
More informationPR03. High Availability
PR03 High Availability Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process) Agenda Overview Controllers & I/O Software
More informationSimplifying the Transition to Virtualization TS17
Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation
More informationChoosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application
Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application By: Josh Matson Various Time Synchronization Protocols From the earliest days of networked
More informationIACS Network Security and the Demilitarized Zone
CHAPTER 6 IACS Network Security and the Demilitarized Zone Overview This chapter focuses on network security for the IACS network protecting the systems, applications, infrastructure, and end-devices.
More informationDesign Considerations for Securing Industrial Automation and Control System Networks
Design Considerations for Securing Industrial Automation and Control System Networks Synopsis Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationAchieving Secure, Remote Access to Plant-Floor Applications and Data
Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationComputer System Security Updates
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationScalable Secure Remote Access Solutions for OEMs
Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationPhysical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture
Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture Industrial Ethernet networking is advancing technology applications throughout the plant. These applications are rapidly
More informationSecuring Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014
Securing Manufacturing Control Networks Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 As Internet-enabled technologies such as cloud and mobility grow, the need to understand the potential
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationNetwork & Security Services (NSS) Because Infrastructure Matters
Network & Security Services (NSS) Because Infrastructure Matters Andrew Ballard Commercial Director Services & Support - EMEA Rev 5058-CO900E THE CONNECTED ENTERPRISE Headquarters Optimized for Rapid Value
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationSecuring Manufacturing Computing and Controller Assets
Securing Manufacturing Computing and Controller Assets Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using open, industry standard networking
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationManufacturing and the Internet of Everything
Manufacturing and the Internet of Everything Johan Arens, CISCO (joarens@cisco.com) Business relevance of the Internet of everything Manufacturing trends Business imperatives and outcomes A vision of the
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationIndustrial Control Systems Security Guide
Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationAUD20 - Industrial Network Security
AUD20 - Industrial Network Security Lesley Van Loo EMEA Senior Commercial engineer - Rockwell Automation Rev 5058-CO900B Copyright 2012 Rockwell Automation, Inc. All rights reserved. 2 Agenda Connected
More informationRedesigning automation network security
White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationDas sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen
Das sollte jeder ITSpezialist über Automations- und Produktionsnetzwerke wissen Frank Schirra, Rockwell Automation Solution Architect Edi Truttmann, Cisco Systems Network Solution Sales Specialist 2012
More informationStratix Switches Within Integrated Architecture. Dave VanGompel, Principal Application Engineer
Written By: Mark Devonshire, Product Manager Dave VanGompel, Principal Application Engineer Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationSecure Access into Industrial Automation and Control Systems Best Practice and Trends
Secure Access into Industrial Automation and Systems Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Collaborating to Advance System Security Vendor offers a remote firmware update and
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationPlantPAx op weg naar Connected Enterprise.
AUP 46 PlantPAx op weg naar Connected Enterprise. Wim van der Heide Solution Architect Copyright 2015 Rockwell Automation, Inc. All rights reserved. 2 Agenda 1. Waarom zou u moeten migreren? 1. Connected
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationCisco EXAM - 500-451. Enterprise Network Unified Access Essentials. Buy Full Product. http://www.examskey.com/500-451.html
Cisco EXAM - 500-451 Enterprise Network Unified Access Essentials Buy Full Product http://www.examskey.com/500-451.html Examskey Cisco 500-451 exam demo product is here for you to test the quality of the
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationPassguide 500-451 35q
Passguide 500-451 35q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Cisco 500-451 Cisco Unified Access Systems Engineer Exam 100% Valid in US, UK, Australia, India and Emirates.
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationCisco TrustSec How-To Guide: Planning and Predeployment Checklists
Cisco TrustSec How-To Guide: Planning and Predeployment Checklists For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents...
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationCompTIA Network+ (Exam N10-005)
CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationVirtualized System Reduces Client s Capital and Maintenance Costs
Virtualized System Reduces Client s Capital and Maintenance Costs Insert Photo Here Steve Malyszko, P. E. President Steve Schneebeli Lead Systems Engineer Rockwell Automation Process Solutions User Group
More informationSecuring E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing. 3203 1346_06_2000_c1_sec3
Securing E-Commerce 1 Agenda The Security Problem IC Security: Key Elements Designing and Implementing 2 The Security Dilemma Internet Business Value Internet Access Corporate Intranet Internet Presence
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationProcess Control Networks Secure Architecture Design
Process Control Networks Secure Architecture Design Guest Speaker Robert Alston Principle Lead Network and Security Consultant Over 25 years network experience including design, implementation, troubleshooting
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationPlant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
Plant-wide Network Infrastructure Agenda Additional On-site Information EtherNet/IP Considerations Logical Design Considerations Physical Layer Design Consideration Testing Considerations Plant-Floor and
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationBest Practices for DanPac Express Cyber Security
March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction
More informationUsing Ranch Networks for Internal LAN Security
Using Ranch Networks for Internal LAN Security The Need for Internal LAN Security Many companies have secured the perimeter of their network with Firewall and VPN devices. However many studies have shown
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationCYBER SECURITY. Is your Industrial Control System prepared?
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationBuilding Secure Networks for the Industrial World
Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationManaging Enterprise Security with Cisco Security Manager
Managing Enterprise Security with Cisco Security Manager Course SSECMGT v4.0; 5 Days, Instructor-led Course Description: The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationNetwork & Security Services Rockwell Automation s Specialist team of Network & Security Specialists
Network & Security Services Rockwell Automation s Specialist team of Network & Security Specialists Sonny Kailola Customer Support & Maintenance (CSM) Rev 5058-CO900D Copyright 2015 Rockwell Automation,
More informationPolicy Based Networks in Process Control Design and Deployment Techniques. Steve Hargis Enterasys Networks
Policy Based Networks in Process Control Design and Deployment Techniques Steve Hargis Enterasys Networks The Evolving Process Control Network Significant increase in use (and dependencies) on standards-based
More information