Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions



Similar documents
13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

An Analysis of the Capabilities Of Cybersecurity Defense

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Stronger than Firewalls And Cheaper Too

Safe Network Integration

How To Protect Your Network From Attack From A Hacker (For A Fee)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

New Technologies for Substation Cyber Hardening

Additional Security Considerations and Controls for Virtual Private Networks

Cyber Self Assessment

Cyber Security Summit Milano, IT

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Security Administration R77

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Does your Citrix or Terminal Server environment have an Achilles heel?

SPEAR PHISHING UNDERSTANDING THE THREAT

SIZE DOESN T MATTER IN CYBERSECURITY

VPN Lesson 2: VPN Implementation. Summary

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Achieving PCI-Compliance through Cyberoam

Data Access Request Service

74% 96 Action Items. Compliance

AppGuard. Defeats Malware

APT Advanced Persistent Threat Time to rethink?

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

10 best practice suggestions for common smartphone threats

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Computer Crime & Security Survey

Managed Security Services for Data

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

INCIDENT RESPONSE CHECKLIST

Basics of Internet Security

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

The User is Evolving. July 12, 2011

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Overcoming PCI Compliance Challenges

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Building A Secure Microsoft Exchange Continuity Appliance

Lesson 5: Network perimeter security

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Telework and Remote Access Security Standard

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Firewalls Overview and Best Practices. White Paper

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT

Secondary DMZ: DMZ (2)

How To Secure An Rsa Authentication Agent

Cyber Essentials Scheme

Section 12 MUST BE COMPLETED BY: 4/22

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Risk Assessment Guide

Ovation Security Center Data Sheet

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SonicWALL PCI 1.1 Implementation Guide

Practical Steps To Securing Process Control Networks

Network Incident Report

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Ovation Security Center Data Sheet

Best Practices for Secure Remote Access. Aventail Technical White Paper

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Cisco Advanced Services for Network Security

Network Security. Mike Trice, Network Engineer Richard Trice, Systems Specialist Alabama Supercomputer Authority

Improving Business Outcomes: Plug in to Security As A Service Adrian Covich

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Inspection of Encrypted HTTPS Traffic

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Cyber Essentials Questionnaire

Securing the Service Desk in the Cloud

An International Perspective on Security and Compliance

Basic Computer Security Part 2

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Payment Card Industry Self-Assessment Questionnaire

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

DMZ Gateways: Secret Weapons for Data Security

PART D NETWORK SERVICES

Transcription:

Access Considered Dangerous Andrew Ginter, VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 2015

"Secure" Access Behind lots of firewalls, and a through a gazillion-bit-encrypted VPN. I have a firewall. I have encryption. I must be safe! Split tunnelling disabled all Internet traffic goes through IT network and IT security Enabled: Check/Security-Enforced Client/Endpoint Security Intermediate jump host completely up to date with anti-virus & security updates Two-factor authentication intrusion detection deployed into and out of jump host Plant DMZ IT / VPN Svr Internet Hotel WIFI Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 2

Plant DMZ IT / VPN Svr Internet Hotel WIFI Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 3

Write some It s a simple matter of programming Plant DMZ IT / VPN Svr Internet Hotel WIFI Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 4

Write some It s a simple matter of programming Wait till the user starts the VPN and gives the VPN passwd Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 5

Write some Wait till the user starts the VPN and give the VPN passwd Wait more till he starts Desktop with the 2- factor dongle Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 6

Write some Wait more till he starts Desktop with the 2-factor dongle Move the Desktop window to an invisible screen Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 7

Write some Move the Desktop window to an invisible screen Show the user a deceptive error message Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 8

Write some Show the user a deceptive error message Give the attacker remote control of the invisible Desktop Attacker Plant DMZ IT / VPN Svr Internet Hotel WIFI Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 9

But How Did You? Get the on the remote laptop? Spear phishing. Defeat anti-virus? Wrote the myself. Escalate privilege? Told the user he was installing a CODEC and asked him politely for admin privileges Defeat 2-factor authentication? Waited to take over the window until the user logged in with the RSA dongle Defeat VPN protection profiles? Didn t have to laptop s AV and security updates were right up to date. Defeat split tunneling? Direct access to networking hardware. Defeat Security Updates? Didn t have to no vulnerabilities were exploited. Defeat NIDS? Hotel room has no NIDS. And the plant NIDS saw only legitimate user logging in, legitimately reprogramming ICS Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 10

IT-Style Access Cybersabotage Attack Model Local Compromised insider Rem targeted Physical Vandalism Autonomous Rem targeted ransomware Drop Erase hard drives Erase hard drives Sleeper Ransomware Vandalism delete files Virus triggers Drop Embarrass Business Sleeper Erase hard drives Organized Crime IT Insider ICS Insider Hacktivist Intelligence Agency Military Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 11

OT Protection: Unidirectional Security Gateways Local Compromised insider Rem targeted Physical Vandalism Autonomous Rem targeted ransomware Drop Erase hard drives Erase hard drives Sleeper Ransomware Vandalism delete files Virus triggers Drop Embarrass Business Sleeper Erase hard drives Organized Crime IT Insider ICS Insider Hacktivist Intelligence Agency Military Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 12

We Can t Restore A Turbine From Backup IT security prevents data theft, not sabotage of physical processes control is the modern attack pattern compromising remote access is only the most obvious remote-control attack Attacks only become more sophisticated we need to think ahead when protecting our industrial networks Unidirectional Security Gateways are modern protection for OT absolute protection from attacks from external networks Unidirectional Gateways defeat interactive remote access Which of our industrial processes and control systems are expendable enough to protect with firewalls? Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information