Protecting Critical Infrastructure. Secure Fashion. Kevin McPoland GarrettCom
|
|
- Clement Warren
- 8 years ago
- Views:
Transcription
1 Protecting Critical Infrastructure Leveraging Ethernet in a Secure Fashion Kevin McPoland GarrettCom
2 Environment Today Multiple networks/ owners Operations Legacy serial, SCADA, building automation Physical Security Legacy video, IP Video, Building Access Enterprise/ Office Network , web browsing
3 Elements of Utility Cyber Security Enterprise Access Control Center 6-Wall Physical Security Intranet AVP Partners/ Remote Access Internet AMS CMS IDS Electronic Security Perimeter Firewalls AVP: Anti-Virus Protection AMS: Access Mgt. System IDS: Intrusion Detection System CMS: Compliance Mgmt. Sys. Network Critical Substation RTU IED IED RTU Substation Non-critical Assets
4 Overview Switch Security Firewalls Contents Virtual Private Networks Access Management Conclusion
5 What is Security? Office network security = confidentiality Industrial network security = availability l ANSI/ISA-99 Security for Industrial Automation and Control Systems IEC Industrial communication networks - Network and system security NERC CIP Cyber security framework for the identification and protection of Critical Cyber Assets
6 Network Security Prevention of misuse of assets or disruption of operations Focus on improper access and/or corruption of electronic systems Example vulnerabilities: Network hacker: unauthorized access and misuse Inside job: misuse of a system by employee Corruption via virus/worm: e.g., malicious internet software Attacks may be targeted, random or broad-based Requires Defense in Depth with multiple security measures
7 Attacks Attacks have different purposes : System intrusion (hacking) Destruction / sabotage / terrorism Fraud Theft of information Web site attack Revenge Accidental manipulation
8 Attacks What percentage of network security attacks do you believe originate from inside or outside of your company? 13% 4% Inside Outside Don't know 83% Source: AT&T/Economist Intelligence Unit Networking and Business Strategy Survey, March-April 2004
9 Managed Switches
10 Lock it up! Physical Network Security Alternative connectors
11 Password protected Managed Switches Port Security RADIUS Authentication VLAN QoS Rated for harsh environments
12 Physical LAN Operations Enterprise Security
13 Virtual LANs Operations Enterprise Security
14 Firewalls
15 AMHCSRIH NAMHCSRIH NNAMHCSRIH AMHCSRIH NAMHCSRIH NNAMHCSRIH What is a Firewall? A firewall is a system or group of systems that enforces an access control policy between two networks. HIRSCHMANN N N
16 Firewall Functions Basic Protects against attacks from unsecure networks Hides the internal network structure Advanced Access control: when and how may computers may communicate with each other User control: which users can access which services Protocol and Services control: which protocols and services can run over which ports Data control: which data can be transmitted and received Logging, Accounting, and Auditing Alarming during attacks and failures
17 Limitations A firewall offers limited or no protection against: Internal attacks Social engineering attacks Attacks over permitted connections Malware such as Trojans, Viruses, Spyware, Phishing, or damaging active components (ActiveX, Java Applets, JavaScript) Passive attacks (Sniffing the LAN, traffic analysis, etc.) Improper use of mobile computers Removable media
18 Security Deployment Hardened Perimeter Defence in Depth Remote Access
19 Security Scenario - Unprotected Networks Office Network Industrial Network
20 Security Scenario - Hardened Perimeter Office Network
21 Security Scenario - Defence in Depth Office Network
22 Security Scenario - Remote Access Office Network Internet VPN
23 SRIH AMHC SRIH MHC NNA SRIH Hardened Perimeter with Demilitarized Zone Enterprise Network Process Network DMZ HIRSCHMANN PLC NN AMHC NN I/O Historian
24 SRIH AMHC SRIH MHC NNA SRIH What is a DMZ? Enterprise Network Process Network DMZ HIRSCHMANN PLC NN AMHC NN I/O Historian
25 SRIH AMHC SRIH MHC NNA SRIH Functionality of a DMZ Enterprise Network Process Network DMZ HIRSCHMANN PLC NN AMHC NN I/O Historian
26 SRIH AMHC SRIH MHC NNA SRIH SRIH AMHC SRIH MHC NNA SRIH Paired Firewalls with DMZ Enterprise Network Process Network HIRSCHMANN PLC NN AMHC NN NN AMHC N I/O Historian
27 SRIH AMHC SRIH MHC NNA SRIH SRIH AMHC SRIH MHC NNA SRIH Defence in Depth Enterprise Network Process Network HIRSCHMANN Production Cell HIRSCHMANN NN AMHC NN NN AMHC N HIRSCHMANN Production Cell Historian
28 Firewalls and the OSI Model Deep Packet Inspection Application Presentation Session Stateful Inspection Packet Filter Packet Filter Transport Network Data link Physical
29 Stateful Inspection Communication is analyzed at Layer 4 (Transport) The firewall maintains a table of which devices are communicating Data is only allowed through the firewall from the unsecure network if it has been requested from the secure network. Advantages The status of the connection is checked Cheaper and faster than Application Layer Firewalls Disadvantage The data inside the packet is not checked
30 Packet Filter Packets are analyzed and filtered at the Layer 3 (Network) level. Source IP address Source port Destination IP address Destination port Protocol Access Rules define which communication is allowed. Three alternative principles: Deny all (all traffic not explicitly permitted is denied) Laissez faire (all traffic not explicitly denied is permitted) Transparent (all traffic is permitted)
31 Packet Filter Special considerations Only the header of the packet is checked not the enclosed data (payload) Each individual packet is checked, but not the data stream itself Often implemented in a router (Access Control Lists) Advantages Fast to implement Disadvantages Neither the connection nor the data is checked Large number of rules Easy to make a mistake
32 Deep Packet Inspection Examines the data inside a packet Accepts or denies packets based on data values Protocol conformance Ethernet IP TCP/UDP Data Data Packet
33 Firewalls- Good Practice Two-port firewall with no DMZ: Use exact rules Avoid unsecure protocols Firewall(s) with DMZ: No direct communication between networks Combinations of unsecure protocols Disjointed communication
34 Internal and external Firewall Logs Must be checked regularly Somebody must be responsible
35 Firmware Patches Subscribe to the relevant mailing lists Manufacturer User groups CERT security alerts t
36 Change Management Documentation Same change management procedure as an automation network Minimum information Source IP address Source port Destination IP address Destination port Protocol Purpose Requested by Risks Templates from SANS Institute
37 Incident Response Plan Plan in advance Who has authority to make decisions? What are the decision criteria? What steps will be taken?
38 Adding Security to an Existing Network In a perfect world, you design the network security when you design the network. What if you want to add security to an existing network? Most firewalls are routers.
39 NAT / PAT Network Address Translation 1 to n / Port Address Translation All internal IP address are mapped to a single external IP address Hides the protected network s addressing scheme Reduces cost by sharing a single valid Internet address Network Address Translation 1 to 1 Individual internal addresses are mapped to individual external addresses Hides the network addressing while allowing incoming connections
40 Network Address Translation 1:n Maps multiple internal addresses to a single external address Source Source Source Source
41 Network Address Translation 1:1 Maps internal and external addresses 1 to 1. Source Source Source Source
42 Multiple Identical Cells Automation Cell Core Network Automation Cell
43 Virtual Private Networks
44 What is a VPN? A virtual private network (VPN) is a secure, encrypted connection between two points across an insecure network. Information is sent via tunneling, which is the practice of encrypting and encapsulating IP packets.
45 VPN Protocols Point to Point Tunneling Protocol (PPTP) Old protocol Easy to configure Layer 2 Tunneling Protocol Combines best of Microsoft and Cisco VPN protocols IPSec Complex More secure than PPTP Secure Socket Layer (SSL) Browser-based No Client required OpenVPN
46 VPN Topologies C2S Client to Site (C2S) Connecting a single PC to a network for example, a teleworker, a mobile worker, or a support technician C2S connections are usually temporary Requires either: VPN Client software (IPSec-VPN) Windows integrated VPN connection (PPTP-VPN) Suitable web browser (SSL-VPN)
47 VPN Topologies S2S Site to Site (S2S) Connects two networks together, for example Two corporate locations One company to another company Industrial networks across a corporate WAN S2S connections are usually permanent (24x7) Unlike C2S, S2S connections are almost always created using IPSec
48 Symmetric Encryption Symmetric cryptography is based on the usage of a single key The key is secret, but shared The key is used to encrypt and decrypt the data Sender Secret Key Secret Key Receiver Clear text Encrypted text Clear text Algorithms : DES, 3-DES, AES, RS2, RC4,...
49 Asymmetric Encryption Asymmetric encryption is based on the use of: A public key to encrypt the data A private key to decrypt the data Data cannot be decrypted using the public key Sender Public Key Private Key Receiver Clear text Encrypted text Clear text Algorithm : RSA
50 Session Key This system uses a mixture of the previous two systems, without the overheads. Symmetric keys are exchanged using the asymmetric method. The keys can be discarded at the end of the session, or periodically changed during a session Sender Public Key Private Key Receiver Session Key Encrypted Session Key Session Key Algorithm : Diffie-Hellman
51 X.509 Certificate Issuer Validity Issued To Public Key Digital Signature
52 Certification Authority Certificate Internet Explorer Firefox
53 Secure Wireless WEP Wired Equivalent Protocol - Type of encryption used to make data more secure. WEP is an older encryption method and is easily broken. WPA WiFi Protected Access - Type of encryption used to make data more secure. Newer standard and much more secure than WEP. Not supported by some devices due to added hardware support.
54 IEEE Legacy Wireless was first made standard in 1997 by the IEEE 2.4GHz Frequency Very low data rates (1-2Mbps) No encryption standards Little to no interoperability between manufacturers Not widely accepted/used
55 802.11b/g 2.4GHz operation 11-54Mbps Today's Standards WEP/WPA and Radius authentication Interoperability among various manufacturers a 5GHz operation 54Mbps WEP/WPA and Radius authentication Interoperability
56 802.11n Today's Standards 2.4 or 5GHz operation MIMO (Multiple Input Multiple Output) Up to 600Mbps WPA2 and Radius authentication Backwards Compatibility Interoperability RF Diversity built in
57 VPNs Advantages and Disadvantages Advantages Future-proof technology Relatively low cost Can be used to build complex networks Encryption mechanisms ensure confidentiality, integrity, and availability of information Disadvantages Complex to configure and maintain S2S how secure is the connected network? C2S how secure is the Client? Antivirus software Firewall Access from public PCs
58 Access Management
59 Utility Network
60 Remote Access to IED Adapt IED settings as needed Help analyze and correct line faults and otherwise resolve disturbances Identify optimal timing i to repair/replace equipment and systems Make best use of assets by safely operating closer to tolerances Better forecast load to reduce need for spare equipment capacity Streamline operations
61 Impact of NERC/CIP Reduced productivity: IED monitoring and maintenance becomes time-consuming and more costly (e.g., travel time from service centers to substations). Reduced value added by personnel: Inefficient processes force personnel to focus on obtaining access, rather than on making use of the information obtained. Lack of centralization: Staffing shortages and aging workforces are further strained. Increased risks: On-site (at substation) monitoring and maintenance increases risks of errors, outages, and failures; and may compromise worker safety. Reduced employee satisfaction: Inefficient processes are frustrating for employees.
62 NERC/CIP Compliance NERC CIP effectively requires utilities to maintain adequate equipment and system password complexity, address password frequency of change, and change default/factory passwords prior to placing equipment in service. The requirements also affect shared account access, user account access privileges review, and securing accounts after personnel changes. In total, utilities must effectively manage access to protected critical cyber asset information. NERC monitors compliance via periodic compliance audits, and failure to meet the standards can result in fines of up to U.S. $1 million per day.
63 Password Management Challenge Grows Rapidly When Considering System-wide Assets First consider one substation 1 Substation x 30 Devices x 4 Levels of passwords for each device = 120 Passwords to manage But you may manage 1,000 substations 1,000 Substations x 30 Devices x 4 Levels of passwords for each device = 120,000 Passwords to manage!
64 NERC/CIP Password Compliance Indentifying Devices Utilities need to specifically identify and document Critical Cyber Assets (CCAs) in the system. CCAs are typically logged and maintained in a database. Password Complexity Considerations Utilities need to understand the password complexity capabilities for each of the different types of IED included in the list above. Password length and support for special character subsets differ from vendor to vendor and even model to model from the same vendor. Generation of Compliant Passwords Utilities need to design and implement a process to ensure compliant passwords are generated for these specific IEDs. Per NERC CIP standards, passwords must be at least six characters and use special characters. Maintaining Passwords Inventory Utilities need to create and maintain a list of all current IED passwords and a history of all password changes. Maintaining Password Update Frequency Utilities need a method to track the frequency of password changes per IEDs to ensure that all device passwords are changed at least once a year or more often as required.
65 NERC/CIP Password Compliance Maintaining Historical Audit Trail Utilities need a method to track the history of password changes and track who has had access to these passwords. This is typically managed through h manually updated d lists. Protecting IEDs from Unauthorized Access Utilities need a method to secure the list of passwords and control who has access to these lists. Typically, these password lists are stored in a secure network folder, with access to this folder maintained manually. Maintaining Password Update Process Utilities need a method to maintain manual procedures, including detailed password change steps. Maintenance of these procedures can be cumbersome and prone to human error. Notification of Password Changes Utilities need a method to inform operators of password changes because password updates on IEDs typically trigger SCADA alarms. Personnel performing the password updates are usually responsible for manually notifying others of pending changes through phone calls or s sent to operators in advance of the password updates.
66 Access Management System (AMS) Enterprise Access Control Center Intranet AMS Partners/ Remote Access DS RSA CMS Internet Network PC with Access Client AMS: Access Mgt. System CMS: Compliance Mgmt. Sys. RSA: RSA SecureID server DS IED IED RTU Substation DS RTU Substation
67 Access Management Benefits Improved efficiency of expert personnel Improved access of substation data by authorized personnel Enhanced security Reduces risk of injury Minimizes substation disruption Facilitated compliance with NERC CIP legislation, avoiding fines Minimizes disturbances, improving reliability Minimized travel, reducing maintenance costs
68 Conclusion Managed switches provide a range of security features A control network should only be connected to another network via a firewall Use Defence in Depth for maximum protection and availability External network connections, even within a company, should be created using VPNs Access Management provides ease of Password Control and limits access appropriately p
Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationManage Utility IEDs Remotely while Complying with NERC CIP
Manage Utility IEDs Remotely while Complying with NERC CIP Disclaimer and Copyright The information regarding the products and solutions in this document are subject to change without notice. All statements,
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationSECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007
SECURING AN INTEGRATED SCADA SYSTEM Network Security & SCADA Systems Whitepaper Technical Paper April 2007 Presented by: Scott Wooldridge Managing Director of Oceania Citect 1 Abstract This paper discusses
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationREDCENTRIC MANAGED FIREWALL SERVICE DEFINITION
REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationVisa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices
This document is to be used to verify that a payment application has been validated against Visa U.S.A. Payment Application Best Practices and to create the Report on Validation. Please note that payment
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationCatapult PCI Compliance
Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationFBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.
Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationFirewall Security. Presented by: Daminda Perera
Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationWireless Network Standard and Guidelines
Wireless Network Standard and Guidelines Purpose The standard and guidelines listed in this document will ensure the uniformity of wireless network access points and provide guidance for monitoring, maintaining
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationCisco SR 520-T1 Secure Router
Secure, High-Bandwidth Connectivity for Your Small Business Part of the Cisco Small Business Pro Series Connections -- between employees, customers, partners, and suppliers -- are essential to the success
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationAPPENDIX 3 LOT 3: WIRELESS NETWORK
APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationHow To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses
Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCyber Security Where Do I Begin?
ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationHigh Performance, Secure VPN Servers for Remote Utility, Industrial Automation Systems:
High Performance, Secure VPN Servers for Remote Utility, Industrial Automation Systems: Water Pumping Station Security Case Study Industrial Network Security: New Threats The convergence of IT and industrial
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationNetwork Security 101 Multiple Tactics for Multi-layered Security
Security and Resilience for Utility Network Communications White Paper Communications networks represent a partial paradox. The very openness and ubiquity that make them powerful can also present a weakness.
More informationTABLE OF CONTENTS NETWORK SECURITY 2...1
Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationThe Seven Habits of State-of-the-Art Mobile App Security
#mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationHIPAA Compliance and Wireless Networks. 2005 Cranite Systems, Inc. All Rights Reserved.
HIPAA Compliance and Wireless Networks White Paper HIPAA Compliance and Wireless Networks 2005 Cranite Systems, Inc. All Rights Reserved. All materials contained in this document are the copyrighted property
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationCisco SA 500 Series Security Appliances
Cisco SA 500 Series Security Appliances An All-in-One Security Solution to Secure Your Small Business The Cisco SA 500 Series Security Appliances, part of the Cisco Small Business Pro Series, are comprehensive
More informationMOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES
MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single
More informationIntroduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces
Introduction An Overview of the D Industrial Router Product Line Secure Access with VPN Technology in Industrial Networks Outlining the IPsec and VPN capabilities available in the GarrettCom D series of
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationFirewalls and Network Defence
Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationCisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers
Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationNetwork Security and Firewall 1
Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week
More informationIntroduction. Cyber Security for Industrial Applications
Introduction Cyber Security for Industrial Applications By Howard Linton, AEM Global, Belden Inc. Table of Conents Introduction...1 Network Security using Defense in Depth...2 General Industrial Network
More informationProfessional Integrated SSL-VPN Appliance for Small and Medium-sized businesses
Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration
More informationFundamentals of Network Security - Theory and Practice-
Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring
More informationHow To Pass A Credit Course At Florida State College At Jacksonville
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationPayment Card Industry (PCI) Compliance. Management Guidelines
Page 1 thehelpdeskllc.com 855-336-7435 Payment Card Industry (PCI) Compliance Management Guidelines About PCI Compliance Payment Card Industry (PCI) compliance is a requirement for all businesses that
More information