Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Transcription

1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security Course overview The evolution of networking What is network security? Why has security assumed more importance in recent times? Security in the context of industrial automation systems Information networks vs industrial networks - the similarities and differences Organizational issues Network security solutions Wireless networks Security testing 5 2 Networking Basics Introduction Network topologies Medium Access Control Ethernet Networking components Network architectures and protocols The architecture of real time industrial networks 16

2 3 Network Threats, Vulnerabilities and Risks Introduction Security goal Threats and underlying causes Motivation for threats Knowledge Vulnerabilities Network attacks Security measures Risks resulting from attacks Attack scenarios in public utility systems Common criteria based approach for analysis of threats and vulnerabilities 29 4 An Overview of IP network Security Introduction Why do networks become vulnerable? Weaknesses in the TCP/IP protocol suite Attack mechanisms Preparing for an attack Attack through unauthorized access Attack the data (data diddling) Attack the service through Denial of Service (DoS) Vulnerabilities of OSI layers Network security at the Transport layer Network layer security Data Link layer security 42

3 5 A Comprehensive Approach to Network Security Planning Network security A comprehensive approach to network security planning Risk evaluation Plan for preventive measures Detection of an attack and response Recovery plan Prepare a security policy document Dissemination and implementation Auditing and monitoring of the policy Special guidelines in respect of Industrial Automation networks Negative aspects of Internet access 52 6 Securing a Network by Access Control Introduction What is ACL? What is a firewall? Type of firewalls Packet filter firewalls Stateful inspection firewalls Application-proxy gateway firewalls Dedicated proxy server Hybrid firewalls Security through NAT 60

4 6.11 Port Address Translation (PAT) Host based firewalls Personal firewall and firewall appliances Guidelines for establishing firewalls 62 7 Authentication, Authorization, Accounting (AAA) and Encryption Introduction What is AAA? Authentication Authentication protocols Authorization Accounting AAA Implementation using TACACS+ and RADIUS protocols Use of the remote security database Encryption Encryption implementation 78 8 Intrusion Detection Systems Who is an Intruder and what can he do? Why do Intrusions happen? What are Intrusion Detection Systems? Network-based IDSs Host based systems Comparison of the two types of IDS Choice of IDS system Responding to an attack 86

5 9 VLANs Introduction The need for VLANs Benefits of a VLAN VLAN constraints Operating principle of a VLAN VLAN implementation methods Method of connections Filtering table Tagging VPNs and their Security Introduction The Internet and the new communication paradigm What is a VPN? Types of VPN Requirements for designing a VPN system Defining of policy Functional requirements Scalability Manageability Simplicity Network infrastructure Security VPN protocols 112

6 11 Wireless networks and their security issues Basics of wireless technologies WLANs as per IEEE Security risks Implementation of security measures for industrial networks Security Testing Introduction The need for security testing Security testing over the life cycle of the system Who will be responsible for security testing? Testing techniques Documentation Prioritizing 135 Exercises 137 Appendix 1: 21 steps to improve cyber security of SCADA networks 153 Appendix 2: NISCC Good practice guide on firewall deployment for SCADA and process control networks 165 Appendix 3: Guidelines for deploying WPA and WPA2 207