The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices

Size: px
Start display at page:

Download "The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices"

Transcription

1 The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices Kyle Wilhoit Sr. Threat Researcher Trend Micro 1

2 Glossary HMI: Human Machine Interface IED: Intelligent Electronic Device SCADA: Supervisory Control And Data Acquisition RTU: Remote Terminal Unit Historian: Data Historian Modbus: Common ICS Protocol DNP3: Common ICS Protocol 10/31/13 2 Confidential Copyright 2012 Trend Micro Inc.

3 Typical ICS Deployment 10/31/13 3 Confidential Copyright 2012 Trend Micro Inc.

4 Modbus Oldest ICS Protocol Controls I/O Interfaces (MOSTLY!!!!) No authentication or encryption! (Surprise!!!) No broadcast suppression Vulnerabilities are published 10/31/13 4 Confidential Copyright 2012 Trend Micro Inc.

5 Security Concerns- ICS vs. IT ICS Correct commands issued (Integrity) Limit interruptions (Availability) Protect the data (Confidentiality) IT Protect the data (Confidentiality) Correct commands issued (Integrity) Limit interruptions (Availability) 10/31/13 5 Confidential Copyright 2012 Trend Micro Inc.

6 Primary Security Concerns HMI: Allows arbitrary command execution as well as set point modifications. Data Historian: Allows inbound traffic to secure network segments. (Replication of data) RTU: Allows remote communication ability And many more

7 Incidents Exist First half of 2013 Over 200 confirmed incidents

8 SCADA Internet Facing Google-fu Shodan ERIPP Pastebin Twitter

9 SCADA Internet Facing

10 Story Time! All Internet facing No security measures in place

11 Attacks Attacked several times- over a period of months Attackers gained access Exfiltrated data Not made public This is not a story This happened

12 Story Time! In my basement

13 Enter Honeypots

14 12 total honeypots 8 different countries Running since Jan, 2013 Phase 1: Combination of *nix, Windows, and embedded Nov March systems 2013

15 Physical Deployment Small town in rural America Water pump controlling water pressure/ availability Population 18,000~ 10/31/13 15 Confidential Copyright 2012 Trend Micro Inc.

16 Physical Deployment Fake water pressure system Internet facing Very little security measures in place Could cause catastrophic water pressure failures if compromised 10/31/13 16 Confidential Copyright 2012 Trend Micro Inc.

17 What They See 10/31/13 17 Confidential Copyright 2012 Trend Micro Inc.

18 Physical Deployment 10/31/13 18 Confidential Copyright 2012 Trend Micro Inc.

19 Attack Profile- Country of Origin 2% 2% 2% 2% US 2% 2% 6% 19% LAOS UK 2% 2% 4% 12% CHINA NETHERLANDS 8% JAPAN 35% BRAZIL POLAND 10/31/13 19 Confidential Copyright 2012 Trend Micro Inc.

20 12 total honeypots 8 different countries Running since Jan, 2013 Phase 2: Combination of *nix, Windows, and embedded March July systems 2013

21 Virtualized Environment Water pump controlling water pressure/ availability Population combined ~50 million

22 Logically 10/31/13 22 Confidential Copyright 2012 Trend Micro Inc.

23 Architecture

24 Some Tools Used Modbus.py OpenDNP3 Pi- Face

25 Vulnerabilities Presented If you can ping it, you own it SNMP vulns (read/write SNMP, packet sniffing, IP spoofing) Specific ICS Vendor vulnerabilities HMI (Server) Vulnerabilities Authentication limitations Limits of Modbus/DNP3 authentication/encryption VxWorks Vulnerability (FTP) Open access for certain ICS modifications- fan speed, temperature, and utilization.

26 What s an Attack? ONLY attacks that were targeted ONLY attempted modification of pump system (FTP, Telnet, Modbus, set points, etc.) ONLY attempted modification via Modbus/DNP3 DoS/DDoS will be considered attacks

27 -74 attacks Total Attacks

28 Non-Critical Attack Profile- Source Countries -63 non-critical attacks

29 Critical Attack Profile- Source -11 critical attacks Countries

30 Some Attack Stats Data exfiltration attempt Modification of CPU fan speed Modbus traffic modification HMI access Modify pump pressure Modify temperature output Shutdown pump system

31 Spear Phished TO: OF OUR CITY>.COM Hello sir, I am <name of city administrator> and would like the attached statistics filled out and sent back to me. Kindly Send me the doc and also advise if you have questions. Look forward you hear from you soon...mr. <city administrator name>

32 Cityrequest.doc Decoy doc- not much substance

33 Cityrequest.doc

34 Dropped Files CityRequest.doc File gh.exe dumps all local password hashes <gh.exe w> File ai.exe shovels a shell back to a dump server. < ai.exe d1 (Domain) c1 (Compare IP) s (Service) > Malware communicating to a drop/cnc server in China. exploiting CVE Malware communicating to a drop/cnc server in USA X X Has been taken down by the US government

35 Execution Upon execution of CityRequest.docx, files leaving the server in question after 5 days. Fake VPN config file Network statistics dump SAM database dump Gain persistence via process migration Won t execute on Office 2010.

36 Exfiltration: Days 1-4

37 Exfiltration: Days 5-17

38 APT1 Report APT1 (Comment Crew) report released in Feb Included many APT variants we ve seen. One of particular interest was HACKSFASE. Commonly used in energy sector.

39 Examination

40 Attribution 10/31/13 40 Confidential Copyright 2012 Trend Micro Inc.

41 IP BeEF Code Analysis Attribution

42 BeEF Usage Detect Tor Get Registry Keys Get_Physical_Location Get_System_Info Get_Internal_IP

43 Attacker Profile Most attacks appeared to be non-targeted Many attackers were opportunists Some were targeted

44 Some Takeaways Red team/blue team often Perform specialized vulnerability assessments Control contractors Perform basic security controls Network segmentation Two-factor authentication Patch your stuff! Lockdown external media Manage vulnerabilities Classify your data/assets etc.

45 Shout Non-Work:

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro ICS, SCADA, and Non-Traditional Incident Response Kyle Wilhoit Threat Researcher, Trend Micro 1 $whoami Threat Researcher, FTR, Trend Micro Threat Researcher at Trend Micro- research and blogger on criminal

More information

Who s Really Attacking Your ICS Equipment?

Who s Really Attacking Your ICS Equipment? Trend Micro Incorporated Research Paper 2013 Who s Really Attacking Your ICS Equipment? By: Kyle Wilhoit LEGAL DISCLAIMER The information provided herein is for general information and educational purposes

More information

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!?

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? What we are not going to discuss: Understand, I am not a computer guru. My knowledge is probably more limited

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

SECURITY TRENDS & VULNERABILITIES REVIEW 2015 SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall

More information

Post-Access Cyber Defense

Post-Access Cyber Defense Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we

More information

Holistic View of Industrial Control Cyber Security

Holistic View of Industrial Control Cyber Security Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

Stephen Coty Director, Threat Research

Stephen Coty Director, Threat Research Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst

More information

The SCADA That Didn t Cry Wolf

The SCADA That Didn t Cry Wolf A Trend Micro Research Paper The SCADA That Didn t Cry Wolf Who s Really Attacking Your ICS Equipment? (Part 2) Kyle Wilhoit (Trend Micro Forward-Looking Threat Research Team) Contents Introduction...3

More information

APT Advanced Persistent Threat Time to rethink?

APT Advanced Persistent Threat Time to rethink? APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT

More information

CISCO IOS NETWORK SECURITY (IINS)

CISCO IOS NETWORK SECURITY (IINS) CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.

More information

ICS/SCADA Security Analysis of a Beckhoff CX5020 PLC

ICS/SCADA Security Analysis of a Beckhoff CX5020 PLC ICS/SCADA Security Analysis of a Beckhoff CX5020 PLC Gregor Bonney, Hans Höfken, Benedikt Paffen and Marko Schuba FH Aachen, University of Applied Sciences, Eupenerstr. 70, Aachen, Germany {bonney, hoefken,

More information

From SCADA and ICS to the Internet of Things. Andy Swift Infrastructure Team Lead CNS Group

From SCADA and ICS to the Internet of Things. Andy Swift Infrastructure Team Lead CNS Group From SCADA and ICS to the Internet of Things. Andy Swift Infrastructure Team Lead CNS Group Industrial Systems They underpin many of the manufacturing process that make modern day life possible; water

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) : Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)

More information

I N T E L L I G E N C E A S S E S S M E N T

I N T E L L I G E N C E A S S E S S M E N T I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document

More information

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed) 01.1 Purpose

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt

More information

Potential Targets - Field Devices

Potential Targets - Field Devices Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to

More information

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

CH ENSA EC-Council Network Security Administrator Detailed Course Outline CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical

More information

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

EITC Lessons Learned: Building Our Internal Security Intelligence Capability

EITC Lessons Learned: Building Our Internal Security Intelligence Capability EITC Lessons Learned: Building Our Internal Security Intelligence Capability SESSION ID: SEC-W08 Tamer El Refaey Senior Director, Security Monitoring and Operations Emirates Integrated Telecommunications

More information

Uroburos Highly complex espionage software with Russian roots

Uroburos Highly complex espionage software with Russian roots G Data Red Paper 2014 Uroburos Highly complex espionage software with Russian roots G Data discovers alleged intelligence agency software G Data SecurityLabs Contact: intelligence@gdata.de Red Paper_February-2014

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Overview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL)

Overview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL) 1 Overview Introduction WINE TRIAGE Zero day analysis Conclusions 2 5 locations: USA: Mountain View (CA), Culver City (CA), Herndon (VA) Europe: Dublin (IE), Sophia Antipolis(FR).. 4 thematic domains:

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

More information

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000 Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative November 2014 Disclaimer Current SCADA Vulnerability Factors Industrial Control Systems 101 Proposed Countermeasures

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved 18570909 CPA SECURITY CHARACTERISTIC REMOTE DESKTOP Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for CPA Security Characteristic Remote Desktop 1.0 Document History

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

Best Practices for a BYOD World

Best Practices for a BYOD World Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile

More information

Networking: EC Council Network Security Administrator NSA

Networking: EC Council Network Security Administrator NSA coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

Who is Watching You? Video Conferencing Security

Who is Watching You? Video Conferencing Security Who is Watching You? Video Conferencing Security Navid Jam Member of Technical Staff March 1, 2007 SAND# 2007-1115C Computer and Network Security Security Systems and Technology Video Conference and Collaborative

More information

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

Exploiting Access Control and Facility Management Systems. Billy Rios Director of Threat Intelligence Qualys

Exploiting Access Control and Facility Management Systems. Billy Rios Director of Threat Intelligence Qualys Exploiting Access Control and Facility Management Systems Billy Rios Director of Threat Intelligence Qualys About:Me Qualys Director of Vulnerability Research and Threat Intelligence SpearPoint Security

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Safe Network Integration

Safe Network Integration UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright

More information

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Security Intelligence and Analytics in Industrial Systems

Security Intelligence and Analytics in Industrial Systems Users Group Europe, Middle East and Africa Security Intelligence and Analytics in Industrial Systems Eric D Knapp, About the Presenter Eric D. Knapp Global Director of Cyber Security Solutions and Technology

More information

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services Introduction -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services (c) Levente Buttyán (buttyan@crysys.hu) Attack, threat, and vulnerability security

More information

Customer Service Description Next Generation Network Firewall

Customer Service Description Next Generation Network Firewall Customer Service Description Next Generation Network Firewall Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Interoute Communications Limited

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter

More information

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity. Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July

More information

Why Can t We Be Friends?

Why Can t We Be Friends? Why Can t We Be Friends? Monitoring the Server Room by Introducing Modbus to SNMP Stanley Liu Product Manager, Data Acquisition & Control Division Overview IA devices are very useful for monitoring server

More information

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

Securely Connect, Network, Access, and Visualize Your Data

Securely Connect, Network, Access, and Visualize Your Data Securely Connect, Network, Access, and Visualize Your Data 1 Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent

More information

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES INTRODUCTION Cybersecurity has become an increasing concern in the medical device

More information

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY Firewall Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator: Recommended by Director

More information

Symantec Managed Security Services The Power To Protect

Symantec Managed Security Services The Power To Protect Symantec Managed Security Services The Power To Protect Peter Sparkes Senior Director, Cyber Security Services Asia Pacific & Japan Symantec Managed Security Services Cyber Security Services 1 Expanding

More information

PRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA. Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA

PRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA. Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA PRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA Who cares about network printers? Why should anybody care about securing the printers when there

More information

Assessment and Remediation of Vulnerabilities

Assessment and Remediation of Vulnerabilities Assessment and Remediation of Vulnerabilities in the SCADA and Process Control Systems of Utilities Copyright 2005 Internet Security Systems, Inc. All rights reserved worldwide Assessment and Remediation

More information

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised

More information

Introduction to Network Discovery and Identity

Introduction to Network Discovery and Identity The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity

More information

Medical Device Security: The Transition From Patient Privacy To Patient Safety. Scott Erven

Medical Device Security: The Transition From Patient Privacy To Patient Safety. Scott Erven Medical Device Security: The Transition From Patient Privacy To Patient Safety Scott Erven Who I Am Scott Erven Associate Director Medical Device & Healthcare Security Security Researcher Over 15 Years

More information

Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013

Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Outline Genesis - why we built it, where and when did the idea begin Issues

More information

A Love Affair: Cyber Security, Big-data and Risk

A Love Affair: Cyber Security, Big-data and Risk A Love Affair: Cyber Security, Big-data and Risk Mark Seward, Senior Director Security and Compliance, Splunk Inc. Professional Techniques - Session 31 Security what s at stake On average, organizations

More information

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR 場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance

More information

Cisco Configuring Secure Shell (SSH) on Cisco IOS Router

Cisco Configuring Secure Shell (SSH) on Cisco IOS Router Cisco Configuring Secure Shell (SSH) on Cisco IOS Router Table of Contents Configuring Secure Shell (SSH) on Cisco IOS Routers...1 Contents...1 Introduction...1 Hardware and Software Versions...1 SSHv1

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent

More information