The SCADA That Didn t Cry Wolf- Who s Really Attacking Your ICS Devices- Part Deux!
|
|
- Melvin Hardy
- 6 years ago
- Views:
Transcription
1 The SCADA That Didn t Cry Wolf- Who s Really Attacking Your ICS Devices- Part Deux!
2 #whoami Threat Researcher at Trend Micro- research and blogger on criminal underground, persistent threats, and vulnerabilities. Bachelor s and Master s in Computer Science. Currently pursuing PhD. Research: -Malware detection/reversing -Persistent Threats (Malware based espionage) -ICS/SCADA Security -Offensive Exploitation
3 This presentation will focus on: Concerns/Overview of ICS Security Who attacks ICS devices? Targeted attackers
4 ICS Overview What are ICS devices? Used in production of virtually anything Used in water, gas, energy, automobile manufacturing, etc. Notoriously insecure in every way Software is sometimes embedded, sometimes not Typically proprietary
5 Glossary HMI: Human Machine Interface IED: Intelligent Electronic Device SCADA: Supervisory Control And Data Acquisition RTU: Remote Terminal Unit Historian: Data Historian Modbus: Most common ICS Protocol DNP3: Very common ICS Protocol
6 Typical ICS Deployment
7 Modbus Oldest ICS Protocol Controls I/O Interfaces (MOSTLY!!!!) No authentication or encryption! (Surprise!!!) No broadcast suppression Vulnerabilities are published
8 DNP3 Used to send and receive messages Complex No authentication or encryption Several published vulnerabilities
9 Security Concerns- ICS vs. Traditional IT Systems ICS Correct commands issued (Integrity) Limit interruptions (Availability) Protect the data (Confidentiality) IT Protect the data (Confidentiality) Correct commands issued (Integrity) Limit interruptions (Availability)
10 Vulnerabilities Are Common In 2012, 171 unique vulnerabilities affecting ICS products. 55 Vendors
11 Google-fu Shodan ERIPP Pastebin Twitter SCADA Internet Facing
12 Story Time Small towns in Australia, Brazil, America, China, Russia, Ireland, and Singapore Water pump controlling water pressure/availability Population combined ~100,000
13 All Internet facing Story Time No security measures in place
14 Attacks Attacked several times Attackers gained access Not made public This is not a story This happened
15 In my basement Attacks
16 Honeypots
17 Honeypots 12 total honeypots 8 different countries Running since Jan, 2013 Combination of *nix, Windows, and embedded systems
18 What They See
19 Architecture
20 Tools Used
21 Vulnerabilities Presented If you can ping it, you own it SNMP vulns (read/write SNMP, packet sniffing, IP spoofing) HMI (Server) Vulnerabilities Authentication limitations Limits of Modbus/DNP3 authentication/encryption VxWorks Vulnerability (FTP) Open access for certain ICS modifications- fan speed, temperature, and utilization.
22 What s an Attack? ONLY attacks that were targeted ONLY attempted modification of pump system (FTP, Telnet, etc.) ONLY attempted modification via Modbus/DNP3 DoS/DDoS will be considered attacks
23 Non-Critical Attack Profile- Source Countries
24 Critical Attack Profile- Source Countries
25 Automated Attacks 16,733 automated attacks over 5 months 16,739 HTTP methods accounted for 605 Unique IP s METHOD COUNT CONNECT 18 GET HEAD 328 INDEX 1 OPTIONS 368 POST 174 PUT 1 TRACE 1 TRACK
26 Automated Attacks Count Data exfiltration attempt Modification of CPU fan speed Modbus traffic modification HMI access Count Modify pump pressure Modify temperature output Shutdown pump system
27 Snort Findings Used Digital Bond s Quickdraw SCADA Snort Rules Custom Snort Rules Created Modbus TCP Unauthorized Read Request to a PLC Modbus TCP Unauthorized Write Request to a PLC DNP3 Unauthorized Read Request to a PLC / DNP3 Unauthorized Write Request to a PLC DNP3 Unauthorized Miscellaneous Request to a PLC
28 Spear Phished TO: OF OUR CITY>.COM Hello sir, I am <name of city administrator> and would like the attached statistics filled out and sent back to me. Kindly Send me the doc and also advise if you have questions. Look forward you hear from you soon...mr. <city administrator name>
29 Cityrequest.doc Decoy doc- not much substance
30 Cityrequest.doc
31 Dropped Files CityRequest.doc File gh.exe dumps all local password hashes <gh.exe w> File ai.exe shovels a shell back to a dump server. < ai.exe d1 (Domain) c1 (Compare IP) s (Service) > Malware communicating to a drop/cnc server in China. exploiting CVE Malware communicating to a drop/cnc server in USA Has been taken down by the US government
32 Execution Upon execution of CityRequest.docx, files leaving the server in question after 5 days. Fake VPN config file Network statistics dump SAM database dump Gain persistence via process migration Won t execute on Office 2010.
33 APT1 Report APT1 (Comment Crew) report released in Feb Included many APT variants we ve seen. One of particular interest was HACKSFASE. Commonly used in energy sector.
34 Examination
35 -Connections seen: Examination
36 IP BeEF Code Analysis Attribution
37 BeEF Usage Detect Tor Get Registry Keys Get_Physical_Location Get_System_Info Get_Internal_IP
38 Attack: Days 1-4
39 Attack: Days 5-17
40 Attacker Profile Most attacks appeared to be non-targeted One appeared to be the work of Comment Crew Many attackers were opportunists
41 Recommendations Disable Internet access to your trusted resources. Where possible. Maintain your trusted resources at the latest patch levels, and ensure you are diligent in monitoring when new patches/fixes are released. Require username/password (two-factor if possible) combinations for all systems, including those that are not deemed trusted. Control contractor access- Many SCADA/ICS networks utilize remote contractors, and controlling how they access trusted resources is imperative.
42 Recommendations Utilize SSL/TLS for all communications to web-based ICS/SCADA systems. Control access to trusted devices. For instance, for access to a segmented network, use a bastion host with ACL s for ingress/egress access. Improve logging on trusted environments, in addition to passing logs to SIEM devices for third party backup/analysis. Utilize Zones- such as BLAN, WLAN, and SCADA. Develop a threat modeling system to your organizationunderstand who s attacking you, and why.
43 Shout Non-Work:
Who s Really Attacking Your!
Who s Really Attacking Your! #WHOAMI Threat Researcher at Trend Micro- research and blogger on criminal underground, persistent threats, and vulnerabili9es. Research Interests: - Malware detec9on/reversing
More informationWho s Really Attacking Your ICS Equipment?
Trend Micro Incorporated Research Paper 2013 Who s Really Attacking Your ICS Equipment? By: Kyle Wilhoit LEGAL DISCLAIMER The information provided herein is for general information and educational purposes
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationSCADA security why is it so hard? Amol Sarwate Director of Vulnerability Engineering, Qualys Inc.
SCADA security why is it so hard? Amol Sarwate Director of Vulnerability Engineering, Qualys Inc. SCADA DCS ICS accidents liquid pipeline failures http://www.ntsb.gov/doclib/safetystudies/ss0502.pdf power
More informationConnect Securely in an Unsecure World. Jon Clay Director: Global Threat
Connect Securely in an Unsecure World Jon Clay Director: Global Threat Communications @jonlclay www.cloudsec.com More devices More data More risks Global Risks Landscape 2018 Source: http://www3.weforum.org/docs/wef_grr18_report.pdf
More informationInternet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008
Internet Security Threat Report Volume XIII Patrick Martin Senior Product Manager Symantec Security Response October, 2008 Agenda 1 ISTR XIII Important Facts 2 ISTR XIII Key Messages 3 ISTR XIII Key Facts
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationMaxwell Dondo PhD PEng SMIEEE
Maxwell Dondo PhD PEng SMIEEE 1 Evolution of grid automation SCADA introduction SCADA Components Smart Grid SCADA Security 2 Traditionally power delivery was unsophisticated Generation localised around
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationSecuring the North American Electric Grid
SESSION ID: TECH-R02 Securing the North American Electric Grid Marcus H. Sachs, P.E. SVP and CSO North American Electric Reliability Corporation @MarcusSachs Critical Infrastructure s Common Denominator
More informationVulnerability analysis of 2013 SCADA issues. Amol Sarwate Director of Vulnerability Labs, Qualys Inc.
Vulnerability analysis of 2013 SCADA issues Amol Sarwate Director of Vulnerability Labs, Qualys Inc. Agenda SCADA components 2013 Vulnerability Analysis Recommendations and Proposals SCADA DCS ICS Accidents
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationI am a power plant. steel mill. supertanker. space station. death star. smart grid. gas pipeline. civil defense siren.
traffic control center civil defense siren smart grid space station steel mill I am a power plant supertanker death star gas pipeline sewage plant wind power station I am a power plant associate professor
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSCADACS SCADACS. SCADA & Computer Security. Find Them, Bind Them Industrial Control Systems(ICS) on the Internet
SCADA & Computer Security SCADACS SCADACS Find Them, Bind Them Industrial Control Systems(ICS) on the Internet Johannes Klick Daniel Marzin Secure Identity Research Group - Freie Universität Berlin PHDays
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationfrom SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015 About ME, Bogdan Matache Cyber Security Specialist Military Technical Academy SCADA Security Specialist InfoSec Institute Auditor ISO 27001
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationIC B01: Internet Security Threat Report: How to Stay Protected
IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1 Topics 1 Targeted Attacks 2 Spam
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationNAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER
NAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER MAY 2018 2018 Radiflow, Ltd. All Rights reserved. The information in this document
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationTTPs for Threat Hunting in Refineries. Dan Gunter Principal Threat Dragos October 2018
TTPs for Threat Hunting in Refineries Dan Gunter Twitter: @dan_gunter Principal Threat Analyst @ Dragos October 2018 Talk Overview Start theoretical, end applied What to do? How to do it? Useful Open Source
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationIndegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack
Indegy Industrial Cyber Security The Anatomy of an Industrial Cyber Attack Today s Presenter Eliminating Security Blindspots in SCADA and Control Networks Presented By: Dana Tamir, VP Marketing, Indegy
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCompTIA Security+ Certification
CompTIA Security+ Certification Course Number: SY0-301 Length: 5 Days Certification Exam This course is preparation for the CompTIA Security+ Certification exam. Course Overview This course will prepare
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationMerge physical security and cybersecurity for field operations.
Security Gateway Merge physical security and cybersecurity for field operations. Small form factor and wide temperature range for cabinet installation on distribution poles and in substation yards. Accelerometer,
More informationConnectivity 101 for Remote Monitoring Systems
Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance
More informationINDUSTRIAL NETWORK RESILIENCE. Davide Crispino Salvatore Brandonisio
INDUSTRIAL NETWORK RESILIENCE Davide Crispino Salvatore Brandonisio Cyber Attacks: A risk among the most feared At the World Economic Forum 2016: «Cyber Attacks are considered to be one of the highest
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationTHREAT LANDSCAPE AT THE UW
THREAT LANDSCAPE AT THE UW JAMES POLAND, CYBER THREAT ANALYST (jwpoland@uw.edu) AND REBEKAH SKIVER THOMPSON, INCIDENT RESPONSE & THREAT INTELLIGENCE MANAGER (bskiver@uw.edu) OFFICE OF THE CHIEF INFORMATION
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationUsing ANSI/ISA-99 Standards to Improve Control System Security
Tofino Security White Paper Version 1.1 Published May 2012 Using ANSI/ISA-99 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. Why the Push for Productivity has degraded
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationThe Claroty Difference
Solution Brief Bringing Clarity To OT Network Claroty enables customers to secure and optimize the industrial control networks that run the world s most critical infrastructure. The company s enterprise-class
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationICS OVERVIEW Terms & Definitions Generic architectures History of ICS. Hands on: Basic PLC Programming. Commonly used ICS protocols
Course Outline ICS OVERVIEW Terms & Definitions Generic architectures History of ICS Hands on: Basic PLC Programming Creating a first Flowchart-based program Creating visualisation Commonly used ICS protocols
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationS4: SCADA Security Scientific Symposium
1 0 S4: SCADA Security Scientific Symposium Field Device Ethernet Card Vulnerabilities 1 1 Leveraging Ethernet Card Vulnerabilities in Field Devices Daniel Peck, Dale Peterson Digital Bond, Inc. Fort Lauderdale,
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service is designed to provide customers
More informationCase Studies, Lessons Learned. Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University
Case Studies, Lessons Learned Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University Case Study Overview 3 different types of cases Troubleshooting We have systems
More informationCybersecurity for IoT to Nuclear
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy
More informationContainers: Exploits, Surprises, And Security
Containers: Exploits, Surprises, And Security with Elissa Shevinsky COO at SoHo Token Labs Editor of Lean Out #RVASec @ElissaBeth on twitter @Elissa_is_offmessage on Instagram this was Silicon Valley in
More informationCybersecurity. Good Practices Guide. HA Issue 1 July 2017
Cybersecurity Good Practices Guide HA032968 Issue 1 July 2017 2017 All rights are strictly reserved. No part of this document may be reproduced, modified, or transmitted in any form by any means, nor may
More informationMultistage Cyber-physical Attack and SCADA Intrusion Detection
Multistage Cyber-physical Attack and SCADA Intrusion Detection Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Belfast, 26 th August, 2016 Kieran McLaughlin, BooJoong
More informationwhoami RUBEN
whoami RUBEN SANTAMARTA @reversemode What are we going to talk about? ELECTRICAL GRID SCADA EMS REGGAETON EXPLOITS REVERSE ENGINEERING Somewhere in rubhenistan... Sirs, we have been informed that reggaetonia
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Broadcast and Multicast Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationFundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code Learning Objective Explain the importance of network principles and architecture
More informationModicon M580 PAC. CSPN Security Target. Version
Modicon M580 PAC CSPN Security Target Version 1.5-1 - Introduction A CSPN security target is a document specifying the scope of a CSPN evaluation [CSPN]. The Security Target serves as a basis for agreement
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationQualys Indication of Compromise
18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities
More informationData Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users
Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More information13 Ways Through A Firewall What you don t know will hurt you
13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions CIPS ICE: The Tech Day 2013 (Calgary) Proprietary Information -- Copyright
More informationIoT in 2016: a serious overview of IoT today and a technical preview of HoneyVNC. By Yonathan Klijnsma
IoT in 2016: a serious overview of IoT today and a technical preview of HoneyVNC By Yonathan Klijnsma Yonathan Klijnsma Senior Threat Intelligence Analyst Perform threat intelligence analysis at keeping
More informationEssentials of Cyber Security Intelligence for Protecting ICS
November 3, 2016 Essentials of Cyber Security Intelligence for Protecting ICS Jeffery S. Bridgland Advisory Board Member N-Dimension Solutions jeff.bridgland@n-dimension.com Lots of Ground to Cover ICS
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationTSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery
TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on how to audit a DNS server when you don t really know anything about DNS Date 17/11/2017 GreHack By Clément
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationAll pictures are taken from Dr StrangeLove movie
All pictures are taken from Dr StrangeLove movie Group of security researchers focused on ICS/SCADA to save Humanity from industrial disaster and to keep Purity Of Essence Sergey Gordeychik Gleb Gritsai
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationIEEE A Perspective on Product Design
IEEE 1711-2010 A Perspective on Product Design Tien Van Tracy Amaio, Ph.D. tvan@sequi.com teamaio@sequi.com INDUSTRIAL CONTROL SYSTEMS (ICS) Characteristics: Long operational life (10+ yrs) Small to large
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationMEDICAL DEVICE SECURITY. A Focus on Patient Safety February, 2018
MEDICAL DEVICE SECURITY A Focus on Patient Safety February, 2018 WHO I AM Adam Brand I Am The Cavalry Director Privacy and Security, Protiviti Focus on Medical Device Healthcare Security Custom EEG Manufacturing,
More informationTools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems
Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Presenters: Rima Asmar Awad, Saeed Beztchi Co-Authors: Jared M. Smith, Stacy Prowell, Bryan Lyles Overview Supervisory
More informationIndustrial Control Systems (In)Security & Suricata
Industrial Control Systems (In)Security & Suricata Founded in 2013 Headquartered in Denver, Colorado, U.S. Leadership industry veterans from McAfee, Palo Alto Networks, Symantec More than $70 million in
More informationHow Can I Reduce Vulnerability to Cyber Attacks? V2.2
How Can I Reduce Vulnerability to Cyber Attacks? V2.2 System Technical Note Cybersecurity Recommendations Design your architecture Important Information Notice People responsible for the application, implementation
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationCybersecurity, Cybercrime, Cyberwar, Cyberespionage...
Cybersecurity, Cybercrime, Cyberwar, Cyberespionage... can How the can Internet the Internet community community make the improve situation security better? Dr. Cristine Hoepers cristine@cert.br! Computer
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More information