Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017

Similar documents
Training for the cyber professionals of tomorrow

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

5. Execute the attack and obtain unauthorized access to the system.

Securing Your Microsoft Azure Virtual Networks

IC32E - Pre-Instructional Survey

T22 - Industrial Control System Security

Securing Your Amazon Web Services Virtual Networks

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Cyber Security Audit & Roadmap Business Process and

Frequently Asked Questions November 25, 2014 CIP Version 5 Standards

External Supplier Control Obligations. Cyber Security

IE156: ICS410: ICS/SCADA Security Essentials

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Dynamic Datacenter Security Solidex, November 2009

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Passive Real-time Asset Inventory Tracking and Security Monitoring of Grid-edge Devices

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

ASA/PIX Security Appliance

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CIP V5 Implementation Study SMUD s Experience

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Cisco SR 520-T1 Secure Router

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Security Considerations for Cloud Readiness

A. Introduction. Page 1 of 22

CS 356 Operating System Security. Fall 2013

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Identity-Based Cyber Defense. March 2017

The following topics describe how to manage various policies on the Firepower Management Center:

epldt Web Builder Security March 2017

CoreMax Consulting s Cyber Security Roadmap

Network Defenses 21 JANUARY KAMI VANIEA 1

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Understanding Cisco Cybersecurity Fundamentals

Datacenter Security: Protection Beyond OS LifeCycle

Securing Industrial Control Systems

Securing Plant Operation The Important Steps

SECURITY PRACTICES OVERVIEW

Web Security. Outline

NETWORK THREATS DEMAN

Copyright 2011 Trend Micro Inc.

Virtual Dispersive Networking Spread Spectrum IP

CIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

N-Dimension n-platform 340S Unified Threat Management System

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Building Resilience in a Digital Enterprise

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

Cyber Security and Substation Equipment Overview

GUIDE. MetaDefender Kiosk Deployment Guide

MODERN DESKTOP SECURITY

Dr. Johan Åkerberg, ABB Corporate Research, Sweden, Communication in Industrial Automation

NETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi

Understanding Perimeter Security

Practical Network Defense Labs

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Network Security: Firewall, VPN, IDS/IPS, SIEM

Cisco Firepower NGFW. Anticipate, block, and respond to threats

McAfee Embedded Control for Retail

Project CIP Modifications

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Security Assessment Checklist

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Implementing Cisco Network Security (IINS) 3.0

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

SEL-3620 ETHERNET SECURITY GATEWAY

W11 Hyper-V security. Jesper Krogh.

68 Insider Threat Red Flags

Network Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014

ABB Inc. April 20, 2011 Slide 1

The Common Controls Framework BY ADOBE

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Security Considerations for IPv6 Networks. Yannis Nikolopoulos

Compliance Exception and Self-Logging Report Q4 2014

Virtual Security Gateway Overview

DRAFT Cyber Security Incident Reporting and Response Planning

Un SOC avanzato per una efficace risposta al cybercrime

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users

ICS Security Monitoring

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

A (sample) computerized system for publishing the daily currency exchange rates

Why Are We Still Being Breached?

Driving the Next Generation of Audit and Compliance Solutions with Zero Trust Networks. Kevin Saucier Compliance Practice Lead Conventus Corporation

Project Modifications to CIP Standards

COMPUTER NETWORK SECURITY

How Breaches Really Happen

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Firewalls (IDS and IPS) MIS 5214 Week 6

Implementing Cisco Cybersecurity Operations

Transcription:

1 Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017

Overview 2 Defense-In-Depth Verses layered defense Verses Enhanced Security NERC Reliability Standards examples Classic implementation Blocking unwanted traffic Dealing with allowed traffic Graceful Degradation Defending against Dave

Defense-in-Depth vs- Layered Defense 3 Many references say they are the same thing multiple controls designed to slow down an attacker. Let s look at each one and an additional security enhancement technique Layered Defense Defense-in-Depth Enhanced Security

Layered Defense 4 Focused on protecting assets At a minimum two preventative controls and a Detective control Firewall [Traffic Monitor, IDS, IPS] Firewall Layered Defense can occur at any OSI layer Network layer Firewall (P), IPS (P), IDS (D), Operating System layer - Antivirus (D), Whitelisting (P) Application Layer - SQL Injection check (P), DB Views (P) Controls must be selected to meet performance criteria (P) Preventive Control, (D) Detective Control

Defense-in-Depth 5 Focused on protecting functions Provides opportunity for implementing graceful degradation More difficult to implement after-the-fact

Enhanced Security 6 Enhanced Security utilizing all or many of the builtin security controls of a given appliance or application. Firewalls Physical Security Microsoft VMware

Enhanced Security Firewalls 7 Utilizing Application Inspection tailoring to your environment Setting protocol timers to minimums for environment Implementing fully qualified domain name (FQDN) Access Control Lists (ACLs) requires advanced planning Implement Black-hole routing Implement Unicast Reverse Path Forwarding

Enhanced Physical Security 8 Physical Security Enhancements Video Surveillance Automatic location tracking Code of Conduct forms Multi-factor Internal physical separation, no one large PSP Badge in and out track and alarm on inside of PSP timers Implement Man-Traps

Enhanced Microsoft Security 9 Removal of unneeded Applications, network bindings, etc. Microsoft Windows Defender Microsoft Windows Firewall Implement Role based access To remove access: Change group, change password, disable account

NERC Reliability Standards CIP-006-6 R1 11 Two or more physical access controls (P) Monitor for unauthorized access (D) Check for patches every 35 days (P) Deter, detect or prevent malicious code Authenticate Access (P) Preventive Control, (D) Detective Control

NERC Reliability Standards TOP, TPL, EOP 12 Protect the functions performed by the TOP Monitoring and Controlling Voltage Maintaining stable system configuration Planning for contingencies Designed to buy time to address breach full capability maintained

Traditional Design 13 ESP Operators EMS

Defense-In-Depth 14 ESP Operators EMS

Things to consider: Attack Vectors 15 What about services we allow through the Firewall? Microsoft patching servers Firewall rules based on Domain Names Server (DNS) DNS Poisoning can result in tunnel through your firewall How to Defense-In-Depth across threat vectors Primary control (Firewall) is made ineffective via DNS poisoning Assume authorized access path is fully compromised Access Control List (ACL) allows Microsoft s DNS Windows Server Update Service (WSUS) server WSUS compromised

Defense-In-Depth Authorized Traffic 16 Firewalls implement access control, blocking unwanted access How do we control authorized access? Detection, Prevention and scanning technologies Requires deep packet inspection Must have controls at point of termination Any service running on a server What is the impact if service is unavailable Tailoring access based on system conditions Internet emergency stop button (System Operations call this conservative operations)

Graceful Degradation 17 Graceful degradation is the ability of a computer, machine, electronic system or network to maintain limited functionality even when a large portion of it has been destroyed or rendered inoperative. The purpose of graceful degradation is to prevent catastrophic failure. Utilizes Defense-in-Depth concept controlling breath of access.

Graceful Degradation Implementation 18 Initial design to meet functional requirements Add standard security controls (CIP controls) Assume each control can be breached or bypassed (one at a time) Redesign system to prevent total failure Micro segmentation Port Security Quality of Service (QoS) Black-Hole routing Many others depending on function being protected

Must know the functions you are trying to protect 19 Prioritize system operations functions State Estimator Contingency Analysis engine Calculating ACE if BA Monitoring system configuration, voltages and currents Are some RTUs more important that others?

Defense-In-Depth 20 ESP

Virtual Environment Considerations 21 Knowledge is power Combating Virtual Machine (VM) sprawl Virtual Machine Introspection (VMI) Software-defined data center software running on top of a Hypervisor providing abstracted access to resources

Virtual Environment Considerations 22 Placing Firewalls Physical World The Edge of Security or Trust Zones Within the physical machines or operating systems Virtual World The Edge of Security or Trust Zones Before each virtual NIC using introspective firewalls (Vpath) Within the virtual machines or operating systems

23

Defending Against Dave 24 Type of threat Script Kiddy, Nation State, Insider Dave Rogue employee with Admin wrights could cause havoc Ways to address Two factor authentication, something you: Something You Are Something You Know Something You Have Require two authentication factors from one individuals Consider Key Escrow for all Crypto Graphic deployments

Defending against Dave 25 Humans are a integral part of the functions we are trying to protect Administrators to the system Operators within the system Must have Quality and Analysis (QA) process for system and appliance builds Design review and approval of new systems Must fully understand what's going on under-the-covers

Defense-in-Depth 26 Much more than adding another Firewall! Thank you

Definitions: 27 Micro-segmentation is a security technology that breaks the data center into logical elements and manages them with high-level IT security policies. Port security is a layer two traffic control feature that configures individual switch ports to allow only a specified number of source MAC addresses ingressing the port. Quality of Service (QoS) is a feature that prioritizes network traffic for applications, Ethernet LAN ports, or specified MAC addresses to minimize the impact of resource starvation

28 Questions? Rich Kinas, Orlando Utilities Commission rkinas@ouc.com (407) 434-4261

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback