SlideShare a Scribd company logo

[CLASS 2014] Palestra Técnica - Michael Firstenberg

TI Safe
TI Safe

Título da Palestra: Inovando na segurança de perímetro industrial: revolucionando a segurança de perímetro SCADA com tecnologias que são mais fortes que Firewalls

Technology
1 of 21
Download to read offline
UNIDIRECTIONAL SECURITY GATEWAYS™ Challenges of Cybersecurity Implementations for Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 2014 Process Control Systems Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions
Security Landscape ● 1M ICS hosts on the Internet? 500K in NA? Really only 7,000 ● Heartbleed – encryption in lots of products, websites & VPNs broken ● NSA supply chain revelations. Does anyone really believe it was only the NSA? ● Always more ICS vulnerabilities found, and patching change-controlled network is slow Heartbleed drives home the point: all software has bugs. Some bugs are security holes. So in practice, all software can be hacked Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 2
Threat Resources Methods Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions Existing Protection Examples Nation-state, sleeper insiders High Highly targeted, autonomous none Stuxnet, NSA supply chain Targeted Persistent Attacks Medium Targeted, manual remote control NEI Aurora, Night Dragon, Shady Rat, Ghostnet, Disgruntled insider with access to ICS Low Targeted: social engineering ISA, API, NERC-CIP Maroochy Insider with access to IT network Low Targeted: social engineering NIST IT examples Organized crime Medium Highly volume, automated ISA, API, NERC-CIP Zeus, Conflicker Who Are We Worried About?
Targeted Persistent Attacks ● Use “spear phishing” or server attacks to punch through firewalls ● Use custom malware to evade anti-virus ● Operate malware by interactive remote control ● Steal administrator passwords / password hashes ● Create new administrator accounts on domain controller ● Use new accounts to log in – no need to “break in” any more – defeats software update programs IT teams are unable to block these targeted attacks at the corporate perimeter. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 4
IT vs ICS - Safety, Reliability, Confidentiality Attribute Enterprise / IT Control System Scale Huge – 100,000’s of devices 100-500 devices per DCS Priority Confidentiality Safety and reliability Target Data Equipment Exposure Constant exposure to Internet content / attacks Exposed to business network, not Internet Equipment lifecycle 3-5 years 10-20 years Security discipline: Speed / aggressive change – stay ahead of the threats Security is an aspect of safety - Engineering Change Control (ECC) The difference between IT and ICS is control Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 5
Reliability + Safety Risks = Soft ICS Interior ● Cyber safety and reliability risks arise from ability to control physical equipment ● Testing security updates and AV updates for reliability and safety takes longer – sometimes much longer ● There are tens of thousands of vulnerabilities are waiting to be discovered in ICS software ● Old, out-of-support hardware and software ● Encrypted/authenticated communications debate for critical devices may never be resolved Strong perimeter protection will always be disproportionately important in ICS defense-in-depth programs Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 6
Physical Security ● Strictly control access to critical ICS computers ● Reduce risks due to USB, CD-ROMS, cell phone connections and other removable media / networking ● Reduce risks due to rogue laptops & other equipment plugged into ICS / safety networks ● Entire ICS network must lie within physical security perimeter ● No silver bullet: ● Insider threat is still real ● Distant adversaries can compromise equipment over Internet / remote control Photo: Idaho National Labs Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 7
Sneakernet ● Device control – low-impact software to control which users and ports can accept which kinds of USB / CD / DVD device ● Network Access Control – refuses access to unauthorized laptops ● Supply chain - offline scans of hard disks of new equipment, physical inspections ● The most cautious firms purchase USB peripherals from distant, random locations ● Training & Awareness Be paranoid. Everything that crosses the physical or cyber perimeter is a threat Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 8
Device Control & Whitelisting ● Whitelisting: strictly control what software is allowed to run where ● Currently used more for “devices” with complex embedded operating systems than for entire ICS systems ● Device control: forbid entirely the execution of software from removable media, control what kinds of USB devices (keyboards, mice) are allowed to be connected to which ports ● Less intrusive than whitelisting, applied more commonly to larger parts of ICS systems ● No silver bullet: ● Cannot prevent remote control of legitimate applications Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 9
Cyber Perimeter - How Secure are Firewalls Really? Attack Type UGW Fwall 1) Phishing / drive-by-download – victim pulls your attack through firewall 2) Social engineering – steal a password / keystroke logger / shoulder surf 3) Compromise domain controller – create ICS host or firewall account 4) Attack exposed servers – SQL injection / DOS / buffer-overflowd 5) Attack exposed clients – compromised web svrs/ file svrs / buf-overflows 6) Session hijacking – MIM / steal HTTP cookies / command injection 7) Piggy-back on VPN – split tunneling / malware propagation 8) Firewall vulnerabilities – bugs / zero-days / default passwd/ design vulns 9) Errors and omissions – bad fwall rules/configs / IT reaches through fwalls 10) Forge an IP address – firewall rules are IP-based Firewall have been with us for 30 years now. The good guys and the bad guys both know how to defeat them Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 10 Photo: Red Tiger Security Attack Success Rate: Impossible Routine Easy
Technical Shortcomings of Firewalls ● Well short of secure initially ● The “deny any any” rule ● Order of your firewall ruleset ● Multiple administration services ● Multiple passwords A Tufin Technologies survey found that 86% of hackers believe that they can break through any firewall. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 11 Photo: Idaho National Labs
Technical Shortcomings – Part 2 ● Software and hardware issues (e.g. code updates, loose power cables) can affect ops and business. ● May not be able to operate in harsher conditions of plants and need to be replaced more often ● Dependencies on corporate network, where SLAs are not as high ● New vulnerabilities are introduced with new software Firewalls have external dependencies which affect their capabilities. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 12
Technical Shortcomings Part 3 All TCP connections through the firewall are bi-directional Outbound access = Inbound C&C Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 13 ?
Technical Shortcomings Part 3 All TCP connections through the firewall are bi-directional Outbound access = Inbound C&C Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 14
Unidirectional Security Gateways: Server Replication ● Hardware-enforced unidirectional server replication ● Replica server contains all data and functionality of original ● External clients communicate only with replica historian ● 100% secure from online attacks from external networks ● Replicate historian servers, OPC servers, RDB servers, Modbus, etc. PLCs RTUs Industrial Network Corporate Network Historian Waterfall TX appliance Waterfall RX appliance Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 15 Workstations Replica Historian Waterfall TX agent Waterfall RX agent Unidirectional Historian replication
Waterfall FLIP™ Defeats Interactive Remote Control ● Unidirectional Gateway whose direction can be reversed: ● Chemicals / refining / mining / pharmaceuticals: batch instructions ● Water systems: periodic security updates & anti-virus signatures ● Remote unstaffed sites: substations, pumping stations ● Trigger: button / key, schedule ● Stronger than firewalls, stronger than removable media The FLIP is a Unidirectional Gateway that can “flip over” Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 16
Deep Content Control ● Trend in firewalls for 30 years is towards increasingly deep understanding, inspection of, and control of communications protocols ● Deep content control inspects and controls individual fields, tags, values, flags & files passing between networks ● Supports open protocols, proprietary protocols, ICS protocols, fragmented protocols – anything that an endpoint can make sense of ● DCC is generally a client, pulling only desired data. Servers try to sort out anything a client/attacker sends them. Deep Content Control protects both ICS networks from IT networks, and IT networks from ICS networks Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 17
Evolving Best Practices – Unidirectional Gateways NERC CIP exempts unidirectionally-protected sites from over 35% of requirements DHS recommends unidirectional gateways in security assessments (ICS CERT) NRC & NEI exempts unidirectionally-protected sites from 21 of 26 cyber-perimeter rules Unidirectional gateways – limit the propagation of malicious code (ISA SP- 99-3-3 / IEC 62443-3-3) ENISA - unidirectional gateways provide better protection than firewalls NIST - unidirectional gateways prevent any connectivity of traffic between domains (800-82) Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 18
Best Practices Continue to Evolve Unidirectional gateways defeat targeted attacks, insider attacks & malware propagation Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 19
Waterfall Security Solutions ● Headquarters in Israel, sales and operations office in the USA ● Hundreds of sites deployed in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market – 2010, 2011, & 2012 ● Strategic partnership agreements / cooperation with: OSIsoft, GE, Siemens, and many other major industrial vendors Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 20
ICS Relies Heavily on Perimeter Protection ● If IT protections cannot prevent modern attacks from breaching IT networks, why are they adequate for ICS networks? ● Unidirectional Gateways defeat modern interactive remote control attacks ● Everything crossing physical or cyber perimeters is a threat ● Deep Content Control supports open protocols as well as proprietary, industrial protocols Hardware-enforced unidirectional protections are today’s best practices Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 21

Recommended

[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares
TI Safe
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Dawn Yankeelov
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 

Recommended

[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares
TI Safe
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Dawn Yankeelov
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Jim Gilsinn
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
Filip Maertens
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
Digital Bond
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
Narinrit Prem-apiwathanokul
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
Digital Bond
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Honeywell
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
iotisrael
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
Shah Sheikh
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
International Electrotechnical Commission (IEC)
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
CLASS 2016 - Palestra Eduardo Fernandes
CLASS 2016 - Palestra Eduardo FernandesCLASS 2016 - Palestra Eduardo Fernandes
CLASS 2016 - Palestra Eduardo Fernandes
TI Safe
 

More Related Content

What's hot

SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Jim Gilsinn
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
Digital Bond
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
Shah Sheikh
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 

What's hot (20)

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 

Viewers also liked

Safetydivnewslettersummer05
Safetydivnewslettersummer05Safetydivnewslettersummer05
Safetydivnewslettersummer05
supperman2011
 
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
Byres Security Inc.
 
PLC Networking Basics - Instructor's notes
PLC Networking Basics - Instructor's notesPLC Networking Basics - Instructor's notes
PLC Networking Basics - Instructor's notes
Business Industrial Network
 

Viewers also liked (18)

How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
CLASS 2016 - Palestra Eduardo Fernandes
CLASS 2016 - Palestra Eduardo FernandesCLASS 2016 - Palestra Eduardo Fernandes
CLASS 2016 - Palestra Eduardo Fernandes
 
[CLASS 2014] Palestra Técnica - Silvio Rocha
[CLASS 2014] Palestra Técnica - Silvio Rocha[CLASS 2014] Palestra Técnica - Silvio Rocha
[CLASS 2014] Palestra Técnica - Silvio Rocha
 
Safetydivnewslettersummer05
Safetydivnewslettersummer05Safetydivnewslettersummer05
Safetydivnewslettersummer05
 
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...
 
Carotek 2015 Process Solutions Summit brochure
Carotek 2015 Process Solutions Summit brochureCarotek 2015 Process Solutions Summit brochure
Carotek 2015 Process Solutions Summit brochure
 
Avila 3 b
Avila 3 bAvila 3 b
Avila 3 b
 
2016 investor deck august v1
2016 investor deck august v12016 investor deck august v1
2016 investor deck august v1
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Sistemas de proteção de perímetro
Sistemas de proteção de perímetroSistemas de proteção de perímetro
Sistemas de proteção de perímetro
 
PLC Networking Basics - Instructor's notes
PLC Networking Basics - Instructor's notesPLC Networking Basics - Instructor's notes
PLC Networking Basics - Instructor's notes
 
CONTOH IKLAN TENDER BAGI KERJA MELEBIHI RM 10 JUTA
CONTOH IKLAN TENDER BAGI KERJA MELEBIHI RM 10 JUTACONTOH IKLAN TENDER BAGI KERJA MELEBIHI RM 10 JUTA
CONTOH IKLAN TENDER BAGI KERJA MELEBIHI RM 10 JUTA
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 
Securing OPC Classic Communications in Industrial Systems
Securing OPC Classic Communications in Industrial SystemsSecuring OPC Classic Communications in Industrial Systems
Securing OPC Classic Communications in Industrial Systems
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 
Crypto products backgrounder r0
Crypto products backgrounder r0Crypto products backgrounder r0
Crypto products backgrounder r0
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Similar to [CLASS 2014] Palestra Técnica - Michael Firstenberg

Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Gettozero stealth industrial
Gettozero stealth industrialGettozero stealth industrial
Gettozero stealth industrial
Sherid444
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 

Similar to [CLASS 2014] Palestra Técnica - Michael Firstenberg (20)

Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Gettozero stealth industrial
Gettozero stealth industrialGettozero stealth industrial
Gettozero stealth industrial
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Day4
Day4Day4
Day4
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 

More from TI Safe

Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
TI Safe
 

More from TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

[CLASS 2014] Palestra Técnica - Michael Firstenberg

  • 1. UNIDIRECTIONAL SECURITY GATEWAYS™ Challenges of Cybersecurity Implementations for Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 2014 Process Control Systems Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions
  • 2. Security Landscape ● 1M ICS hosts on the Internet? 500K in NA? Really only 7,000 ● Heartbleed – encryption in lots of products, websites & VPNs broken ● NSA supply chain revelations. Does anyone really believe it was only the NSA? ● Always more ICS vulnerabilities found, and patching change-controlled network is slow Heartbleed drives home the point: all software has bugs. Some bugs are security holes. So in practice, all software can be hacked Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 2
  • 3. Threat Resources Methods Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions Existing Protection Examples Nation-state, sleeper insiders High Highly targeted, autonomous none Stuxnet, NSA supply chain Targeted Persistent Attacks Medium Targeted, manual remote control NEI Aurora, Night Dragon, Shady Rat, Ghostnet, Disgruntled insider with access to ICS Low Targeted: social engineering ISA, API, NERC-CIP Maroochy Insider with access to IT network Low Targeted: social engineering NIST IT examples Organized crime Medium Highly volume, automated ISA, API, NERC-CIP Zeus, Conflicker Who Are We Worried About?
  • 4. Targeted Persistent Attacks ● Use “spear phishing” or server attacks to punch through firewalls ● Use custom malware to evade anti-virus ● Operate malware by interactive remote control ● Steal administrator passwords / password hashes ● Create new administrator accounts on domain controller ● Use new accounts to log in – no need to “break in” any more – defeats software update programs IT teams are unable to block these targeted attacks at the corporate perimeter. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 4
  • 5. IT vs ICS - Safety, Reliability, Confidentiality Attribute Enterprise / IT Control System Scale Huge – 100,000’s of devices 100-500 devices per DCS Priority Confidentiality Safety and reliability Target Data Equipment Exposure Constant exposure to Internet content / attacks Exposed to business network, not Internet Equipment lifecycle 3-5 years 10-20 years Security discipline: Speed / aggressive change – stay ahead of the threats Security is an aspect of safety - Engineering Change Control (ECC) The difference between IT and ICS is control Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 5
  • 6. Reliability + Safety Risks = Soft ICS Interior ● Cyber safety and reliability risks arise from ability to control physical equipment ● Testing security updates and AV updates for reliability and safety takes longer – sometimes much longer ● There are tens of thousands of vulnerabilities are waiting to be discovered in ICS software ● Old, out-of-support hardware and software ● Encrypted/authenticated communications debate for critical devices may never be resolved Strong perimeter protection will always be disproportionately important in ICS defense-in-depth programs Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 6
  • 7. Physical Security ● Strictly control access to critical ICS computers ● Reduce risks due to USB, CD-ROMS, cell phone connections and other removable media / networking ● Reduce risks due to rogue laptops & other equipment plugged into ICS / safety networks ● Entire ICS network must lie within physical security perimeter ● No silver bullet: ● Insider threat is still real ● Distant adversaries can compromise equipment over Internet / remote control Photo: Idaho National Labs Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 7
  • 8. Sneakernet ● Device control – low-impact software to control which users and ports can accept which kinds of USB / CD / DVD device ● Network Access Control – refuses access to unauthorized laptops ● Supply chain - offline scans of hard disks of new equipment, physical inspections ● The most cautious firms purchase USB peripherals from distant, random locations ● Training & Awareness Be paranoid. Everything that crosses the physical or cyber perimeter is a threat Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 8
  • 9. Device Control & Whitelisting ● Whitelisting: strictly control what software is allowed to run where ● Currently used more for “devices” with complex embedded operating systems than for entire ICS systems ● Device control: forbid entirely the execution of software from removable media, control what kinds of USB devices (keyboards, mice) are allowed to be connected to which ports ● Less intrusive than whitelisting, applied more commonly to larger parts of ICS systems ● No silver bullet: ● Cannot prevent remote control of legitimate applications Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 9
  • 10. Cyber Perimeter - How Secure are Firewalls Really? Attack Type UGW Fwall 1) Phishing / drive-by-download – victim pulls your attack through firewall 2) Social engineering – steal a password / keystroke logger / shoulder surf 3) Compromise domain controller – create ICS host or firewall account 4) Attack exposed servers – SQL injection / DOS / buffer-overflowd 5) Attack exposed clients – compromised web svrs/ file svrs / buf-overflows 6) Session hijacking – MIM / steal HTTP cookies / command injection 7) Piggy-back on VPN – split tunneling / malware propagation 8) Firewall vulnerabilities – bugs / zero-days / default passwd/ design vulns 9) Errors and omissions – bad fwall rules/configs / IT reaches through fwalls 10) Forge an IP address – firewall rules are IP-based Firewall have been with us for 30 years now. The good guys and the bad guys both know how to defeat them Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 10 Photo: Red Tiger Security Attack Success Rate: Impossible Routine Easy
  • 11. Technical Shortcomings of Firewalls ● Well short of secure initially ● The “deny any any” rule ● Order of your firewall ruleset ● Multiple administration services ● Multiple passwords A Tufin Technologies survey found that 86% of hackers believe that they can break through any firewall. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 11 Photo: Idaho National Labs
  • 12. Technical Shortcomings – Part 2 ● Software and hardware issues (e.g. code updates, loose power cables) can affect ops and business. ● May not be able to operate in harsher conditions of plants and need to be replaced more often ● Dependencies on corporate network, where SLAs are not as high ● New vulnerabilities are introduced with new software Firewalls have external dependencies which affect their capabilities. Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 12
  • 13. Technical Shortcomings Part 3 All TCP connections through the firewall are bi-directional Outbound access = Inbound C&C Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 13 ?
  • 14. Technical Shortcomings Part 3 All TCP connections through the firewall are bi-directional Outbound access = Inbound C&C Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 14
  • 15. Unidirectional Security Gateways: Server Replication ● Hardware-enforced unidirectional server replication ● Replica server contains all data and functionality of original ● External clients communicate only with replica historian ● 100% secure from online attacks from external networks ● Replicate historian servers, OPC servers, RDB servers, Modbus, etc. PLCs RTUs Industrial Network Corporate Network Historian Waterfall TX appliance Waterfall RX appliance Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 15 Workstations Replica Historian Waterfall TX agent Waterfall RX agent Unidirectional Historian replication
  • 16. Waterfall FLIP™ Defeats Interactive Remote Control ● Unidirectional Gateway whose direction can be reversed: ● Chemicals / refining / mining / pharmaceuticals: batch instructions ● Water systems: periodic security updates & anti-virus signatures ● Remote unstaffed sites: substations, pumping stations ● Trigger: button / key, schedule ● Stronger than firewalls, stronger than removable media The FLIP is a Unidirectional Gateway that can “flip over” Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 16
  • 17. Deep Content Control ● Trend in firewalls for 30 years is towards increasingly deep understanding, inspection of, and control of communications protocols ● Deep content control inspects and controls individual fields, tags, values, flags & files passing between networks ● Supports open protocols, proprietary protocols, ICS protocols, fragmented protocols – anything that an endpoint can make sense of ● DCC is generally a client, pulling only desired data. Servers try to sort out anything a client/attacker sends them. Deep Content Control protects both ICS networks from IT networks, and IT networks from ICS networks Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 17
  • 18. Evolving Best Practices – Unidirectional Gateways NERC CIP exempts unidirectionally-protected sites from over 35% of requirements DHS recommends unidirectional gateways in security assessments (ICS CERT) NRC & NEI exempts unidirectionally-protected sites from 21 of 26 cyber-perimeter rules Unidirectional gateways – limit the propagation of malicious code (ISA SP- 99-3-3 / IEC 62443-3-3) ENISA - unidirectional gateways provide better protection than firewalls NIST - unidirectional gateways prevent any connectivity of traffic between domains (800-82) Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 18
  • 19. Best Practices Continue to Evolve Unidirectional gateways defeat targeted attacks, insider attacks & malware propagation Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 19
  • 20. Waterfall Security Solutions ● Headquarters in Israel, sales and operations office in the USA ● Hundreds of sites deployed in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market – 2010, 2011, & 2012 ● Strategic partnership agreements / cooperation with: OSIsoft, GE, Siemens, and many other major industrial vendors Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 20
  • 21. ICS Relies Heavily on Perimeter Protection ● If IT protections cannot prevent modern attacks from breaching IT networks, why are they adequate for ICS networks? ● Unidirectional Gateways defeat modern interactive remote control attacks ● Everything crossing physical or cyber perimeters is a threat ● Deep Content Control supports open protocols as well as proprietary, industrial protocols Hardware-enforced unidirectional protections are today’s best practices Proprietary Information -- Copyright © 2014 by Waterfall Security Solutions 21