On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks
|
|
- Rachel Bailey
- 8 years ago
- Views:
Transcription
1 CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro CISUC - DEI, University of Coimbra, Portugal
2 Outline The problem of detecting cyber attacks in Industrial Control Networks mainstream ICT solutions vs. Industrial Control Networks Overview of the CockpitCI Project The CockpitCI Detection Layer The SCADA honeypot as one of the probes of the field network Intrusion Detection System Target hardware platform & support for virtualization Components of the Honeypot Lessons learned 2
3 Industrial Control Systems (ICS) and SCADA Initially, Industrial Control Systems were isolated by nature and limited to the process network, resulting in security by obscurity and isolation. Proprietary protocols with undisclosed documentation (creating a false sense of security) Only manufacturers and attackers knew of failures and vulnerabilities (with both parts having no interest in their disclosure) Meanwhile, ICS evolved to open architectures and standard technologies, highly interconnected with other corporate networks and even the Internet. This move, together with the use of mainstream ICT technologies and the increasing adoption of open, documented protocols, exposed serious weaknesses in SCADA architectures. 3
4 ICS vs. mainstream ICT As a result of such transformations, SCADA architectures are becoming increasingly similar to general ICT systems: Widely available, low-cost Internet Protocol (IP) devices are replacing proprietary solutions, which increases the possibility of cyber security vulnerabilities and incidents. Industrial control systems are adopting generic ICT solutions to promote corporate connectivity and remote access capabilities, and are being designed and implemented using industry standard computers, operating systems and network protocols. While this integration brought new capabilities (meanwhile developed by ICT) it also provided significantly less isolation from the outside world for the industrial control systems. 4
5 ICS vs. mainstream ICT: one size fits all? Protection measures of standard ICT security frameworks (firewalls, IDS, other) may be adapted for the process control and SCADA environments, BUT this introduces some security risks on its own, since some assumptions regarding ICT networks will not hold in ICS (availability comes first!) DMZ! Process network DB Server TCP SYN Flood Corporate network Master Slave Slave PC PC PC 5
6 ICS vs. mainstream ICT: one size fits all? Probably NOT: ICS and ICT systems do have different priorities ICT 1- Confidentiality 2- Integrity 3- Availability ICS 1- Availability 2- Integrity 3- Confidentiality (adapted from ANSI/ISA Security for Industrial Automation and Control Systems - Part 1: Terminology, Concepts, and Models (2007)) This calls for a domain-specific approach to cyber threat detection in ICS systems, designed from the ground up to address its specific characteristics. This kind of SCADA-oriented cyber threat awareness constitutes one of the core contributions of the CockpitCI project. 6
7 Project CockpitCI (Jan/2012-Dec/2014) Aims to develop a multidisciplinary approach to cyber security of Industrial Control Systems, increasing global awareness and enhancing the local intelligence and resilience of the critical infrastructure under attack (even in the case of successful intrusion in parts of the system). Consortium Energy operators: Israel Electric Corporation, Lyse Norway, Transelectrica Romania Industry: Selex Gruppo Finmeccanica (it); itrust (lu) Universities: Coimbra (pt); La Sapienza (it); Roma 3 (it); Surrey (uk) Research institutes: ENEA (it); Henri-Tudor (lu); Multitel (be) Use cases Electricity distribution networks (but applicable to other SCADA systems) Website 7
8 CockpitCI Operation Global Awareness Perimeter IDS Inter-CI Communication network Secure Mediation Network Information exchange with other (interdependent) Critical Infrastructures Integrated Risk Prediction Tool Detection Agents RTU Smart Policies SCADA Control Center RTU 1 RTU n 8 Not directly related with this paper Cyber detection components CI s internal legacy components Communication flows Local Intelligence
9 9
10 The CockpitCI Cyber-analysis and detection layer The CockpitCI project includes a cyber analysis and detection layer that must work as a soft real-time distributed monitoring system and Perimeter Intrusion Detection System (Perimeter IDS). CockpitCI Risk Prediction Tool Perimeter IDS External Sources (topology, policies, inventories, etc.) Interfaces It must be able to develop and deploy detection agents to monitor the potential cyber threats according to the types of networks (SCADA, IP ) and corresponding devices. Detection Agents RTU RTU Detection Agents RTU Detection Agents (net. probes, honeypots...) Field Adaptors Legacy Sources RTU: Remote Terminal Unit (SCADA) 10
11 High-level generic probing architecture: Aggregates several probing and monitoring points, in 3 security zones: ICT Network Operations Network Field Network IT Workstation Master Station 1 Shadow RTU Mon. Port/ Bridged IT Workstation Mon. Port/ Bridged Master Station N... HMI Client Mon. Port/ Bridged... RTU 1 Shadow RTU RTU N Sensors/Actuators IT Network HMI Client Operations Network HoneyPot Field Network Fieldbus Honeypot 11
12 Network Intrusion Detection Systems () On the edge of each zone, monitoring data flow between adjacent zones and external entities. Specialized IDS and probes are required for Field Network. IT Workstation Master Station 1 Shadow RTU Mon. Port/ Bridged IT Workstation Mon. Port/ Bridged Master Station N... HMI Client Mon. Port/ Bridged... RTU 1 Shadow RTU RTU N Sensors/Actuators IT Network HMI Client Operations Network HoneyPot Field Network Fieldbus Honeypot 12
13 Honeypots as one of the probes of the Field Network IDS A device on the field network able to behave like a PLC or RTU. It can use SCADA protocol emulators, with the sole purpose of emulating a vulnerable device used as a decoy to attract intrusion attempts. IT Workstation Master Station 1 Shadow RTU Mon. Port/ Bridged IT Workstation Mon. Port/ Bridged Master Station N... HMI Client Mon. Port/ Bridged... RTU 1 Shadow RTU RTU N Sensors/Actuators IT Network HMI Client Operations Network HoneyPot Field Network Fieldbus Honeypot 13
14 Probably a not-so-new idea SCADA Honeynet Project (2004): Research project from Cisco, simulates several levels of the system stack, protocol, application, hardware Digital Bond s SCADA Honeynet (2006): Simulates a SCADA Programmable Logic Controller (PLC) CockpitCI Honeypot: Suitable for honeypot virtualization or low cost hardware appliances Populate your Field Network with honeypots Modular architecture, allowing for the addition of other SCADA protocols Enhanced event-processing functionalities Interfaces for remote management and event reporting 14
15 Target Hardware Platform: Intel x86 Hardware Architecture Easier to integrate existing software components (operating systems, SCADA emulators, SNMP stacks, security tools...) Easier to port to virtualized Honeypots Small hardware footprint & low cost 50 to 200 Euro per unit, depending on casing and selected hardware platform Adequate performance Well above the requirements of a SCADA honeypot Respectful reliability (based on preliminary and ongoing tests) Much more stable and reliable than initially expected (after some tweaking!) 15
16 Virtualized Honeypot: Standard x86 virtual machine compatible with most virtualization platforms uses a small footprint (CPU, RAM ) physically located at the datacentre, logically located in the field network possible to apply smart redirection of suspicious traffic Physical or hardware Honeypot? Can the attacker discover the physical location of the honeypot? hacking of the field network network physical access to some privileged point of the field network... 16
17 Honeypot Architecture: Key modules: Honeypot Front-End interface Event Monitor Firewall Management Field Network Firewall Modbus API Port Scan Event Correlator Event Tx. Event Assembly Security Mgmt. Platform Watchdog FTPD Redutor SNMPD Filter Honeypot Frontend Interface Event Monitor Modbus Honeypot 17
18 Field Network Firewall Event Correlator Security Mgmt. Platform Modbus API Port Scan FTPD Event Tx. Event Assembly Redutor Watchdog Honeypot - Front-End Interface Provides the entry-points for the attacker Modbus API emulator; accepts Modbus commands and behaves like a real PLC, providing the expected protocol functionality (registers, operations, etc.). FTP service; such as the services found on many commercial PLCs. SNMP management agent; replicates the interface and functionalities found on commercial PLCs. Port Scan detection module; detects any probing activity in the remaining TCP/IP service ports. Easy addition of other services (or other SCADA protocols) Mix of emulated services with real services Each service may be configured to mimic specific behaviours SNMPD Honeypot Frontend Interface Modbus Honeypot Filter Event Monitor 18
19 Field Network Firewall Event Correlator Security Mgmt. Platform Modbus API Port Scan FTPD Event Tx. Event Assembly Redutor Watchdog Event Monitor Processes events generated by the front-end: Events will pass following sequence: Filter (1); Event reduction and aggregation (2); Event Assembly (3); Event Transmission (4). The Filter and Event reduction and aggregation modules pre-process security events, for instance discarding specific events and/or grouping related events, thus optimizing system resources (e.g., processing and network) and increasing scalability in larger ICS scenarios. The Event Assembly module creates the security event messages structured according to IDMEF, an open data format designed for exchanging information about security events. The Event Tx module transmits the generated events to the centralized event correlator, using a secure channel. SNMPD Honeypot Frontend Interface Modbus Honeypot Filter Event Monitor 19
20 Field Network Firewall Event Correlator Security Mgmt. Platform Modbus API Port Scan FTPD Event Tx. Event Assembly Redutor Watchdog Firewall Prevents the attacker from gaining access and turning the honeypot into an attack vector. Modbus Honeypot Allows all incoming connections to the honeypot, but denies connections from the honeypot to the remaining ICS nodes (opposite of a typical firewall configuration!). Connections from the honeypot to the attacker are the only outgoing connections that are allowed. Management Honeypot Frontend Interface Watchdog module for remote management (in-band or out-band, according to the circumstances), allowing to modify the honeypot configurations from an authorized device. The watchdog module also allows some actions to be remotely performed, such as restarting a module. SNMPD Filter Event Monitor 20
21 Back to the Forest 21
22 Lessons Learned: It is possible to develop Field Network Honeypots for SCADA systems, based on inexpensive commercial, of-the-shelf hardware and with strong integration of already existing software components. These field network honeypots constitute an important probe for Intrusion Detection Systems for SCADA field networks. It is simple to integrate these field networks into a larger, distributed detection layer, achieving: local event processing (improve scalability, increase the granularity of event correlation) standardized mechanisms to report processed events to higher layers and a higher-level centralized event processing platform for aggregation of events from multiple sources (e.g. several honeypots, other types of probes). 22
23 Muchas gracias por su atención 23
SANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationWaterfall for NERC-CIP Compliance
Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall
More informationHow to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager
How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationSecurely Connect, Network, Access, and Visualize Your Data
Securely Connect, Network, Access, and Visualize Your Data 1 Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent
More informationIntegrated On-Line Risk Prediction: Think Globally and Act Locally. Dr. Chiara Foglietta, chiara.foglietta@uniroma3.it
Integrated On-Line Risk Prediction: Think Globally and Act Locally Dr. Chiara Foglietta, chiara.foglietta@uniroma3.it Final Workshop Rome, December 16th, 2014 Motivation and Background Power Grid Operating
More informationNetwork Security Infrastructure Testing
Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationSCADA Security Measures
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA SCADA Security Measures
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationCybersecurity on SCADA: risk prediction, analysis and reaction tools for Critical Infrastructures
FP7-SEC-2011-1 Project 285647 Cybersecurity on SCADA: risk prediction, analysis and reaction tools for Critical Infrastructures D6.1 Validation Plan-Final General information Submission date 31/12/2013
More informationIndustrial Firewalls Endpoint Security
Industrial Firewalls Endpoint Security Is there a need for a new type of industrial firewall? Industries have a huge park of different management and control systems to monitor their production. These
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationNuclear Plant Information Security A Management Overview
Nuclear Plant Information Security A Management Overview The diagram above is a typical (simplified) Infosec Architecture Model for a nuclear power plant. The fully-developed model would, for example,
More informationA Resilient Protection Device for SIEM Systems
A Resilient Protection Device for SIEM Systems Nuno Neves University of Lisboa, Portugal http://www.di.fc.ul.pt/~nuno Work with: Alysson Bessani, Miguel Garcia, Eric Vial, Ricardo Fonseca, Paulo Veríssimo
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationFOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW
I/A Series SOFTWARE Product Specifications Logo I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 The I/A Series Intelligent SCADA Platform takes the traditional SCADA Master Station to a new
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationHolistic View of Industrial Control Cyber Security
Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationProceedings of the 13th European Conference on Cyber Warfare and Security
Proceedings of the 13th European Conference on Cyber Warfare and Security The University it of Piraeus Greece 3-4 July 2014 Edited by Andrew Liaropoulos and George Tsihrintzis A conference managed by ACPI,
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationTesting Intelligent Device Communications in a Distributed System
Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems
More informationVulnerability Testing of Industrial Network Devices
Vulnerability Testing of Industrial Network Devices Matthew Franz (mfranz@cisco.com) Critical Infrastructure Assurance Group (CIAG) http://www.cisco.com/go/ciag 2003, Cisco Systems, Inc. All rights reserved.
More informationThe Need to Be Innovative and Agile. Bridging the IT/OT Divide Using Software-defined Solutions
The Need to Be Innovative and Agile Bridging the IT/OT Divide Using Software-defined Solutions IT & OT Think & Behave Differently IT View We run the network OT is the wild, wild west OT doesn t understand
More informationSecurity Event Monitoring (SEM) Working Group
Security Event Monitoring (SEM) Working Group Dale Peterson, SEM WG Chair Digital Bond, Inc. Collaborating to Advance Control System Security Control Systems Are Being Monitored Detecting Intrusions and
More informationSecure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationAn Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015
An Introduction to SCADA-ICS System Security Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015 Overview Supervisory Control And Data Acquisition (SCADA) for Industrial Control Systems
More informationCYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.
21, rue d Artois, F-75008 PARIS D2-102 CIGRE 2012 http : //www.cigre.org CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS Massimo Petrini (*), Emiliano Casale
More informationHoneypot as the Intruder Detection System
Honeypot as the Intruder Detection System DAVID MALANIK, LUKAS KOURIL Department of Informatics and Artificial Intelligence Faculty of Applied Informatics, Tomas Bata University in Zlin nam. T. G. Masaryka
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationSecuring Web Applications...at the Network Layer
Securing Web Applications......at the Network Layer OWASP Spain Chapter Meeting 16 th June, 2006 Barcelona (ES) Carlos Fragoso Mariscal Chief Technical Director carlos@jessland.net Securing Web Applications
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationThis is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCisco PIX vs. Checkpoint Firewall
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
More informationGuideline on Firewall
CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June
More informationBuilding Secure Networks for the Industrial World
Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data
More informationSecure Access into Industrial Automation and Control Systems Best Practice and Trends
Secure Access into Industrial Automation and Systems Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Collaborating to Advance System Security Vendor offers a remote firmware update and
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationImplementing the Application Control Engine Service Module
Course: Implementing the Application Control Engine Service Module Duration: 4 Day Hands-On Lab & Lecture Course Price: $ 2,995.00 Learning Credits: 30 Hitachi HiPass: 4 Description: Implementing the Application
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: July 6, 2015 BID NO.: 15-15060 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF SCADA NETWORK
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationDNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices
DNP SCADA to SCADA Over : Standards, Regulations Security and Best Practices Earl Emerson, Director Systems Engineering RAD Data Communications 2014 Utilities Telecom Council of Canada Motivations for
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationWHITE PAPER. Securing Process Control Networks
WHITE PAPER Securing Process Control Networks WHITE PAPER Securing Process Control Networks Page 1 Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), Programmable Logic
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationSemaphore T BOX Applications in Data Center Facilities
Semaphore T BOX Applications in Data Center Facilities Introduction Data centers must reliably provide 24/7/365 operation. For automation and monitoring of the facility, use of a rugged, reliable RTU is
More informationStateful Inspection Technology
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
More informationΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationSecurity Issues with Distributed Web Applications
Security Issues with Distributed Web Applications Device Connectivity We are entering the era of Device Connectivity, which is the fourth wave of evolution for Internet-enabled applications. The first
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationBuilding the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems
Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Brian McCarson Sr. Principal Engineer & Sr. System Architect, Internet of Things Group, Intel Corp Mac Devine
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationNew Security Perspective for Virtualized Platforms
, July 3-5, 2013, London, U.K. New Security Perspective for Virtualized Platforms Abdelmajid Lakbabi, Said El hajji, Ghizlane Orhanou, Kaouthar Chetioui Abstract Recently, an important transition in IT
More informationTrademark Notice. General Disclaimer
Trademark Notice General Disclaimer Intelligent Management, Centralized Operation & Maintenance Huawei Data Center Network Management Solution A data center is an integrated IT application environment
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More information