PREEMPTIVE Preventive methodology and tools to protect utilities
|
|
- Merry Hicks
- 5 years ago
- Views:
Transcription
1 PREEMPTIVE Preventive methodology and tools to protect utilities Ignasi Cairó 15 October 2015 Brussels With the financial support of FP7 Seventh Framework Programme Grant agreement no:
2 Main goal The main goal of PREEMPTIVE is to provide an innovative solution for enhancing existing procedures and methods and conceiving tools to prevent against cyber attacks, that target utility companies relying heavily on industrial networks and automated control systems. PREEMPTIVE addresses, in particular, the prevention of cyber attacks against hardware and software systems such as DCS, SCADA, PLC, networked electronic sensing, and monitoring and diagnostic systems used by the utilities networks.
3 Innovative Breakthoughs The strong innovation proposed in PREEMPTIVE is to face the cyber attacks adopting a dual approach techniques that take into account industrial process behaviour (IPB) and communication & software related threats (CATh). (Industrial) process misbehaviours take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. 1. To enhance existing methodological security and prevention frameworks with the aim of harmonizing Risk and Vulnerability Assessment methods, standard policies, procedures and applicable regulations or recommendations to prevent cyber attacks. The PREEMPTIVE methodology proposed will take into account the envisaged innovative technological solutions for preventing and for detecting zero day attacks. 2. To define guidelines for improving Critical Infrastructures (CIs) surveillance. 3. To design and develop prevention and detection tools complaint to the dual approach that takes into account both the industrial process misbehavior analysis (physic domain) and the communication and software anomalies (cyber domain): 4. Industrial process misbehavior detection. 5. Communication & software related threats prevention and detection. 3
4 Industrial networks (intrussion)
5 Electrical Power Gird Control center Model & Simulation Common in Electricity Water & Gas 5
6 Industrial networks vulnerabilities Industrial networks are subject to several types of vulnerabilities. The most common includes: Misconfiguration of software and devices Weak Passwords used Devices communications not encrypted/authenticated System not patched frequently 0- days vulnerabilities Subnetwork not properly isolated/segmented and monitored Commons Operating System used, inheriting their weaknesses Ad-hoc created malware We will use these vulnerabilities to simulate cyber attacks against an industrial network. 6
7 Tools/Techniques Kali Linux Performing penetration test Nmap Network scanning Large networks/single spots In this way we can discover: what hosts are active on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters / firewalls are in use. Other tools relating PLCs, detect MODBUS / TCP ports, etc.
8 Tools/Techniques Other tools that we can use to acquire information are Wireshark ( network sniffer) and Nessus / OpenVas (Vulnerability Scanner). All the information acquired will be used to attack the network with the following tools: Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible and allow to easily gain unauthorized access to a system remotely using brute force or dictionary attack. SQLmap is one of the most effective penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. Metasploit Framework is a powerful tool that helps to simplify the exploitation of a remote target machine. 8
9 Tools/Techniques 1. Simulate a man-in-the-middle attack where we can inject commands to an IED 2. Modify the values of certain values transmitted from/to an RTU to manipulate such values (the variables we should manipulate have to be derived from the process we are simulating) 3. Use a fuzzer to send malformed packet to fields device and see how they react (e.g. if they fail) 4. Use a malware that can be stored on an USB stick and it can infect a SCADA server to send strange commands to field device (e.g. opening a switch)
10 Attacks againts web servier
11 Attacks against internal database
12 Attacks against SCADA server
13 Attacks against PLC/IEDs
14 Attack simulations 14
15 Attacks Strategies Attacking the network from the outside using spear phishing / SQL-injection / brute force / other techniques to penetrate. Then we can use just a simple backdoor to maintain the access to the infected machines [@elisa]. Attacking the network from the inside infected usb-stick[@elisa] Attacking the network obtaining physical access to the RTU e.g. attack scenario (proposed by IREC) inside slide 6 15
16 Secondary Controller (AGC) SG Transformer Voltage inside operating limits PV Attacking the network obtaining physical access to the RTU CB Load WT Voltage inside operating limits 16 16
17 Attack at sec Frequency stabilizes to higher setpoint but inside the tripping limits of breakers System works insufficiently more energy lost balance is restored Frequency (Normal Case) Mech&El. Power, Torque (Normal Case) Turbine power Electrical power Mech&El. Power, Torque (Attack) Frequency (Attack) Frequency stabilizes to higher setpoint but inside the tripping limits of breakers
18 Programming attack Interfacing Simulation- Meas. IREC DSO Forecasts Gateway PC IREC DigSilent To LOG Raw data (*.txt) Bus (V, P, Q, f, Ph) Without DER 1month With DER 1 day 1 SM LOG parser + Modbus TCP/IP server Matlab 4 3 Modbus traffic Maliciuos attack EMS (SCADA) (with forecasts on txt) Injection Maliciuos attack Microgrid (data) concentrator 7 8 Local Controller IREC VITRO 6 5 XML traffic Injection Maliciuos attack IREC Modbus traffic IREC Metering IEDs 18
19 Detection methodologies 19
20 Anomaly detection The first step for the implementation of a anomaly detection system based on negative selection (an Artificial Immune System) is the characterization of the normality. Special common features of Critical Infrastructures (CI): Time series Periodicity (day, week, year pattern) Few consumption patterns Topology changes (discrete changes) Normality in this case is strongly dependent on WHO and WHEN cross checking subspaces (season, type of day) vertical, horizontal, similar comparison. Gathering if labeling is available (type and/or point of measurement) 20
21 Definition of normality In essence, normality is defined upon the concept of similarity Similarity is quantified through suitable metrics. Comparison is made among elements that have shown to be similar or should be similar: must be made in a subset. Different criteria to define subset allows to implement independent crossed detections: Instant snapshot of the whole (and/or subsetset) respect to similar instants Each detector, respect to itself in similar moments (for instance, daily pattern) Among similar detector (for instance, domestic consumption, industrial consumption). 21
22 Definition of normality Clustering ( similar measurement points ) 22
23 Applied examples IREC I: Electrical data ~20 min Time resolution: secondly 300 RTU s Simulated, one set with anomaly PCA No periodicity Continuity in reduced space V-detector train and test (Zhou Ji, Dipankar Dasgupta) t Horizontal (each point represents one instant) 23
24 NIDS A Network Intrusion Detection System (NIDS) identifies attacks by monitoring the traffic over a network /16 network sniffer /16 network sniffer / RTU PLC /16 WP7 General Meeting- Rome 16-Sep
25 Indicators of compromise (IoC) Some examples: Modbus provides (not commonly used) diagnostic functions that are able to reset a device registry IOC: monitor the presence of function code 08 to check for the presence of an attacker trying to change a device behavior Goose has sequential value for the field StNum IOC: monitor non-sequential value for StNum field that might indicate the presence of a spoofing attack DNP3 provides the DFC flag that, if set to 1, indicates a device is busy, hence the master will not communicate with it. IOC: monitor high frequency of DFC=1 which might indicate the presence of a DOS attack 25
26 Project outcome 26
27 PREEMPTIVE software prototype Detection and prediction tool based on a dual approach : low level direct detection and process misbehavior detection Correlation of events/alarm coming from network, host and process detection tool to detect and prevent cyber attacks Laboratory real/virtual environment based on electricity. Availabilty of real Scada data on operational plant Knowledge of operational process. 27
28 Thank You for Your attention! Ignasi Cairó Principal Investigator (IREC) With the financial support of FP7 Seventh Framework Programme Grant agreement no:
Preemptive PREventivE Methodology and Tools to protect utilities
Preemptive PREventivE Methodology and Tools to protect utilities 2014 2017 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 1 Preemptive description Project objectives
More informationPREEMPTIVE PREventivE Methodology and Tools to protect utilities
PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationSemantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids
Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Hui Lin, Adam Slagell, Zbigniew Kalbarczyk, Peter W. Sauer, and Ravishankar K. Iyer Department of Electrical
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationCyber Security of Power Grids
Cyber Security of Power Grids Chen-Ching Liu Boeing Distinguished Professor Director, Energy Systems Innovation Center Washington State University In Collaboration with M. Govindarasu, Iowa State University
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationA. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008
Scada Malware, A Proof of Concept A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008 Outline Motivations Testing Environment
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationEV CHARGING: MAPPING OUT THE CYBER SECURITY THREATS AND SOLUTIONS FOR GRIDS AND CHARGING INFRASTRUCTURE
EV CHARGING: MAPPING OUT THE CYBER SECURITY THREATS AND SOLUTIONS FOR GRIDS AND CHARGING INFRASTRUCTURE UtiliNet Europe Cyber Security Workshop Brussels, Belgium Dr. Christian Hille Dr. Manuel Allhoff
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationResilient Smart Grids
Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationDynamic Risk Management for Cyber Defence
Dynamic Risk Management for Cyber Defence Douglas Wiemer Director, Cyber Security Solutions FP7 Project number 610416 RHEA Group Consortium Participants The User agency: Acea Group Founded in 1909 as the
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationPenetration testing using Kali Linux - Network Discovery
Penetration testing using Kali Linux - Network Discovery by Riazul H. Rozen Sept. 14, 2017 4 minute read Table of Contents Importance of penetration testing Kali Linux in penetration testing Network Discovery
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationMultistage Cyber-physical Attack and SCADA Intrusion Detection
Multistage Cyber-physical Attack and SCADA Intrusion Detection Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Belfast, 26 th August, 2016 Kieran McLaughlin, BooJoong
More informationCybersecurity Test and Evaluation Achievable and Defensible Architectures
Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation
More informationAn Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree P. Radoglou-Grammatikis and P. Sarigiannidis* University of Western Macedonia Department of Informatics & Telecommunications
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationVulnerability Assessment in Smart Grids. Jinyuan Stella Sun UTK Fall 2016
Vulnerability Assessment in Smart Grids Jinyuan Stella Sun UTK Fall 2016 Background Roadmap Contents Vulnerability Assessment of Phasor Networks Defense and countermeasures 2 Background The advent of Smart
More informationUnit 2 Assignment 2. Software Utilities?
1 Unit 2 Assignment 2 Software Utilities? OBJECTIVES Identify software utility types and examples of common software Why are software utilities used? Identify and describe the various networking threats.
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationCompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :
CompTIA CAS-002 CompTIA Advanced Security Practitioner (CASP) Download Full Version : http://killexams.com/pass4sure/exam-detail/cas-002 QUESTION: 517 A security engineer is a new member to a configuration
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationA Model for Penetration Testing
A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationEMS-LECTURE 2: WORKING OF EMS
EMS-LECTURE 2: WORKING OF EMS Introduction: Energy Management systems consists of several applications programs which are used by the operator in a control centre for effective decision making in the operation
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationPOWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks
POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security Business, Opportunities and Risks Overview Cloud, Big Data & Cyber Security Summary Cloud: scalable, adaptable, cost effective but not under
More informationTHREAT LANDSCAPE AT THE UW
THREAT LANDSCAPE AT THE UW JAMES POLAND, CYBER THREAT ANALYST (jwpoland@uw.edu) AND REBEKAH SKIVER THOMPSON, INCIDENT RESPONSE & THREAT INTELLIGENCE MANAGER (bskiver@uw.edu) OFFICE OF THE CHIEF INFORMATION
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationEC-Council - EC-Council Certified Security Analyst (ECSA) v8
EC-Council - EC-Council Certified Security Analyst (ECSA) v8 Code: 3402 Lengt h: URL: 5 days View Online The EC-Council Certified Security Analyst (ECSA) program teaches information security professionals
More informationApplication Security Approach
Technical Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. What is Application Security 7 3. Typical Approaches 9 4. Methodology 11 Page 2 1. INTRODUCTION Page 3 It is a Unsafe Cyber world..
More informationASERCOM cyber-security guideline for connected HVAC/R equipment
ASERCOM cyber-security guideline for connected HVAC/R equipment Preface Many HVAC/R components like compressors, fans or controllers have connectivity features today. This includes Bluetooth, Wi-Fi or
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationCyberFence Protection for DNP3
CyberFence Protection for DNP3 August 2015 Ultra Electronics, 3eTI 2015 DNP3 Issues and Vulnerabilities DNP3 is one of the most widely used communications protocols within the utility space for the purpose
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationData Security at Smart Assessor
Data Security at Smart Assessor Page 1 Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationVulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database
Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client
More informationFuzzy Intrusion Detection
Fuzzy Intrusion Detection John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson Electrical and Computer Engineering Department Iowa State University Ames, IA, USA {jedicker,juslin,koukouso,julied}@iastate.edu
More informationNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING LESS The Threat State Sponsored MORE Terrorism Espionage Criminal NOTE: Hackers increasingly showing more potential to cause greater damage MORE Hacker LESS Occurrence Damage
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationPractical Assessment 0523
Practical Assessment 0523 Build the environment 1. Installing two forest domain controllers for the root domain muduri.com. Role Name FQDN IP address OS Primary DC SDC01 Sdc01.muduri.com 192.168.31.1/24
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationTools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems
Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Presenters: Rima Asmar Awad, Saeed Beztchi Co-Authors: Jared M. Smith, Stacy Prowell, Bryan Lyles Overview Supervisory
More informationSubmitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group (CSSWG) Submitted on behalf of the DOE National SCADA Test
More informationISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationIDE4L project overview and ANM concept. Distributed automation system
ideal grid for all SLIDE 1 04/12/2015 WWW.IDE4L.EU Tampere Dissemination Activity 4 th December 2015 IDE4L project overview and ANM concept Aggregator concept Developed functionalities Distributed automation
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationIndustry 4.0 = Security 4.0?
Competence Series Industry 4.0 = Security 4.0? 1 IT Security made in Europe Industry 4.0 = Security 4.0? Industry 4.0 is the term used to describe the fourth industrial revolution, the future of industrial
More informationCyber Security and Privacy Issues in Smart Grids
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber
More informationExposing vulnerabilities in electric power grids: An experimental approach
Exposing vulnerabilities in electric power grids: An experimental approach International Journal of Critical Infrastructure Protection Luigi Coppolino, S. D Antonio, and L. Romano (Tropea, 24-26 Settembre
More informationTools For Vulnerability Scanning and Penetration Testing
Tools For Vulnerability Scanning and Penetration Testing becky.santos@provandv.com jack.cobb@provandv.com 2017 National Conference State Certification Testing of Voting Systems Austin, Texas wledge To
More informationVulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?
Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationVULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:
VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID: 000205600 What is Penetration A penetration test, is a method of evaluating the security of a
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More information