Cybersecurity Ch. 9.pptx

Full Transcript

CYBERSECURITY
CH. 9

CYBERSECURIT
Y

Overvie
w

Types of
Security

Types of
Security

Risk and
Consequenc
es

Risk and
Consequenc
es

Risk and
Consequenc
es

Sources
of
Threats

Security
Vulnerabilit
ies

Operatin
g
Systems

Wireless
Network
s

Wireless
Network
s

Hardwa
re

Method
s of
Attack

Denial
of
Service

Social
Engineeri
ng in
IACS

Social
Engineeri
ng in
IACS

Examples
• Whois Search on the Internet Network Information
Center Below is information that can be obtained by
entering a domain name in the search box at
www.internic.net/whois.html: Company name:
Registrar used to register domain name Registrar
website: Company name: Telephone numbers for
locating modems behind firewalls and those with
unsecured remote access Contact and email for
social engineering DNS names servers: DNS
information Whois Search on the American Registry
for Internet Numbers Company name DNS Server
Records Entering an nslookup query in a command
line utility will return: Domain name Specific IP
address Host system type of domain name

Other
Investigati
on Tools

A SYSTEM’S MAIN PROTECTION FROM
BOTH EXTERNAL AND INTERNAL
ATTACKS IS THE PASSWORD

Passwor
d
Crackin
g

THE PROBLEM, SIMPLY STATED, IS THIS:
PEOPLE ARE HUMAN AND ATTEMPTING TO
HAVE A PERSON REMEMBER A STRONG
PASSWORD IS A DIFFICULT TASK

QUITE OFTEN PASSWORDS AND USER IDS ARE: IDENTICAL, USUALLY THE
USER’S FIRST OR LAST NAME OR THE WORD “PASSWORD” SYSTEM DEFAULTS
EASY TO GUESS, SUCH AS A COMPANY NAME, VARIATIONS OF USER NAMES,
OR TV CHARACTERS GUEST ACCOUNTS OR ACTIVE TERMINATED ACCOUNTS
FOUND ON STICKY NOTES ATTACHED TO MONITORS AUTOMATED HACKER
TOOLS, SUCH AS CRACK, L0PHTCRACK, AND JOHN THE RIPPER, TEND TO
BRUTE-FORCE PASSWORD CRACKING BUT CAN QUICKLY DETERMINE SHORT
AND COMMON PASSWORDS

Passwor
d
Crackin
g

ANOTHER WAY TO CRACK PASSWORDS IS VIA
RAINBOW TABLES, WHICH ARE HUGE LISTS OF
PRE-ENCRYPTED PASSWORDS THAT ALLOW
ALMOST INSTANTANEOUS CRACKING OF EVEN
LONG, COMPLEX PASSWORDS

Password Cracking
• In all Microsoft Windows systems, up to and
including XP, the user passwords were stored in a
legacy LM format for backwards compatibility
with old systems/workgroups, which turned out to
be incredibly easy to crack

Vulnerabili
ty and
Exploitati
on Tools

Internal
Threats

Risk
Analysi
s

Lowere
d
corpora
te stock
price

IACS
Countermeasu
res

Firewall
s

Firewalls
• More sophisticated firewalls may run on a
commercial operating system, such as Windows,
UNIX, or Linux, and, thus, may themselves need
to be hardened and patched

Firewall
Rules

Network
Address
Translatio
n

Monitorin
g
Network
Traffic

Monitorin
g
Network
Traffic

Hardeni
ng

Operatin
g
System
Hardeni
ng

Network
Hardening:
Component
s

Network
Hardening:
Remote
Administrati
on

It is much like
the influenza
virus

Vaccines are prepa red fo r the m ost
li kely
stra in a nd changes
peo pl e a and
re as
As
technology
v accina ted, y et the become
flu v irus seems to
countermeasures
be a bl e to mo rph i nto different fo rms
effective,
the threats will evolve
a ga i nst which the v a ccine i s not a s
into
a different
form
effectiv
e as i t co uld
be o r is no t
effectiv e at a ll

Evolutio
n of
Threats

The Internet
and VPN
Countermeasu
res

Encryptio
n

It is much like
the influenza
virus

Vaccines are prepa red fo r the m ost
li kely
stra in a nd changes
peo pl e a and
re as
As
technology
v accina ted, y et the become
flu v irus seems to
countermeasures
be a bl e to mo rph i nto different fo rms
effective,
the threats will evolve
a ga i nst which the v a ccine i s not a s
into
a different
form
effectiv
e as i t co uld
be o r is no t
effectiv e at a ll

Evolutio
n of
Threats

The Internet
and VPN
Countermeasu
res

Encryptio
n

Encryptio
n

Internet
Engineeri
ng Task
Force
Security
Solutions

Network
Managem
ent and
Security

Integratio
n of IT
Practices
with
Network
Managem
ent

Integration of IT
Practices with
Network
Management

• Some of the IT practices that are
making inroads into plant
automation systems and networks
include: Centralized monitoring and
configuration updating using SNMP
Centralized user authentication and
policy enforcement using Microsoft
Active Directory Centralized
administration of patches, updates,
firewall rules, AV signatures, and
NIDS/HIDS signatures/libraries A
general problem with these
practices is that they often either
preclude the placement of a DMZ
between the corporate WAN and
the plant networks or they require
any intervening firewalls or some
routing host in the DMZ to have
“holes” through which such
functions can be performed; this is
the classic trade-off between
security and convenience

Network
Manageme
nt: Security
and
Configurati
on

Network Management:
Security and Configuration
• Key management, which is essential to the
encryption process, is a well-thought-out set of
processes that has just now become adequately
cost effective and non-limiting to system
performance to be acceptable to use in industrial
facilities

Network
Error/Faul
t
Handling

System
error
toleranc
es

Correct
bottlenec
ks

Correct bottlenecks
• ISA addresses industrial automation and control
systems whose compromise could result in any or
all of the following situations: Endangerment of
public or employee safety Loss of public
confidence Economic loss Impact on national
security The concept of electronic security in
industrial automation and control systems is
applied in the broadest possible sense,
encompassing all types of plants, facilities, and
systems in all industries

Correct bottlenecks
• The ISA-62443 standards, as designed, have four
working parts, which are illustrated in figure 9-20:
Part 1 establishes the context for all the
remaining standards in the series by defining the
concepts, terminology, and models needed to
understand electronic security for the industrial
automation and control systems environment

Cyber
Security
Managem
ent
System

RISK ANALYSIS WAS DESCRIBED IN SOME
DETAIL PREVIOUSLY IN THIS CHAPTER; THIS IS
A SUMMARY OF THE PROCESS IN ACCORDANCE
WITH THE TENETS OF THE ISA-62443
STANDARDS

Cyber
Security
Managem
ent
System

IN A SECURITY SETTING, RISK
ANALYSIS IS A PROCESS THAT
IDENTIFIES: ASSETS WHY PERFORM
RISK ANALYSIS?

Cyber Security
Management System
• Below is a summary of the reasons that a formal,
documented risk analysis on security should be
performed: To determine which assets to protect To
determine credible threats to those assets To
determine vulnerabilities that currently exist To identify
the risks posed with regard to the assets To
recommend changes to current practice that mitigate
risks to an acceptable level To determine
implementation priorities To provide a foundation for
building the security policy and plan To provide
financial justification for the business case Risk
Analysis: Safety and Security in Industrial Systems You
may have noticed that security is following the same
plans of action that safety has in the past: defense in
depth, risk analysis, etc

Cyber
Emergen
cy
Response
Team

Cyber Emergency
Response Team
• The U.S. Department of Homeland Security : The
Office of Cybersecurity and Communications is
responsible for enhancing the security, resilience,
and reliability of the nation’s cyber and
communications infrastructure

ISASecure
Certificati
on
Program

Conclusio
n