SlideShare una empresa de Scribd logo

Routeco cyber security and secure remote access 1 01

RoutecoMarketing
RoutecoMarketing
Ingeniería
1 de 24
Descargar para leer sin conexión
IACS Network Security & Secure RemoteAccess Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe www.cisco.com/go/security 11th Feb 2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 On Average, there is a ratio of 15:1 Industrial Devices to Enterprise within a manufacturing plant Industrial Devices Meter Sensor Machines Vehicles Robots HMII/O Controller/PLC Scanner Phone RFID Tag Enterprise Devices IP Phone PC Printers Servers “As manufacturers replace legacy network systems and look for areas to streamline on a common solution, ARC sees a tremendous opportunity for growth of EtherNet/IP applications,” according to Craig Resnick, Research Director, ARC Advisory Group 1 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 TheftUnintended employee action Natural or manmade disaster Unauthorized contractor actions Security patches Worms, viruses, malware Denial of serviceSabotage Unauthorized access Unauthorized employee action Potential Disruptions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Stuxnet – a wake up call…. breakdown of Stuxnet http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html Ralph Langner German Control systems security consultant F-Secure wrap-up on Stuxnet http://www.youtube.com/watch?v=gFzadFI7sco
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 • Fragile TCP/IP Stacks – NMAP, Ping Sweep lockup • Little or no device level authentication • Poor network design – hubs, unmanaged switches • Windows based IA servers – patching, legacy OS • Unnecessary services running – FTP, HTTP • Open environment, no port security, no physical security of switch, Ethernet ports • Limited auditing and monitoring of access to IA devices • Unauthorised use of HMI, IA systems for browsing, music/movie downloads • Lack of IT expertise in IA networks, many blind spots
Defense in DepthApproach
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Real–Time Control Fast Convergence Traffic Segmentation and Management Ease of Use Site Operations and Control Multi-Service Networks Network and Security Management Routing Application and Data share Access Control Threat Protection Gbps Link for Failover Detection Firewall (Active) Firewall (Standby) SCADA Application and Services Servers Cisco ASA 5500 Cisco Catalyst Switch Network Services Cisco Catalyst 6500/4500 Cisco Cat. 3750X StackWise Switch Stack Patch Management, Terminal Services, Application Mirrors, AV Servers Cell/Area #1 (Redundant Star Topology) Drive Controller HMI Distributed I/O Controller DriveDrive HMI Distributed I/O HMI Cell/Area #2 (Ring Topology) Cell/Area #3 (Linear Topology) IE3000/3010/2000 Layer 2 Access Switch Controller Enterprise/IT Integration Collaboration Wireless Application Optimization Cell/Area Zone Levels 0–2 Layer 2 Access Manufacturing Zone Level 3 Distribution and Core Demilitarized Zone (DMZ) Firewalls Enterprise Network Levels 4–5 Web Apps DNS FTP Internet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 • Physical Security – limit physical access to authorized personnel: areas, control panels, devices, cabling, and control room – escort and track visitors • Network Hardening – infrastructure framework – e.g. firewalls with intrusion detection and intrusion prevention systems (IDS/IPS), and integrated protection of networking equipment such as switches and routers • End-point Hardening – patch management, antivirus software as well as removal of unused applications, protocols, and services • Application Security – authentication, authorization, and audit software • Device Hardening – change management and restrictive access Defense in Depth Computer Device Physical Network Application
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 • Security is not a bolt-on component • Comprehensive Network Security Model for Defense-in-Depth • Industrial Security Policy • DMZ Implementation • Design Remote Partner Access Policy, with robust & secure implementation
Secure NetworkArchitectures for Industrial Control Systems
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Panduit/RA Physical Layer Reference Architectures Design Guide PSL-DCPL PSL-DCJB
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 • All network traffic from either side of the DMZ terminates in the DMZ; network traffic does not directly traverse the DMZ • Application Data Mirror • No primary services are permanently housed in the DMZ • DMZ shall not permanently house data • No control traffic into the DMZ • Be prepared to “turn-off” access via the firewall No Direct Traffic Enterprise Security Zone Industrial Security Zone Disconnect Point Disconnect Point DMZReplicated Services
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Terminal Services Patch Management AV Server Application Mirror Web Services Operations Application Server Enterprise Network Site Business Planning and Logistics NetworkE-Mail, Intranet, etc. SCADA App Server SCADA Directory Engineering Workstation Domain Controller SCADA Client Operator Interface SCADA Client Engineerin g Workstatio n Operato r Interfac e Batch Control Discrete Control Drive Control Continuou s Process Control Safety Control Sensors Drives Actuators Robots Enterprise Zone DMZ Process Control Domain Process Control Network Web E-Mail CIP Firewal l Firewall Site Manufacturing Operations and Control Area Supervisory Control Basic Control Process PurdueReferenceModel,ISA-95 IndustrialSecurityStandardISA-99
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 1.Firewall Services (Segmentation, Isolation) 2.Application Services (Behavior Enforcement, Application Intelligence and Awareness, Gateway Capabilities) 3.Logging and Historical Services (Traffic, Event histories) 4.Encryption and Data Integrity Services (remote access, and secure channels for data transfer) 5.IPS/IDS Services (deep packet inspection – Sourcefire and Wurldtech Industrial Signatures 1.Malware Detection and Filtering (deep packet and URL inspection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 VPN VDI WSA IPS ASA-CX ASA ISE Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Level 3½ Enterprise Zone DMZ PCD / Manufacturing Zone PCN / Cell / Area Zone 1783-SR
Secure Remote Access
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Use Stratix 5900 (1783-SR) NOT this (or similar such item)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 DefenseinDepth Securitytechnologiesapplied Authentication, Authorization and Accounting Access Control Lists (ACLs) Secure Browsing (HTTPS) Intrusion Protection and Detection Remote Terminal Session Application Security VLANs Remote Engineers and Partners Plant Floor Applications and Data
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 WAN Plant Engineer Skid Builder System Integrator Remote Site WAN Router Plant Site WAN Router • Stand-alone Remote Industrial Application Example: remote site Requirements Connection out from the Plant, direct access Little to no IT support, little to no alignment with Industrial Automation and Control System security standards Potential Solution IPSecVPN, DMVPN,FlexVPN – ASA5515 and/or STX5900 1783-SR/819 ISR IPSec X many
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Cell/Area Zone #3 Cell/Area Zone #4 FactoryTalk Applications and Services Ring Topology Cell/Area Zone #1 Cell/Area Zone #2 Manufacturing Zone 8000 Managed Layer 2 Switch ETAP - Embedded Layer 2 Switch Ring Topology Enterprise Zone Enterprise Network 5700 Managed Layer 2 Switch Star Topology Embedded Layer 2 Switch Linear Topology Mobile User Lightweight AP (LWAP) AP as Workgroup Bridge (WGB) ERP, Email, Wide Area Network (WAN) 5100 802.11n – Dual Band Access point 8300 Managed Layer 3 Switch 5900 Industrial Services Router
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Levels 0–2 Cell/Area Zones Demilitarized Zone (DMZ) Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Manufacturing Zone Site Manufacturing Operations and Control Level 3 Internet Enterprise Zone Levels 4 and 5 Enterprise WAN Enterprise Data Center Gbps Link Failover Detection Firewall (Active) Firewall (Standby) Patch Management Terminal Services Application Mirror AV Server Cisco ASA 5500 Remote Access Server • RSLogix 5000 • FactoryTalk View Studio Catalyst 6500/4500 Remote Engineer or Partner Enterprise Connected Engineer Enterprise Edge Firewall HTTPS Cisco VPN Client Remote Desktop Protocol (RDP) Catalyst 3750 StackWise Switch Stack EtherNet/IP IPSECVPN SSLVPN FactoryTalk Application Servers • View • Historian • AssetCentre • Transaction Manager FactoryTalk Services Platform • Directory • Security/Audit Data Servers 1. Remote engineer or partner establishes VPN to corporate network; access is restricted to IP address of plant DMZ firewall 2. Portal on plant firewall enables access to IACS data, files and applications – Intrusion protection system (IPS) on plant firewall detects and protects against attacks from remote host 3. Firewall proxies a client session to remote access server 4. Access to applications on remote access server is restricted to specified plant floor IACS resources through IACS application security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 1. Identify all connections to SCADA networks 2. Disconnect unnecessary connections to the SCADA network 3. Evaluate and strengthen the security of any remaining connections to the SCADA network 4. Harden SCADA networks by removing or disabling unnecessary services 5. Do not rely on proprietary protocols to protect your system 6. Implement the security features provided by device and system vendors 7. Establish strong controls over any medium that is used as a backdoor into the SCADA network 8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring 9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns 10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security 11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios 12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users 13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection 14. Establish a rigorous, ongoing risk management process 15. Establish a network protection strategy based on the principle of defense-in-depth 16. Clearly identify cyber security requirements 17. Establish effective configuration management processes 18. Conduct routine self-assessments 19. Establish system backups and disaster recovery plans 20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance 21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls 21 Steps to securing a SCADA network http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf
Routeco cyber security and secure remote access 1 01

Recomendados

What Every It Professional Should Know
What Every It Professional Should KnowWhat Every It Professional Should Know
What Every It Professional Should Knowdinobusalachi
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 

Recomendados

What Every It Professional Should Know
What Every It Professional Should KnowWhat Every It Professional Should Know
What Every It Professional Should Knowdinobusalachi
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Schneider Electric
 

Más contenido relacionado

La actualidad más candente

Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 

La actualidad más candente (20)

Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
 
ICS security
ICS securityICS security
ICS security
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 

Destacado

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Schneider Electric
 
Summary Of Course Projects
Summary Of Course ProjectsSummary Of Course Projects
Summary Of Course Projectsawan2008
 
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...Denodo
 
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...Denodo
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Microsoft Cloud Services Architecture
Microsoft Cloud Services ArchitectureMicrosoft Cloud Services Architecture
Microsoft Cloud Services ArchitectureDavid Chou
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
 

Destacado (8)

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...Industrial Control System Cyber Security and the Employment of Industrial Fir...
Industrial Control System Cyber Security and the Employment of Industrial Fir...
 
Summary Of Course Projects
Summary Of Course ProjectsSummary Of Course Projects
Summary Of Course Projects
 
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
Denodo Data Virtualization Platform: Scalability (session 3 from Architect to...
 
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...
Denodo Data Virtualization Platform: Security (session 5 from Architect to Ar...
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Microsoft Cloud Services Architecture
Microsoft Cloud Services ArchitectureMicrosoft Cloud Services Architecture
Microsoft Cloud Services Architecture
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor Types
 

Similar a Routeco cyber security and secure remote access 1 01

BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdfJokaTek
 
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORK
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORKAUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORK
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORKAnastasia Govan Kuusk
 
Discrete MFG IoT Factory of the Future
Discrete MFG IoT Factory of the FutureDiscrete MFG IoT Factory of the Future
Discrete MFG IoT Factory of the FutureMainstay
 
Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 solarisyougood
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Fundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cipFundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cipRoutecoMarketing
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...TI Safe
 
Unified industrial wireless networks (cisco)
Unified industrial wireless networks (cisco)Unified industrial wireless networks (cisco)
Unified industrial wireless networks (cisco)Luis Atencio
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Canada
 
Cloud networking workshop
Cloud networking workshopCloud networking workshop
Cloud networking workshopCisco Canada
 
Manufacturing pov jeff green 2016 v2
Manufacturing pov jeff green 2016 v2Manufacturing pov jeff green 2016 v2
Manufacturing pov jeff green 2016 v2Jeff Green
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...NetworkCollaborators
 

Similar a Routeco cyber security and secure remote access 1 01 (20)

BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
 
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORK
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORKAUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORK
AUTOMATING DATA FOR IIOT ASSET MANAGEMENT & CONTROL - A HOW TO FRAMEWORK
 
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
 
Discrete MFG IoT Factory of the Future
Discrete MFG IoT Factory of the FutureDiscrete MFG IoT Factory of the Future
Discrete MFG IoT Factory of the Future
 
Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
Fundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cipFundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cip
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
Unified industrial wireless networks (cisco)
Unified industrial wireless networks (cisco)Unified industrial wireless networks (cisco)
Unified industrial wireless networks (cisco)
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
 
Cloud networking workshop
Cloud networking workshopCloud networking workshop
Cloud networking workshop
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Manufacturing pov jeff green 2016 v2
Manufacturing pov jeff green 2016 v2Manufacturing pov jeff green 2016 v2
Manufacturing pov jeff green 2016 v2
 
如何用建構校園網絡迎接e-Learning時代v2.10
如何用建構校園網絡迎接e-Learning時代v2.10如何用建構校園網絡迎接e-Learning時代v2.10
如何用建構校園網絡迎接e-Learning時代v2.10
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
 

Más de RoutecoMarketing

The connected enterprise. Is your business ready?
The connected enterprise. Is your business ready?The connected enterprise. Is your business ready?
The connected enterprise. Is your business ready?RoutecoMarketing
 
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014RoutecoMarketing
 
EtherNet/IP Seminar Coventry 29.04.14
EtherNet/IP Seminar Coventry 29.04.14EtherNet/IP Seminar Coventry 29.04.14
EtherNet/IP Seminar Coventry 29.04.14RoutecoMarketing
 
Plantwide benefits of EtherNet IP Seminar
Plantwide benefits of EtherNet IP Seminar Plantwide benefits of EtherNet IP Seminar
Plantwide benefits of EtherNet IP Seminar RoutecoMarketing
 

Más de RoutecoMarketing (6)

The connected enterprise. Is your business ready?
The connected enterprise. Is your business ready?The connected enterprise. Is your business ready?
The connected enterprise. Is your business ready?
 
Stratix 2015
Stratix 2015Stratix 2015
Stratix 2015
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014
Plantwide Benefits of EtherNet/IP Seminar Billingham 09.07.2014
 
EtherNet/IP Seminar Coventry 29.04.14
EtherNet/IP Seminar Coventry 29.04.14EtherNet/IP Seminar Coventry 29.04.14
EtherNet/IP Seminar Coventry 29.04.14
 
Plantwide benefits of EtherNet IP Seminar
Plantwide benefits of EtherNet IP Seminar Plantwide benefits of EtherNet IP Seminar
Plantwide benefits of EtherNet IP Seminar
 

Último

Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadhamedmustafa094
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxNadaHaitham1
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARKOUSTAV SARKAR
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilVinayVitekari
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiessarkmank1
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEselvakumar948
 

Último (20)

Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 

Routeco cyber security and secure remote access 1 01

  • 1. IACS Network Security & Secure RemoteAccess Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe www.cisco.com/go/security 11th Feb 2014
  • 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 On Average, there is a ratio of 15:1 Industrial Devices to Enterprise within a manufacturing plant Industrial Devices Meter Sensor Machines Vehicles Robots HMII/O Controller/PLC Scanner Phone RFID Tag Enterprise Devices IP Phone PC Printers Servers “As manufacturers replace legacy network systems and look for areas to streamline on a common solution, ARC sees a tremendous opportunity for growth of EtherNet/IP applications,” according to Craig Resnick, Research Director, ARC Advisory Group 1 15
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 TheftUnintended employee action Natural or manmade disaster Unauthorized contractor actions Security patches Worms, viruses, malware Denial of serviceSabotage Unauthorized access Unauthorized employee action Potential Disruptions
  • 4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Stuxnet – a wake up call…. breakdown of Stuxnet http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html Ralph Langner German Control systems security consultant F-Secure wrap-up on Stuxnet http://www.youtube.com/watch?v=gFzadFI7sco
  • 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 • Fragile TCP/IP Stacks – NMAP, Ping Sweep lockup • Little or no device level authentication • Poor network design – hubs, unmanaged switches • Windows based IA servers – patching, legacy OS • Unnecessary services running – FTP, HTTP • Open environment, no port security, no physical security of switch, Ethernet ports • Limited auditing and monitoring of access to IA devices • Unauthorised use of HMI, IA systems for browsing, music/movie downloads • Lack of IT expertise in IA networks, many blind spots
  • 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Real–Time Control Fast Convergence Traffic Segmentation and Management Ease of Use Site Operations and Control Multi-Service Networks Network and Security Management Routing Application and Data share Access Control Threat Protection Gbps Link for Failover Detection Firewall (Active) Firewall (Standby) SCADA Application and Services Servers Cisco ASA 5500 Cisco Catalyst Switch Network Services Cisco Catalyst 6500/4500 Cisco Cat. 3750X StackWise Switch Stack Patch Management, Terminal Services, Application Mirrors, AV Servers Cell/Area #1 (Redundant Star Topology) Drive Controller HMI Distributed I/O Controller DriveDrive HMI Distributed I/O HMI Cell/Area #2 (Ring Topology) Cell/Area #3 (Linear Topology) IE3000/3010/2000 Layer 2 Access Switch Controller Enterprise/IT Integration Collaboration Wireless Application Optimization Cell/Area Zone Levels 0–2 Layer 2 Access Manufacturing Zone Level 3 Distribution and Core Demilitarized Zone (DMZ) Firewalls Enterprise Network Levels 4–5 Web Apps DNS FTP Internet
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 • Physical Security – limit physical access to authorized personnel: areas, control panels, devices, cabling, and control room – escort and track visitors • Network Hardening – infrastructure framework – e.g. firewalls with intrusion detection and intrusion prevention systems (IDS/IPS), and integrated protection of networking equipment such as switches and routers • End-point Hardening – patch management, antivirus software as well as removal of unused applications, protocols, and services • Application Security – authentication, authorization, and audit software • Device Hardening – change management and restrictive access Defense in Depth Computer Device Physical Network Application
  • 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 • Security is not a bolt-on component • Comprehensive Network Security Model for Defense-in-Depth • Industrial Security Policy • DMZ Implementation • Design Remote Partner Access Policy, with robust & secure implementation
  • 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Panduit/RA Physical Layer Reference Architectures Design Guide PSL-DCPL PSL-DCJB
  • 13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 • All network traffic from either side of the DMZ terminates in the DMZ; network traffic does not directly traverse the DMZ • Application Data Mirror • No primary services are permanently housed in the DMZ • DMZ shall not permanently house data • No control traffic into the DMZ • Be prepared to “turn-off” access via the firewall No Direct Traffic Enterprise Security Zone Industrial Security Zone Disconnect Point Disconnect Point DMZReplicated Services
  • 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Terminal Services Patch Management AV Server Application Mirror Web Services Operations Application Server Enterprise Network Site Business Planning and Logistics NetworkE-Mail, Intranet, etc. SCADA App Server SCADA Directory Engineering Workstation Domain Controller SCADA Client Operator Interface SCADA Client Engineerin g Workstatio n Operato r Interfac e Batch Control Discrete Control Drive Control Continuou s Process Control Safety Control Sensors Drives Actuators Robots Enterprise Zone DMZ Process Control Domain Process Control Network Web E-Mail CIP Firewal l Firewall Site Manufacturing Operations and Control Area Supervisory Control Basic Control Process PurdueReferenceModel,ISA-95 IndustrialSecurityStandardISA-99
  • 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 1.Firewall Services (Segmentation, Isolation) 2.Application Services (Behavior Enforcement, Application Intelligence and Awareness, Gateway Capabilities) 3.Logging and Historical Services (Traffic, Event histories) 4.Encryption and Data Integrity Services (remote access, and secure channels for data transfer) 5.IPS/IDS Services (deep packet inspection – Sourcefire and Wurldtech Industrial Signatures 1.Malware Detection and Filtering (deep packet and URL inspection
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 VPN VDI WSA IPS ASA-CX ASA ISE Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Level 3½ Enterprise Zone DMZ PCD / Manufacturing Zone PCN / Cell / Area Zone 1783-SR
  • 18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Use Stratix 5900 (1783-SR) NOT this (or similar such item)
  • 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 DefenseinDepth Securitytechnologiesapplied Authentication, Authorization and Accounting Access Control Lists (ACLs) Secure Browsing (HTTPS) Intrusion Protection and Detection Remote Terminal Session Application Security VLANs Remote Engineers and Partners Plant Floor Applications and Data
  • 20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 WAN Plant Engineer Skid Builder System Integrator Remote Site WAN Router Plant Site WAN Router • Stand-alone Remote Industrial Application Example: remote site Requirements Connection out from the Plant, direct access Little to no IT support, little to no alignment with Industrial Automation and Control System security standards Potential Solution IPSecVPN, DMVPN,FlexVPN – ASA5515 and/or STX5900 1783-SR/819 ISR IPSec X many
  • 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Cell/Area Zone #3 Cell/Area Zone #4 FactoryTalk Applications and Services Ring Topology Cell/Area Zone #1 Cell/Area Zone #2 Manufacturing Zone 8000 Managed Layer 2 Switch ETAP - Embedded Layer 2 Switch Ring Topology Enterprise Zone Enterprise Network 5700 Managed Layer 2 Switch Star Topology Embedded Layer 2 Switch Linear Topology Mobile User Lightweight AP (LWAP) AP as Workgroup Bridge (WGB) ERP, Email, Wide Area Network (WAN) 5100 802.11n – Dual Band Access point 8300 Managed Layer 3 Switch 5900 Industrial Services Router
  • 22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Levels 0–2 Cell/Area Zones Demilitarized Zone (DMZ) Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Manufacturing Zone Site Manufacturing Operations and Control Level 3 Internet Enterprise Zone Levels 4 and 5 Enterprise WAN Enterprise Data Center Gbps Link Failover Detection Firewall (Active) Firewall (Standby) Patch Management Terminal Services Application Mirror AV Server Cisco ASA 5500 Remote Access Server • RSLogix 5000 • FactoryTalk View Studio Catalyst 6500/4500 Remote Engineer or Partner Enterprise Connected Engineer Enterprise Edge Firewall HTTPS Cisco VPN Client Remote Desktop Protocol (RDP) Catalyst 3750 StackWise Switch Stack EtherNet/IP IPSECVPN SSLVPN FactoryTalk Application Servers • View • Historian • AssetCentre • Transaction Manager FactoryTalk Services Platform • Directory • Security/Audit Data Servers 1. Remote engineer or partner establishes VPN to corporate network; access is restricted to IP address of plant DMZ firewall 2. Portal on plant firewall enables access to IACS data, files and applications – Intrusion protection system (IPS) on plant firewall detects and protects against attacks from remote host 3. Firewall proxies a client session to remote access server 4. Access to applications on remote access server is restricted to specified plant floor IACS resources through IACS application security
  • 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 1. Identify all connections to SCADA networks 2. Disconnect unnecessary connections to the SCADA network 3. Evaluate and strengthen the security of any remaining connections to the SCADA network 4. Harden SCADA networks by removing or disabling unnecessary services 5. Do not rely on proprietary protocols to protect your system 6. Implement the security features provided by device and system vendors 7. Establish strong controls over any medium that is used as a backdoor into the SCADA network 8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring 9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns 10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security 11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios 12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users 13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection 14. Establish a rigorous, ongoing risk management process 15. Establish a network protection strategy based on the principle of defense-in-depth 16. Clearly identify cyber security requirements 17. Establish effective configuration management processes 18. Conduct routine self-assessments 19. Establish system backups and disaster recovery plans 20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance 21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls 21 Steps to securing a SCADA network http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf