HACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de



Similar documents
How To Protect Your Computer From Attack

ABB s approach concerning IS Security for Automation Systems

Computer System Security Updates

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Network Incident Report

Certified Ethical Hacker (CEH)

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

CRYPTUS DIPLOMA IN IT SECURITY

CEH Version8 Course Outline

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Application Intrusion Detection

Innovative Defense Strategies for Securing SCADA & Control Systems

Keyword: Cloud computing, service model, deployment model, network layer security.

Critical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

Integrated Protection for Systems. João Batista Territory Manager

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Designing a security policy to protect your automation solution

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

FORBIDDEN - Ethical Hacking Workshop Duration

A Systems Engineering Approach to Developing Cyber Security Professionals

Certified Ethical Hacker Exam Version Comparison. Version Comparison

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

[CEH]: Ethical Hacking and Countermeasures

CYBERTRON NETWORK SOLUTIONS

Industrial Security for Process Automation

Promoting Network Security (A Service Provider Perspective)

EC Council Certified Ethical Hacker V8

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

Penetration Testing Service. By Comsec Information Security Consulting

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Network and Host-based Vulnerability Assessment

OPC & Security Agenda

Semiconductor Equipment Security: Virus and Intellectual Property Protection Guidelines Harvey Wohlwend harvey.wohlwend ismi.sematech.

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Learn Ethical Hacking, Become a Pentester

NETWORK SECURITY ASPECTS & VULNERABILITIES

BotNets- Cyber Torrirism

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Effective Defense in Depth Strategies

Network Security and the Small Business

Firewall and UTM Solutions Guide

CompTIA Security+ (Exam SY0-410)

DeltaV System Cyber-Security

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

E-BUSINESS THREATS AND SOLUTIONS

Web App Security Audit Services

Evolving Optical Transport Network Security

Who is Watching You? Video Conferencing Security

COB 302 Management Information System (Lesson 8)

Deploying Firewalls Throughout Your Organization

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Protecting Your Organisation from Targeted Cyber Intrusion

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

An Introduction to Network Vulnerability Testing

Security Testing in Critical Systems

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

WEB APPLICATION SECURITY

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Best Practices for DeltaV Cyber- Security

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

Review of Industry Trends & Forecasts


Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Loophole+ with Ethical Hacking and Penetration Testing

What Do You Mean My Cloud Data Isn t Secure?

What is Really Needed to Secure the Internet of Things?

How To Test A Control System With A Network Security Tool Like Nesus

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Transcription:

HACKING RELOADED Hacken IS simple! Christian H. Gresser cgresser@nesec.de

Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security in 2008 hacking trends Lessons learned NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 2

About NESEC Founded 2002 in Freising near Munich/Germany Specialized in IT security and penetration testing Strong Focus on process automation Working concepts and solutions to implement IT security in process automation Interesting penetration tests steel mill, airport, chemical plant, energy plant Close relationship with manufacturer ABB, Honeywell NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 3

Layers of Incidents Public Infrastructure Internet Corporate Infrastructure VPN Branch Office Infrastructure Workplace Infrastructure NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 4

IT-Security is new to automation NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 5

Risks in Production Plants Viruses, Trojans, malicious mobile code 42% of all attacks! Social engineering Denial of service attacks Deficient physical infrastructure Vulnerabilities in the OS and in applications Use of protected/illegal material, private use Hacking and cracking Disasters NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 6

IT Security will become an important requirement Control networks are no longer isolated networks Connection to corporate LANs, remote access (this is often not known or denied by management) Automation systems are no longer specialized platforms They will suffer the same threats as PCs and servers do They are new targets Security controls are often not (yet) implemented Password protection and Antivirus not widely used They are interesting targets Shutting down plants will make you famous (at least in the hacker community, we have seen that already) NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 7

Hacking Cycle Cleanup Footprinting Pillage Scanning Escalation Enumeration Penetration Analysis/Research NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 8

Hacking is easy High Low Intruder Knowledge back doors trojans packet spoofing sweepers disabling audits network mgmt. diagnostics Attack Sophistication session burglaries hijacking exploiting known vulnerabilities password cracking self-replicating code password guessing sniffers Cross site scripting stealth / advanced scanning techniques Staged denial of service attack distributed attack tools www attacks automated probes/scans GUI Attackers 1985 1990 1995 2000 2005 Tools NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 9

Hacking is easy High Low Intruder Knowledge back doors trojans packet spoofing sweepers disabling audits network mgmt. diagnostics Attack Sophistication session burglaries hijacking exploiting known vulnerabilities password cracking self-replicating code password guessing sniffers Cross site scripting stealth / advanced scanning techniques Staged denial of service attack distributed attack tools www attacks automated probes/scans GUI Attackers 1985 1990 1995 2000 2005 Tools NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 10

Some tools are fully automated NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 11

Example Hack This example break-in uses only publicly available free software and information Nmap port scanner to identify the target OS (see: http//www.insecure.org/) Nessus vulnerability scanner to identify the missing patches (see: http//www.nessus.org/) Symantec SecurityFocus Vulnerability Database (see: http://www.securityfocus.com/bid/ or: http://www.milw0rm.com/) Metasploit Exploit Framework (see: http://www.metasploit.org/) Everyone can use these tools! NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 12

Free Vulnerability Databases NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 13

133t hacker sites NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 14

Free Download of all Tools NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 15

What s in the future Microsoft currently does a good job securing their systems There already is a trend to attack different parts in the operating system backup software and anti-virus because agents are installed on all systems completely new environments production plants It is only a matter of time before automation systems will be attacked A good indicator are the SANS Top 20 Internet Security Vulnerabilities see: http://www.sans.org/top20/ NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 16

What s in the future 2006 will be the year of application break-ins widespread automated exploits for media players but also backup software, anti-virus and personal firewalls new and automated attacks against web applications 2007 will be the year of network components exploits for router, switches and all the networking gear Critical infrastructure like DNS will be targeted again 2008 will be the year of embedded and automation systems many issues are fixed, new targets are required these systems are finally connected to the networks NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 17

More attacks! Infection Attempts 900M 800M 700M 600M 500M 400M 300M 200M 100M 0 Polymorphic Viruses (Tequila) Mass Mailer Viruses (Love Letter/Melissa) Zombies Denial of Service (Yahoo!, ebay) Blended Threats (Code Red, Nimda, Slammer) Malicious Code Infection Attempts Network Intrusion Attempts 1997 1998 1999 2000 2001 2002 2003 2004 150,000 125,000 100,000 75,000 50,000 25,000 0 Network Intrusion Attempts 2004 CERT NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 18

More viruses! NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 19

New attack vectors! NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 20

Control System security is different Risk Impact Risk Management Reliability Performance Security Information Technology Loss of data Recover by reboot Safety is a non-issue Occasional Failures tolerated Beta test in field acceptable High throughput demanded High delay and jitter accepted Most sites insecure Little separation among intranets on same site Focus is central server security Control Networks Loss of production, equipment, life Fault tolerance essential Explicit hazard analysis expected Outages intolerable Thorough quality assurance testing expected Modest throughput acceptable High delay a serious concern Tight physical security Information systems network isolated from plant network Focus is edge control device stability NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 21

IT-Security is difficult Aspect of IT Anti-virus Lifetime Outsourcing Patching Change Time criticality Availability Security skills and awareness Security testing Physical security Corporate IT widely used 3-5 years widely used frequent (often daily) frequent delays OK outages OK (overnight) fairly good widely used usually secure and manned Process Control IT often difficult / impossible to deploy 5-20 years rarely used for operations slow (required vendor approval) rare critical, often safety dependent 24 / 7 / 365 poor must be used with care often remote and unmanned NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 22

Timeframe from official patch to released exploits is shrinking Today a patch is decoded in less than 7 days (reverse engineering) Customers have less time to test and verify patches in their environment Exploits get more sophisticated 331 Nimda Days between patch release and exploit 180 151 Welchia/ SQL Slammer 25 Blaster Nachi No simple solution available. Security, incl. patch management and anti virus, has to become a standard procedures as well NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 23

Some vendors still don t understand Response Time for MS Security Update Test 300 250 200 150 100 50 0 vendor A vendor B vendor C vendor D vendor E vendor F vendor G Presented by Ian Henderson, BP at Industrial Cyber Security Conference 15 March 2005, London NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 24

Awareness is Rising Finally ISS gave a presentation on SCADA Security at the Black Hat Federal Conference in January 2006 They found lot s of problems in widely used software OPC has many buffer overflows OPC over DCOM is often very insecure and while analyzing SCADA systems SCADA systems usually have no authentication SCADA systems are usually not patched SCADA systems are much more often connected to the Internet as anyone believes You can go to the store and buy a book on pen-testing that will give you all the knowledge you need to cause a widespread power blackout! NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 25

Shift in awareness necessary Control systems have become very similar to office environments They need to be treated similar Control systems are interconnected to corporate networks or even the internet They need the same (or even better) protection Shift in security awareness: IT security should be part of the initial design process not an add-on later IT security should be part of the standard maintenance procedures not only after an incident Every employee is responsible for IT security NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 26

Multilayered approach necessary Protecting the infrastructure Block access to sensitive parts of the infrastructure (e.g. rooms, buildings), often referred to as physical security Protecting IT-systems Use anti-virus software and install patches to protect systems from viruses, worms and exploits Protecting networks Use firewalls and filters for network segmentation Protecting applications and data Use encryption and VPNs to protect data from unauthorized access User education Train your employees to use and adopt IT security NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 27

Lessons learned I IT security is becoming very important Control networks are no longer isolated networks Automation systems are no longer specialized platforms They are new targets They are interesting targets Hacking Tools are easy to use Everybody can attack and break into systems The tools are readily available If you are not protected, you will be hacked NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 28

Lessons learned II As a customer of process automation systems, ask your vendor these questions: Does my vendor have a coherent policy how vendor patches are tested and verified in combination with your process automation software? Where is this documented? Does my vendor test and verify anti-virus software together with your process automation software? Can my vendor provide guidance to implement security including firewalls, remote access and VPN? What will be the additional costs, if you have to cover the shortcomings of your vendor? Is your vendor prepared for the future? NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 29

Lessons learned III As a vendor of process automation systems, ask yourself these questions: Can you provide your customers a coherent IT security concept, covering all aspects including Security policy Secure connection to corporate network / internet Secure remote access Patch management and anti virus What is your reaction time to customers regarding patch approval and security inquiries? Are you prepared for the future? NESEC Gesellschaft für angewandte Netzwerksicherheit mbh Seite 30

Thank you very much for your attendance Your questions please Christian H. Gresser NESEC GmbH Lichtenbergstrasse 8 D-85748 Garching Tel.: +49 89 5484-2130 Fax: +49 89 5484-2139 email: cgresser@nesec.de Web: http://www.nesec.de/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information