SlideShare una empresa de Scribd logo

13 Ways Through a Firewall – What You Don’t Know Will Hurt You

EnergySec
EnergySec

Presented by: Mike Firstenberg, Waterfall Security Solutions Abstract: Firewalls are a given – everyone assumes that every security posture includes a firewall. But are they really secure? Join us to see 13 kinds of ways to break through a firewall. Each kind of way through a firewall has between dozens and thousands of examples circulating in the wild. Up to 5 of the kinds of breaches will be demonstrated live, time permitting. For each kind of attack, seven compensating measures are briefly discussed and compared.

Tecnología
1 de 47
Descargar para leer sin conexión
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 2013 13 Ways Through A Firewall What you don’t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter @ waterfall - security . com ® Mike Firstenberg Director of Industrial Security Waterfall Security Solutions michaelf @ waterfall - security . com Scientech 2013 Symposium: Managing Fleet Assets and Performance
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 2 Firewalls ● Firewalls – separate networks and sub- networks with different security / connectivity needs ● Often first investment any site makes when starting down the road to an ICS cyber security program ● “Unified Threat Managers” – firewalls with stateful inspection, VPNs, in-line anti-virus scanning, intrusion detection, intrusion prevention, anti-spam, web filtering, and much more – but are they secure? ● DMZ – “in-between” network(s) ● ICS best practice: layers of firewalls, layers of host and network-based defenses Photo: Red Tiger Security
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 3 Setup for Demo Scenarios ● Industrial firewall / UTM ● Business network – my laptop + “hacked host” ● Control network – ICS server to attack / take over + one other ICS host ● Consider only one-hop compromise – into DMZ, or into ICS from DMZ
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 4 Compensating Measures Abbrev Compensating Measure 2-FACT 2-Factor authentication ENC Encryption RULES Better firewall rules HIDS Host intrusion detection / prevention system / SIEM NIDS Network intrusion detection / prevention system / SIEM SECUPD Security updates / patch program UGW Unidirectional security gateway Graphic Impact Would have prevented / detected the attack Would prevent / detect some variants of the attack Would not have prevented / detected the attack
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 5 #1 Phishing / Spam / Drive-By-Download ● Single most common way through (enterprise) firewalls ● Client on business network pulls malware from internet, or activates malware in email attachment ● “Spear-phishing” – carefully crafted email to fool even security experts into opening attachment 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 6 #2 Social Engineering – Steal a Password ● VPN password on sticky note on monitor, or under keyboard ● Call up administrator, weave a convincing tale of woe, and ask for the password ● Ask the administrator to give you a VPN account ● Shoulder-surf while administrator enters firewall password ● Guess ● Install a keystroke logger 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 7 #3 Compromise Domain Controller – Create Account ● More generally – abuse trust of external system ● Create account / change password of exposed ICS server, or firewall itself ● Other external trust abuse – compromise external HMI, ERP, DCS vendor with remote access, WSUS server, DNS server, etc. 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 8 #4 Attack Exposed Servers ● Every exposed port is vulnerable: ● SQL injection ● buffer overflow ● default passwords ● hard-coded password ● denial of service / SYN-flood 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 9 #5 Attack ICS Clients via Compromised Servers ● Best practice: originate all cross-firewall TCP connections on ICS / trusted side ● Once established, all TCP connections are bi-directional – attacks can flow back to clients: ● compromised web servers ● compromised files on file servers ● buffer overflows 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 10 #6 Session Hijacking / Man-in-the-Middle ● Requires access to communications stream between authorized endpoints – eg: ARPSpoof (LAN), fake Wi-Fi access point, hacked DNS server ● Insert new commands into existing communications session ● Sniff / fake session ID / cookie and re-use 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 11 #7 Piggy-Back on VPN ● You may trust the person you have granted remote access, but should you trust their computer? ● Broad VPN access rules – “I trust this user to connect to any machine, on any port” makes it easy for worms and viruses to jump ● Split-tunneling allows interactive remote control 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 12 #8 Firewall Vulnerabilities ● Firewalls are software. All large software artifacts have bugs, and some of those bugs are security vulnerabilities and zero-days ● Vendor back-doors / hard-coded passwords ● Supply chain issues – do you trust the manufacturer? The manufacturer’s suppliers? ● Occasional design vulnerabilities 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 13 #9 Errors and Omissions ● Modern firewalls require 6-8 weeks full-time training to cover all features and all configurations ● The smallest errors expose protected servers to attack ● Over time, poorly-managed firewalls increasingly resemble routers ● Well-meaning corporate IT personnel often control firewall configurations and can reach through to “fix” ICS hosts 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 14 #10 Forge an IP Address ● Most firewall rules are expressed in terms of IP addresses ● Any administrator can change the IP address on a laptop or workstation ● Works only if attacker is on same LAN segment as true IP address – or WAN routers route response traffic to a different LAN ● May need ARPSpoof to block machine with real IP 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 15 #11 Bypass Network Security Perimeter ● Complex network architectures – path from business network to ICS network through only routers exists, but is not obvious ● Rogue wireless access points ● Rogue cables – well meaning technicians eliminate “single point of failure” in firewall ● ICS network extends outside of physical security perimeter ● Dial-up port 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 16 #12 Physical Access to Firewall ● If you can touch it, you can compromise it ● Reset to factory defaults ● Log in to local serial port, change settings with CLI ● Re-arrange wiring 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 17 #13 Sneakernet ● Removable media, especially USB sticks, carried past physical / cyber security perimeter ● Entire laptops, workstations and servers carried past physical / cyber security perimeter 2-FACT ENC RULES HIDS NIDS SECUPD UGW
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 18 Demo Warning: the issues demonstrated in the following slides apply to all firewalls, not just the firewall vendors and models illustrated. It is a mistake to interpret the following slides as a criticism of specific firewalls or specific firewall vendors.
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 19 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 20 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 21 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 22 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 23 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 24 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 25 Firewall Vulnerability – Cross-Site Request Forgery
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 26 Firewall Vulnerability – Cross-Site Request Forgery ● Uses web browser credentials for logged-in sites ● “Blind” technique – script cannot read from foreign web page ● Can however, push changed data to web server, as if user had pressed “send” Lesson: Cross-site scripting vulnerabilities are rampant in web applications of all kinds, including ICS applications. CSRF has been public knowledge for over a decade Mitigation: Modify web application to use hidden fields to echo random data back to web site on pages that change application state. Browsers prevent each site’s scripts from seeing data coming from another site, so foreign scripts cannot echo random data back to protected website
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 27 Errors and Omissions – Can You See The Error?
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 28 Errors and Omissions – Address Range Too Broad
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 29 Errors and Omissions – Can You See the Error?
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 30 Errors and Omissions – Rule for DHCP Address
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 31 Errors and Omissions ● “andrews-machine” address was really for an entire subnet ● See this only when you go to the screen which defines “andrews- machine” address ● Correcting this problem is not sufficient – the address was in the DHCP range ● See this only when you go to the DHCP server definition screen ● Andrew’s machine needs to be given a static IP address Lesson: Full-featured firewalls are complex. Reviewing configurations to ensure they are safe is not straightforward.
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 32 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 33 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 34 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 35 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 36 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 37 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 38 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 39 Firewall Design Vulnerability
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 40 Firewall Design Vulnerability ● Browsers enforce “can’t touch other site’s web pages” rule when scripts and web pages come from different sites ● Within a site, scripts can touch web pages at will – this is how complex web applications work ● Hiding many web sites behind a single proxy address is very “convenient” – web browser is your SSL client ● Web browsers cannot enforce “can’t touch other site’s web pages” rules when scripts and web pages all appear to originate at the same site Lesson: Clientless/browser SSL clients are designed to hide many sites behind one address. Unless browser designs or clientless SSL designs change, hosts behind such proxy-site web servers will always be vulnerable to each other’s scripted attacks.
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 41 Hacking ICS Servers
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 42 Hacking ICS Servers
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 43 Hacking ICS Servers
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 44 Hacking ICS Servers – 100,000 Vulnerabilities ● A major vendor recently reported counting over 50,000 buffer- overflow-capable C library calls in one 2,000,000 LOC product ● All such calls are currently being replaced ● Do the math: ● Assume 2% of all overflow-capable calls are vulnerabilities ● 10 major vendors world-wide, in at least 5 verticals ● Assume at least 3 2MLOC products unique to each vertical ● Assume at least 75% of these products still written in C/C++ ● The math: 2% x 50,000 calls x 10 vendors x 5 verticals x 3 products x 75% = at least 100,000 vulnerabilities waiting to be found Lesson: Attacking firewall-exposed ICS servers with zero-day exploits will be straightforward for the foreseeable future
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 45 Keeping Score Score Abbrev Compensating Measure 7 2-FACT 2-Factor authentication 7 ENC Encryption 11 RULES Better firewall rules 8 HIDS Host intrusion detection / prevention system / SIEM 9 NIDS Network intrusion detection / prevention system / SIEM 9 SECUPD Security updates / patch program 20 UGW Unidirectional security gateway Graphic Score Impact 2 Would have prevented / detected the attack 1 Would prevent / detect some variants of the attack 0 Would not have prevented / detected the attack
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 46 ● Headquarters in Israel, sales and operations office in the USA ● Hundreds of sites deployed in all critical infrastructure sectors Best Practice Award 2012, Industrial Network Security IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market – 2010, 2011, & 2012 ● Strategic partnership agreements / cooperation with: OSIsoft, GE, Siemens, and many other major industrial vendors Waterfall Security Solutions
Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 47 Stronger Than Firewalls ● Firewalls are porous ● Given the “elephants in the room,” perimeter protection will always be disproportionately important: ● 100,000 vulnerabilities ● Plain-text device communications ● Dissonance between ECC and IT’s “constant change” patch programs ● Long life-cycles for physical equipment andrew.ginter@waterfall-security.com www.waterfall-security.com michaelf @ waterfall - security . com 2-FACT ENC RULES HIDS NIDS SECUPD UGW

Recomendados

How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Come See What’s Cooking in My Lab
Come See What’s Cooking in My LabCome See What’s Cooking in My Lab
Come See What’s Cooking in My LabEnergySec
 
Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...energybiographies
 

Recomendados

How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Come See What’s Cooking in My Lab
Come See What’s Cooking in My LabCome See What’s Cooking in My Lab
Come See What’s Cooking in My LabEnergySec
 
Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...energybiographies
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS EnvironmentsEnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research reportenergybiographies
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterEnergySec
 
Building an Incident Response Team
Building an Incident Response TeamBuilding an Incident Response Team
Building an Incident Response TeamEnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersEnergySec
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
 
Energy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeEnergy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeenergybiographies
 
The grit in the oyster:
The grit in the oyster: The grit in the oyster:
The grit in the oyster: energybiographies
 
Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...energybiographies
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 

Más contenido relacionado

Destacado

Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS EnvironmentsEnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research reportenergybiographies
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterEnergySec
 
Building an Incident Response Team
Building an Incident Response TeamBuilding an Incident Response Team
Building an Incident Response TeamEnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersEnergySec
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
 
Energy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeEnergy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeenergybiographies
 
Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...energybiographies
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 

Destacado (19)

Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research report
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart Meter
 
Building an Incident Response Team
Building an Incident Response TeamBuilding an Incident Response Team
Building an Incident Response Team
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for Beginners
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
 
Energy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeEnergy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice change
 
The grit in the oyster:
The grit in the oyster: The grit in the oyster:
The grit in the oyster:
 
Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 

Más de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

Más de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

13 Ways Through a Firewall – What You Don’t Know Will Hurt You

  • 1. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 2013 13 Ways Through A Firewall What you don’t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter @ waterfall - security . com ® Mike Firstenberg Director of Industrial Security Waterfall Security Solutions michaelf @ waterfall - security . com Scientech 2013 Symposium: Managing Fleet Assets and Performance
  • 2. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 2 Firewalls ● Firewalls – separate networks and sub- networks with different security / connectivity needs ● Often first investment any site makes when starting down the road to an ICS cyber security program ● “Unified Threat Managers” – firewalls with stateful inspection, VPNs, in-line anti-virus scanning, intrusion detection, intrusion prevention, anti-spam, web filtering, and much more – but are they secure? ● DMZ – “in-between” network(s) ● ICS best practice: layers of firewalls, layers of host and network-based defenses Photo: Red Tiger Security
  • 3. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 3 Setup for Demo Scenarios ● Industrial firewall / UTM ● Business network – my laptop + “hacked host” ● Control network – ICS server to attack / take over + one other ICS host ● Consider only one-hop compromise – into DMZ, or into ICS from DMZ
  • 4. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 4 Compensating Measures Abbrev Compensating Measure 2-FACT 2-Factor authentication ENC Encryption RULES Better firewall rules HIDS Host intrusion detection / prevention system / SIEM NIDS Network intrusion detection / prevention system / SIEM SECUPD Security updates / patch program UGW Unidirectional security gateway Graphic Impact Would have prevented / detected the attack Would prevent / detect some variants of the attack Would not have prevented / detected the attack
  • 5. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 5 #1 Phishing / Spam / Drive-By-Download ● Single most common way through (enterprise) firewalls ● Client on business network pulls malware from internet, or activates malware in email attachment ● “Spear-phishing” – carefully crafted email to fool even security experts into opening attachment 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 6. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 6 #2 Social Engineering – Steal a Password ● VPN password on sticky note on monitor, or under keyboard ● Call up administrator, weave a convincing tale of woe, and ask for the password ● Ask the administrator to give you a VPN account ● Shoulder-surf while administrator enters firewall password ● Guess ● Install a keystroke logger 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 7. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 7 #3 Compromise Domain Controller – Create Account ● More generally – abuse trust of external system ● Create account / change password of exposed ICS server, or firewall itself ● Other external trust abuse – compromise external HMI, ERP, DCS vendor with remote access, WSUS server, DNS server, etc. 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 8. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 8 #4 Attack Exposed Servers ● Every exposed port is vulnerable: ● SQL injection ● buffer overflow ● default passwords ● hard-coded password ● denial of service / SYN-flood 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 9. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 9 #5 Attack ICS Clients via Compromised Servers ● Best practice: originate all cross-firewall TCP connections on ICS / trusted side ● Once established, all TCP connections are bi-directional – attacks can flow back to clients: ● compromised web servers ● compromised files on file servers ● buffer overflows 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 10. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 10 #6 Session Hijacking / Man-in-the-Middle ● Requires access to communications stream between authorized endpoints – eg: ARPSpoof (LAN), fake Wi-Fi access point, hacked DNS server ● Insert new commands into existing communications session ● Sniff / fake session ID / cookie and re-use 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 11. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 11 #7 Piggy-Back on VPN ● You may trust the person you have granted remote access, but should you trust their computer? ● Broad VPN access rules – “I trust this user to connect to any machine, on any port” makes it easy for worms and viruses to jump ● Split-tunneling allows interactive remote control 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 12. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 12 #8 Firewall Vulnerabilities ● Firewalls are software. All large software artifacts have bugs, and some of those bugs are security vulnerabilities and zero-days ● Vendor back-doors / hard-coded passwords ● Supply chain issues – do you trust the manufacturer? The manufacturer’s suppliers? ● Occasional design vulnerabilities 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 13. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 13 #9 Errors and Omissions ● Modern firewalls require 6-8 weeks full-time training to cover all features and all configurations ● The smallest errors expose protected servers to attack ● Over time, poorly-managed firewalls increasingly resemble routers ● Well-meaning corporate IT personnel often control firewall configurations and can reach through to “fix” ICS hosts 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 14. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 14 #10 Forge an IP Address ● Most firewall rules are expressed in terms of IP addresses ● Any administrator can change the IP address on a laptop or workstation ● Works only if attacker is on same LAN segment as true IP address – or WAN routers route response traffic to a different LAN ● May need ARPSpoof to block machine with real IP 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 15. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 15 #11 Bypass Network Security Perimeter ● Complex network architectures – path from business network to ICS network through only routers exists, but is not obvious ● Rogue wireless access points ● Rogue cables – well meaning technicians eliminate “single point of failure” in firewall ● ICS network extends outside of physical security perimeter ● Dial-up port 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 16. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 16 #12 Physical Access to Firewall ● If you can touch it, you can compromise it ● Reset to factory defaults ● Log in to local serial port, change settings with CLI ● Re-arrange wiring 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 17. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 17 #13 Sneakernet ● Removable media, especially USB sticks, carried past physical / cyber security perimeter ● Entire laptops, workstations and servers carried past physical / cyber security perimeter 2-FACT ENC RULES HIDS NIDS SECUPD UGW
  • 18. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 18 Demo Warning: the issues demonstrated in the following slides apply to all firewalls, not just the firewall vendors and models illustrated. It is a mistake to interpret the following slides as a criticism of specific firewalls or specific firewall vendors.
  • 19. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 19 Firewall Vulnerability – Cross-Site Request Forgery
  • 20. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 20 Firewall Vulnerability – Cross-Site Request Forgery
  • 21. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 21 Firewall Vulnerability – Cross-Site Request Forgery
  • 22. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 22 Firewall Vulnerability – Cross-Site Request Forgery
  • 23. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 23 Firewall Vulnerability – Cross-Site Request Forgery
  • 24. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 24 Firewall Vulnerability – Cross-Site Request Forgery
  • 25. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 25 Firewall Vulnerability – Cross-Site Request Forgery
  • 26. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 26 Firewall Vulnerability – Cross-Site Request Forgery ● Uses web browser credentials for logged-in sites ● “Blind” technique – script cannot read from foreign web page ● Can however, push changed data to web server, as if user had pressed “send” Lesson: Cross-site scripting vulnerabilities are rampant in web applications of all kinds, including ICS applications. CSRF has been public knowledge for over a decade Mitigation: Modify web application to use hidden fields to echo random data back to web site on pages that change application state. Browsers prevent each site’s scripts from seeing data coming from another site, so foreign scripts cannot echo random data back to protected website
  • 27. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 27 Errors and Omissions – Can You See The Error?
  • 28. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 28 Errors and Omissions – Address Range Too Broad
  • 29. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 29 Errors and Omissions – Can You See the Error?
  • 30. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 30 Errors and Omissions – Rule for DHCP Address
  • 31. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 31 Errors and Omissions ● “andrews-machine” address was really for an entire subnet ● See this only when you go to the screen which defines “andrews- machine” address ● Correcting this problem is not sufficient – the address was in the DHCP range ● See this only when you go to the DHCP server definition screen ● Andrew’s machine needs to be given a static IP address Lesson: Full-featured firewalls are complex. Reviewing configurations to ensure they are safe is not straightforward.
  • 32. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 32 Firewall Design Vulnerability
  • 33. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 33 Firewall Design Vulnerability
  • 34. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 34 Firewall Design Vulnerability
  • 35. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 35 Firewall Design Vulnerability
  • 36. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 36 Firewall Design Vulnerability
  • 37. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 37 Firewall Design Vulnerability
  • 38. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 38 Firewall Design Vulnerability
  • 39. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 39 Firewall Design Vulnerability
  • 40. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 40 Firewall Design Vulnerability ● Browsers enforce “can’t touch other site’s web pages” rule when scripts and web pages come from different sites ● Within a site, scripts can touch web pages at will – this is how complex web applications work ● Hiding many web sites behind a single proxy address is very “convenient” – web browser is your SSL client ● Web browsers cannot enforce “can’t touch other site’s web pages” rules when scripts and web pages all appear to originate at the same site Lesson: Clientless/browser SSL clients are designed to hide many sites behind one address. Unless browser designs or clientless SSL designs change, hosts behind such proxy-site web servers will always be vulnerable to each other’s scripted attacks.
  • 41. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 41 Hacking ICS Servers
  • 42. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 42 Hacking ICS Servers
  • 43. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 43 Hacking ICS Servers
  • 44. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 44 Hacking ICS Servers – 100,000 Vulnerabilities ● A major vendor recently reported counting over 50,000 buffer- overflow-capable C library calls in one 2,000,000 LOC product ● All such calls are currently being replaced ● Do the math: ● Assume 2% of all overflow-capable calls are vulnerabilities ● 10 major vendors world-wide, in at least 5 verticals ● Assume at least 3 2MLOC products unique to each vertical ● Assume at least 75% of these products still written in C/C++ ● The math: 2% x 50,000 calls x 10 vendors x 5 verticals x 3 products x 75% = at least 100,000 vulnerabilities waiting to be found Lesson: Attacking firewall-exposed ICS servers with zero-day exploits will be straightforward for the foreseeable future
  • 45. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 45 Keeping Score Score Abbrev Compensating Measure 7 2-FACT 2-Factor authentication 7 ENC Encryption 11 RULES Better firewall rules 8 HIDS Host intrusion detection / prevention system / SIEM 9 NIDS Network intrusion detection / prevention system / SIEM 9 SECUPD Security updates / patch program 20 UGW Unidirectional security gateway Graphic Score Impact 2 Would have prevented / detected the attack 1 Would prevent / detect some variants of the attack 0 Would not have prevented / detected the attack
  • 46. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 46 ● Headquarters in Israel, sales and operations office in the USA ● Hundreds of sites deployed in all critical infrastructure sectors Best Practice Award 2012, Industrial Network Security IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market – 2010, 2011, & 2012 ● Strategic partnership agreements / cooperation with: OSIsoft, GE, Siemens, and many other major industrial vendors Waterfall Security Solutions
  • 47. Proprietary Information – Copyright © 2013 by Waterfall Security Solutions Ltd. 47 Stronger Than Firewalls ● Firewalls are porous ● Given the “elephants in the room,” perimeter protection will always be disproportionately important: ● 100,000 vulnerabilities ● Plain-text device communications ● Dissonance between ECC and IT’s “constant change” patch programs ● Long life-cycles for physical equipment andrew.ginter@waterfall-security.com www.waterfall-security.com michaelf @ waterfall - security . com 2-FACT ENC RULES HIDS NIDS SECUPD UGW