Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. October 2009

Size: px
Start display at page:

Download "Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. October 2009"

Transcription

1 Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies October 2009

2 DISCLAIMER This report was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any employee, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for any third party s use, or the results of such use, or any information, apparatus, product, or process disclosed in this publication, or represents that its use by such third party would not infringe privately owned rights.

3 EXECUTIVE SUMMARY Industrial control systems are an integral part of critical infrastructure, helping facilitate operations in vital sectors such as electricity, oil and gas, water, transportation, and chemical. A growing issue with cybersecurity and its impact on industrial control systems have highlighted some fundamental risks to critical infrastructures. To address cybersecurity issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. A holistic approach, one that uses specific countermeasures to create an aggregated security posture, can help defend against cybersecurity threats and vulnerabilities that affect an industrial control system. This approach, often referred to as defense-in-depth, can be applied to industrial control systems and can provide for a flexible and useable framework for improving cybersecurity defenses. Concerns in regard to cybersecurity and control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to other networks. These concerns have lead to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability can preclude using contemporary cybersecurity solutions. An industrial control system s connectivity to a corporate, vendor, or peer network can exacerbate this problem. This document provides insight into some of the more prominent cyber risk issues and presents them in the context of industrial control systems. It provides commentary on how mitigations strategies can be developed for specific problems and provides direction on how to create a defense-in-depth security program for control system environments. The goal is to provide guidance regarding cyber mitigation strategies and how to apply them specifically to an industrial control systems environment. iii

4 iv

5 KEYWORDS Defense-in-depth, industrial control system, SCADA, process control, cybersecurity, firewall, IDS, intrusion detection, encryption, demilitarized zones, DMZ, security zones, policy and procedures, patch management v

6 vi

7 CONTENTS EXECUTIVE SUMMARY...iii KEYWORDS... v ACRONYMS AND DEFINITIONS... ix 1. INTRODUCTION Background Overview of Contemporary Industrial Control Systems Architectures SECURITY CHALLENGES WITHIN INDUSTRIAL CONTROL SYSTEMS Security Profiles and Attack Methodologies Network Perimeter Security Flaws Attacks Using Common Protocols, i.e., OPC/DCOM Attacks Attack into Control Systems via Field Devices Database and SQL Data Injection Attacks Man-in-the-Middle Attacks Improper or Nonexistent OS and Application Patching Insecure Coding Techniques Improper Cybersecurity Procedures Lack of Control Systems Specific Security Technologies ISOLATING AND PROTECTING ASSETS: DEFENSE-IN-DEPTH STRATEGIES Defense-In-Depth Strategic Framework Architectural Zones Firewalls Packet Filter Firewalls Proxy Gateway Firewalls Host Firewalls Creating Demilitarized Zones Intrusion Detection Systems Policies and Procedures Log and Event Management Security Policy Patch Management Planning and Procedures Security Training Incident Response and Forensics RECOMMENDATIONS AND COUNTERMEASURES Five Key Security Countermeasures for Industrial Control Systems FURTHER READING REFERENCES vii

8 FIGURES Figure 1. Traditional isolation of corporate and control domains...2 Figure 2. Integrated networks....3 Figure 3.Security focus in IT vs. industrial control systems...5 Figure 4. Attacking via databases Figure 5. Layered defense for protection against vulnerabilities (i.e., Buffer Overflow)...14 Figure 6. Strategic framework for cyber defense-in-depth Figure 7. Common architecture zones Figure 8. Firewalls protecting architecture zones Figure 9. Architecture with DMZ deployments...21 Figure 10. Complete defense-in-depth strategy with the intrusion detection system and SIEM Figure 11. Proactive security model viii

9 ARP DCOM DHS DMZ DNP FTP HMI ICCP ICS-CERT IDS IP IT LAN MitM NERC NIST NSA OLE OPC OPSEC PLC RPC SCADA SIEM SQL TCP US-CERT VoIP ACRONYMS AND DEFINITIONS Address Resolution Protocol Distributed Common Object Model U.S. Department of Homeland Security Demilitarized Zone Distributed Network Protocol File Transfer Protocol Human Machine Interface Inter Control Center Communications Protocol Industrial Control Systems Cyber Emergency Response Team Intrusion Detection Systems Internet Protocol Information Technology Local Area Network Man-in-the-Middle North American Electrical Reliability Corporation National Institute of Standards and Technology National Security Agency Object Linking and Embedding OLE for Process Control Operational Security Programmable Logic Controller Remote Procedure Call Supervisory Control and Data Acquisition Security Incident Event Management Structured Query Language Transmission Control Protocol U.S. Computer Emergency Readiness Team Voice-over Internet Protocol WARDIALING Recursive dialing of phone numbers from a modem-enabled PC in an attempt to locate other unadvertised modems resulting in unauthorized access into a computing or Process Control System domain WARDRIVING Recursive searching for wireless access points in an attempt to access a communication network resulting in unauthorized access into a computing or control system domain ix

10 x

11 Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies 1. INTRODUCTION Information infrastructures across many public and private domains share several common attributes regarding information technology (IT) deployments and data communications. This is particularly true in the industrial control systems domain where an increasing number of organizations are using modern networking to enhance productivity and reduce costs by increasing the integration of external, business, and control system networks. However, these integration strategies often lead to vulnerabilities that greatly reduce the cybersecurity posture of an organization and can expose mission-critical industrial control systems to cyber threats. This document provides guidance for developing defense-in-depth strategies for organizations that use control system networks while maintaining multitier information architectures. 1.1 Background The critical infrastructure systems that support major industries, such as manufacturing, transportation, and energy, are highly dependent on information systems for their command and control. While a high dependence on legacy industrial control systems still exists, critical infrastructure systems are migrating to new communication technologies. As a result, common communications protocols and open architecture standards are replacing the diverse and disparate proprietary mechanics of industrial control systems. This replacement can have both positive and negative impacts. On the positive side, the migration empowers asset owners to access new and more efficient methods of communication as well as more robust data, quicker time to market, and interoperability. On the negative side, empowering control system users with contemporary computing capabilities can introduce new risks. Cyber-related vulnerabilities and risks are being created that did not exist when industrial control systems were isolated. A number of instances have illustrated the interdependence 1 of industrial control systems, such as those in the power sector, including the 2003 North American blackout. In order to effectively understand an industrial control system security posture, a risk model is needed that more effectively maps to these complex systems. Control systems can affect things in the physical world, and as a result, the definition of risk as it applies to an industrial control system will need to include consideration for consequences. More specifically, risk can be better defined as a function of vulnerabilities multiplied by threats and consequences. New protocols and communication standards that provide increased interoperability in the industrial control systems community are, in many cases, the same technologies that have been exploited and compromised on the Internet and corporate networking domains. The migration from older legacy-type architectures to modern operating systems and platforms can force industrial control systems to inherit many cybersecurity vulnerabilities, with some of these vulnerabilities having countermeasures that often cannot be deployed in automation systems. Figure 1 illustrates the traditional separation of corporate architectures and control domains. This architecture provided means for data sharing, data acquisition, peer-to-peer data exchange, and other business operations. However, the security of any given system was based on the fact that few, if any, understood the intricate architecture or the operational mechanics of the resources on the controls system local area network (LAN). This security by obscurity generally works well for environments that have no external communication connections, thus allowing an organization to focus on physical security. 1

12 Figure 1. Traditional isolation of corporate and control domains. 1.2 Overview of Contemporary Industrial Control System Architectures The increasing convergence of once-isolated industrial control systems has helped organizations simplify and manage their complex environments. In connecting these networks and introducing IT components into the industrial control system domain, security problems arise because of: Increasing dependency on automation and industrial control systems Insecure connectivity to external networks Usage of technologies with known vulnerabilities, creating previously unseen cyber risk in the control domain Lack of a qualified cybersecurity business case for industrial control system environments Some control system technologies have limited security and are often only enabled if the administrator is aware of the capability (or the security does not impede the process) Many popular control system communications protocols are absent of basic security functionality (i.e., authentication, authorization) Considerable amount of open source information that is available regarding industrial control systems, their operations, and security vulnerabilities. Control systems operational security has historically been defined by industry as the level of reliability of the system to operate safely and efficiently. The total isolation from the external (and untrusted) network allowed the organization to reduce the overall level of communications security to those threats associated with personnel having physical access to a facility or a plant floor. Thus most data communications in the information infrastructure required limited authorization or security oversight. 2

13 Operational commands, instructions, and data acquisition occurred in a closed environment where all communications were trusted. In general, if a command or instruction was sent via the network, it was anticipated to arrive and perform the authorized function because only authorized operators had access to the system. This is a very different approach when looking to provide effective network and IT cybersecurity. Merging a modern IT architecture with an isolated network that may not have any real cybersecurity countermeasures is challenging. Although simple connectivity using routers and switching is the most obvious means to provide interconnectivity, unauthorized access by an individual could result in unlimited access to the systems. Figure 2 shows an integrated architecture that has connections from external sources such as the corporate LAN, peer sites, vendor sites, and the Internet. Figure 2. Integrated networks. From Figure 2, integrated architectures, if compromised, clearly could provide an attacker with various avenues for accessing critical systems, either on the corporate LAN, the control LAN, or even the communications LAN. The very nature of such architectures demands the exchange of data from disparate information sources, of which an attacker could take advantage. 3

14 2. SECURITY CHALLENGES WITHIN INDUSTRIAL CONTROL SYSTEMS Within modern Transmission Control Protocol/Internet Protocol (TCP/IP)-based computing environments, such as the corporate infrastructure for managing the business that drives operations in a control system, technology-related vulnerabilities need to be addressed. Historically, these issues have been the responsibility of the corporate IT security organization, usually governed by security policies and operating plans that protect vital information assets. The main concern as industrial control systems become part of larger conjoined architectures is providing security procedures that cover the control systems domain as well. Contemporary network-based communications have security issues that must be addressed in the control systems domain, because unique vendor-specific protocols and inherent legacy system security may not be adequate to protect mission-critical systems against modern cyber attacks. Examples of vulnerabilities in open system architectures that could migrate to control system domains include susceptibility to malicious software (including viruses, worms, etc.), escalation of privileges through code manipulation, network reconnaissance and data gathering, covert traffic analysis, and unauthorized intrusions into networks either through or around perimeter defenses. With some of the more modern systems, vulnerabilities also include hostile mobile code such as malicious active content involving JavaScript, applets, VBScript, and Active-X. With a successful intrusion into industrial control system networks come new issue such as reverse engineering of control system protocols, attacks on operator consoles, and unauthorized access into trusted peer networks and remote facilities. To fully translate information security and information assurance into the control systems realm, one must understand the key differences between traditional IT architectures and industrial control systems technology. From a mitigation perspective, simply deploying IT security technologies into a control system may not be a viable solution. Although modern industrial control systems often use the same underlying protocols that are used in IT and business networks, the very nature of control systems functionality (combined with operational and availability requirements) may make even proven security technologies inappropriate. Some sectors, such as energy, transportation, and chemical, have time sensitive requirements, so the latency and throughput issues associated with security strategies may introduce unacceptable delays and degrade or prevent acceptable system performance. Several key differences exist between traditional IT environments and control system environments insofar as security is concerned. Figure 3 shows some of the more prominent cybersecurity elements that are common to an organization s security function. Figure 3 also suggests how using these elements in either an IT domain or an industrial control systems domain could be leveraged, and how they are addressed in IT domains as opposed to architectures that run industrial control systems. 2 4

15 Figure 3.Security focus in IT vs. industrial control systems. 2.1 Security Profiles and Attack Methodologies Typically, a modern information network will prioritize the normal security objectives in the following manner a : Confidentiality Integrity Availability HIGH IMPORTANCE HIGH IMPORTANCE LOWER IMPORTANCE However, because of the need for high availability and the operational requirements of industrial control systems, the security objectives for most control entities are reversed: Availability Integrity Confidentiality VERY HIGH IMPORTANCE MEDIUM IMPORTANCE LOW IMPORTANCE a. Generally speaking, criticality of Confidentiality, Integrity, and Availability is determined by the business function, and in many cases order of importance can vary among sectors. However, those systems supporting essential critical infrastructures involving quality of life and human safety (and ones that use control systems) tend to require perpetual availability and high integrity of data. These requirements can overshadow the need to protect the data from unauthorized viewing, unless such breach impacts other critical attributes. 5

16 Control networks are evolving from stand-alone domains to interconnected networks that coexist with corporate IT environments, thus introducing security threats and vulnerabilities. Critical cybersecurity issues that need to be addressed in the industrial control systems domain are many, but some of the more pressing issues include: Backdoors and holes (either intentional or not) in the network perimeter Devices with little or no security features (modems, legacy control devices, etc.) Vulnerabilities in common protocols Attacks on field devices Database attacks Communications hijacking and man-in-the-middle (MitM) attacks Improper or nonexistent patching of software and firmware Insecure coding techniques Improper cybersecurity procedures for internal and external personnel Lack of control systems specific mitigation technologies. Understanding vulnerabilities and the associated attack vectors to exploit them is essential to building effective security mitigation strategies Network Perimeter Security Flaws 3 As in common networking environments, control system domains can be subject to a myriad of vulnerabilities and holes that can provide an attacker a backdoor to gain unauthorized access. Often, backdoors are simple shortcomings in the architecture perimeter, or embedded capabilities that are forgotten, unnoticed, or simply disregarded. Adversaries (threats) often do not require physical access to a domain to gain access to it and will usually leverage any discovered access functionality. Modern networks, especially those in the control systems arena, often have inherent capabilities that are deployed without sufficient security analysis and can provide access to attackers once they are discovered. These backdoors can be accidentally created in various places on the network, but it is the network perimeter that is of greatest concern. When looking at network perimeter components, the modern IT architecture will have technologies to provide for robust remote access. These technologies often include firewalls, public facing services, and wireless access. Each technology will allow enhanced communications in and amongst affiliated networks and will often be a subsystem of a much larger and more complex information infrastructure. However, each of these components can (and often do) have associated security vulnerabilities that an attacker will try to detect and leverage. Interconnected networks are particularity attractive to the attacker, because a single point of compromise may provide extended access due to pre-existing trust established among interconnected resources. The network perimeter has also been extended through the common use of wireless communications, especially for very remote sites. The extended perimeter has opened new holes for attack vectors because unsecured wireless access is a recurring element in many organizations. Such deployments are common due to the ease-of-use of wireless communications as well as a low level of understanding regarding security implications of wireless deployments. Moreover, in the plant floor environment, wireless technology is easier to deploy than traditional wired infrastructures, which can require drilling through walls and laying cable. Vendors have embraced the usefulness of wireless and radio-based communications, and many have full suites of wireless-based solutions. 6

17 Common security issues with wireless communications often include the residual effects of default installations. Attackers, once having discovered wireless communications points, can leverage the inherent functionality of wireless networks to their advantage and take advantage of Service Set Identifier (SSID) broadcasting, limited access controls, lack of encryption, and limited network segmentation. When considering the historical characteristics of control system networks, especially those that impact security because of the presence of plaintext traffic and inherent trust relationships, unauthorized access (via a wireless access point) into the control domain can provide an attacker with a very effective backdoor, often bypassing security perimeters. Some of the more recent research has discovered some significant service-based vulnerabilities in the protocol, weaknesses that could lead to jamming and denial of service. Some after-market modifications to protocol implementations, such as those done to create larger address spaces, can reduce security safeguards to meet interoperability requirements. Although much of the complexity in maintaining secure systems can be avoided by proper patch management programs, a major problem for control system units is when both geography and accessibility to devices are a concern. Disparate control system elements that can be accessed via remote communications require special consideration. Often, if systems are based on commercial operating systems, the attacks can be via denial of service, escalated privilege exploits, or clandestine tools such as a Trojan horse or logic bomb. Modern computing technology has allowed for control system operations to be performed from a distance, and with that the security perimeter has been relocated to the point where the remote access originates. This creates new demands for security administrators in trying to manage these connections while preventing the compromise of vital command and control functions. Compromising a computing resource that has administrative access to a control system is, in many cases, the same as compromising the operator console itself. This concern relates to the interception, modification, and reinjection of control data into a network, or the possibility of an attacker escalating privileges within the control domain to execute engineering level instructions across the control signal communications loop. Information collected from the control systems has always been used by control system owners as a key component in business decision-making, such as in calculating load and demand projections. To support customer service, organizations in many sectors provide data to customers, providers, and affiliates through publicly accessible servers. The data on these servers are usually sourced from the business domain (after it is collected from the control or field operations domain) as well as collected from the public domain. This interconnected capability, as effective as it is, is also a vector for attackers to gain access into the protected business networks and perhaps the industrial control system networks. Attackers can often collect important information from these public servers, including data regarding operations, customers, and file transfers. Moreover, if the servers are compromised, the attackers can escalate their privileges and pivot their attack to compromise back-end business networks or even the control networks. A simple example of this is in the area of Advanced Metering Infrastructure, where energy usage data from customers is aggregated, processed, presented, and used for billing. Because Advanced Metering Infrastructure is a two-way operation, such integrated command and control can also lead to vulnerabilities that, if exploited, could impede utility operations. Organizations with firewalls to separate pubic servers from internal networks often find it hard to defend against these types of attacks. To allow robust information to be provided via external services, such as a web or FTP server, communication must be made from the web server to the internal databases or historians, and this connection is made via the firewall. If deployed without effective security countermeasures, the trust relationship between the firewall and the web server allows data to flow from the external side to the internal domain. If these data are unauthorized and are the product of an attack that 7

18 has compromised the trusted web server, the attacker has a channel to access internal services on the business (or industrial control systems) LAN. In general, a delicate balance exists between business functionality and security. This balance has to be evaluated properly and revisited often. The deployment of modern technology to increase productivity and access requires special attention to prevent backdoors into the business or control system networks Attacks Using Common Protocols, i.e., OPC/DCOM Attacks 4 The impact of modern operating systems on industrial control systems has been significant. Over the last several years, more and more organizations have started to use underlying services in these environments, some of them being the Object Link and Embedding (OLE), Distributed Component Object Model (DCOM), and Remote Procedure Call (RPC). OLE for Process Control (OPC) is a real-time data communications standard based in these services. Many installations are moving away from the Microsoft-based OPC model. However, OPC is still commonly used for efficient connectivity with diverse industrial control systems equipment. Also, OPC is widely deployed on mission critical components of a control systems environment such as, human machine interface (HMI) workstations, historians, and many Enterprise Resource Planning systems highlighting the continued dependency on OPC. A recent study showed that many industrial control systems and their processes would have permanent historical data and production time loss if an OPC service was to become unavailable 5 OPC standards and application programming interfaces that are common in control system environments are OPC Data Access 3.0, OPC Alarms, OPC Data Exchange, and OPC Data-XML. All OPC standards and application programming interfaces are widely supported and used in Windows XP and Windows Server additions. A wide variety of security implications and vulnerabilities have been identified with OPC services and standards. Vulnerabilities range from simple system enumeration and password vulnerabilities to more complex remote registry tampering and buffer overflow flaws. These vulnerabilities expose many industrial control systems with critical risks such as the installation of undetected malware, denial-of-service attacks, escalated privileges on a host, and/or the accidental shutdown of industrial control systems because of an overload flaw. Even though many of these vulnerabilities have solutions and available workarounds, the deployment of these mitigations in industrial control system architectures have not always resulted in success. For example, Windows XP Service Pack 2 by default can change settings on the host machine, making DCOM applications that connect to a remote server unavailable. To ensure compatibility, large scale in-house testing of DCOM and OPC-dependent applications was needed but not completed. Many organizations were impacted by these default settings and have yet to upgrade or change their applications and have skipped upgrading to Service Pack 2. Furthermore, Microsoft has updated their recommended practice for distributed programming, moving toward a service-oriented architecture based on the.net framework and away from DCOM. The lack of support in the future for DCOM and OPC standards, along with the long life cycles of industrial control systems, could see many organizations still deploying OPC and DCOM without any vendor support. Historically, many popular operating systems have a history of being plagued with security vulnerabilities, and when combined with future state deployments that are devoid of vendor support, security problems can manifest in a myriad of ways Attack into Control Systems via Field Devices Industrial control systems architectures usually have a capability for remote access to terminal end points and telemetry devices. In some cases, the field equipment itself has the capability to be accessed a number of ways, including by telephonic or dedicated means. To provide for the collection of operational and maintenance data, some modern equipment has embedded file servers and web servers to facilitate robust communications. Engineers and administrators often have a secondary means of communicating with these field devices using this access capability in addition to other dedicated communications channels. 8

19 For example, many control system architectures are designed to have remote connections using either publicly accessible telephone networks or dedicated lines for modem access. When left unsecured, an attacker can connect remotely with little effort, and the remote connection may be difficult to detect (assuming little monitoring or logging). Secured modems that have user identities and passwords are still susceptible to attacks through war dialing and brute-force cracking. As is often the case, there are often no automated account lockouts based on repeated unsuccessful login attempts. 6 This once considered obsolete reconnaissance method is seeing a rapid resurgence due to Voice-over Internet Protocol (VoIP) and the common knowledge of many critical systems still using dialup for remote control. b In addition, field devices are part of an internal and trusted domain, and thus access into these devices can provide an attacker with a vector into the control systems architecture. By gaining access into a field device, the attacker can become part of the sensor network and tunnel back into the control systems network. Recognizing that field devices are an extension of the control domain, attackers can add these field devices to their list of viable targets to be investigated during reconnaissance and scanning phases of the attack. Although such attacks typically are not possible across serial connections, the security related to the convergence of modern networking protocols and traditional control protocols in remote devices requires attention. If a device is compromised, and the attacker can leverage control over the device and cause unauthorized actions, the attacker can begin to execute a number of procedures, including scanning back into the internal control network, altering the data that will be sent to the control master, or changing the behavior of the device itself. If the attacker decides to scan back into the control network, which would leverage the trust between resources, it may be possible to do so by using the actual communications protocols for the entire control systems domain. This is of particular advantage to the attacker because the connections are not monitored for malicious or suspect traffic. c Database and SQL Data Injection Attacks 7 Database applications have become core application components of industrial control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core control system components and concentrating security efforts against threats specific to those computers or software components. Database security within industrial control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. Databases used by industrial control systems are often connected to databases or computers with web-enabled applications located on the business network. Virtually every data-driven application has transitioned to some form of database. Most use Structured Query Language (SQL), and many will have web interfaces that may be vulnerable to typical web attacks like XSS or SQL injection. The information contained in databases makes them high-value targets for any attacker. When control system databases are connected to business or financial databases or to computers with applications used to access the data, attackers can exploit the communications channel between the two networks and bypass the security mechanisms used to protect the control systems environment. b. Published tools have created software leveraging VoIP systems that can wardial up to a thousand numbers hourly. c. Some intrusion detection systems (IDS) can be updated with industrial control systems signatures to help defend control domains. Usually, these systems are signature-based and will trigger on seeing recognized malicious traffic. In lieu of viable signature, IDS can be deployed to trigger on nonspecific traffic, or upon seeing traffic that is not expected or unusual. See below for the discussion on IDS. 9

20 Figure 4. Attacking via databases. Figure 4 shows an example of the open connectivity between databases. This example illustrates a communication path between the servers that an attacker would be able to leverage to gain access to the control network. Injection into a database with valuable data can have far-reaching effects, especially in a control systems environment where data accuracy and integrity are critical for both business and operational decision-making. The cascading effect of corrupted database content can impact data acquisition servers, historians, and even the operator HMI console. Industrial control systems are more adversely affected by SQL injection than are many general IT databases because they are so reliant on data availability and integrity. Moreover, compromise of key trusted assets, such as a database, creates additional resources the attacker can use for both reconnaissance and code execution. Given the reliance of industrial control systems on the storage, accuracy, and accessibility of command and control data, as well as the prevalence of SQL databases on these types of networks, standard SQL injection techniques against control system components pose a major threat to control systems security Man-in-the-Middle Attacks 8 Control system environments have traditionally been (or been intended to be) protected from nonauthorized persons by air gapping. In these networks, data that flow between servers, resources, and devices are often less secured. Three security issues that arise from assumed trust are (1) the ability for an attacker to reroute data that are in transit on a network, (2) the ability to capture and analyze critical traffic that is in plaintext format, and (3) the ability to reverse engineer control protocols and gain command over control communications. By combining all these, an attacker could assume exceptionally high control over the data flowing in a network, and ultimately direct both real and spoofed traffic to network resources in support of the desired outcome. To do this, a Man-in-the-Middle, or MITM, attack is executed. 10

Control Systems Cyber Security: Defense in Depth Strategies

Control Systems Cyber Security: Defense in Depth Strategies External Report # INL/EXT-06-11478 Control Systems Cyber Security: Defense in Depth Strategies May 2006 Prepared by Idaho National Laboratory Table of Contents Keywords... 3 Introduction... 3 Background...

More information

Control Systems Cyber Security: Defense in Depth Strategies

Control Systems Cyber Security: Defense in Depth Strategies INL/EXT-06-11478 Control Systems Cyber Security: Defense in Depth Strategies David Kuipers Mark Fabro May 2006 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Recommended Practice Case Study: Cross-Site Scripting. February 2007 Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber

More information

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Cyber Security Implications of SIS Integration with Control Networks

Cyber Security Implications of SIS Integration with Control Networks Cyber Security Implications of SIS Integration with Control Networks The LOGIIC SIS Project Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Zach Tudor is a Program

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Protecting Critical Infrastructure

Protecting Critical Infrastructure Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

Vulnerability Analysis of Energy Delivery Control Systems

Vulnerability Analysis of Energy Delivery Control Systems INL/EXT-10-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Cybersecurity considerations for electrical distribution systems

Cybersecurity considerations for electrical distribution systems White Paper WP152002EN Supersedes January 2014 electrical distribution systems Authors Max Wandera, Brent Jonasson, Jacques Benoit, James Formea, Tim Thompson, Zwicks Tang, Dennis Grinberg, Andrew Sowada,

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

Guideline on Auditing and Log Management

Guideline on Auditing and Log Management CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Computer System Security Updates

Computer System Security Updates Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

Seven Strategies to Defend ICSs

Seven Strategies to Defend ICSs INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Best Practices in ICS Security for System Operators. A Wurldtech White Paper Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta. Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

SCADA/Business Network Separation: Securing an Integrated SCADA System

SCADA/Business Network Separation: Securing an Integrated SCADA System SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater

More information

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed

More information

By David G. Holmberg, Ph.D., Member ASHRAE

By David G. Holmberg, Ph.D., Member ASHRAE The following article was published in ASHRAE Journal, November 2003. Copyright 2003 American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. It is presented for educational purposes

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Understanding SCADA System Security Vulnerabilities

Understanding SCADA System Security Vulnerabilities Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen

More information

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

An Introduction to Network Vulnerability Testing

An Introduction to Network Vulnerability Testing CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

PCI Security Scan Procedures. Version 1.0 December 2004

PCI Security Scan Procedures. Version 1.0 December 2004 PCI Security Scan Procedures Version 1.0 December 2004 Disclaimer The Payment Card Industry (PCI) is to be used as a guideline for all entities that store, process, or transmit Visa cardholder data conducting

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe 2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter

More information