SlideShare uma empresa Scribd logo

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments, Paul Asadoorian of Tenable Network Security

Transferir como PPTX, PDF
Digital Bond
Digital Bond

I will never forget my assignment for a vulnerability assessment against a control systems network. “Hey, can you go somewhere, run “scans” against this system, and oh by the way don’t crash it or a large portion of the USA could lose power”. Needless to say, I turned down that assignment, as they required that a traditional network-based “scan” be run. There has to be a better way to preform assessments in such environments! Fast forward 10 years later and I’ve worked with much safer techniques for assessing the security of SCADA/Control systems infrastructure. Working for Tenable Network Security has also provided me great insights into several techniques, including: - Using credentials to login to systems and audit for missing patches and configuration changes - Tuning vulnerability scans to be less intrusive yet still accurate and providing useful information - Implementing passive vulnerability scanning to discover hosts on the network and enumerate vulnerabilities, without sending a single packet to the end-user system

Tecnologia
1 de 39
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments Paul Asadoorian Product Evangelist Tenable Network Security
About Me • Currently Product Evangelist at Tenable Network Security • Founder & CEO of Security Weekly (formerly “PaulDotCom”) • Worked for Digital Bond in 2008/2009 • Love hacking and breaking embedded systems
Warning: Sub-Themes I am Known to Use in All My Presentations • Ninjas (Check) • Star Wars Reference • ONE lolcat • Old Joke directed at my friend Jack Daniel • Wife/Kids related humor • Unicorns
I can “scan” your networks without breaking “stuff” And spoons don’t really sound like airplanes?
You Don’t Have to Feel Vulnerable • There is typical hesitation when scanning a network and/or any systems • Scans may “cause an undesirable condition on a remote host” (Okay, it could crash it) • Problem is you must: Identify the device o Enumerate vulnerabilities o
Goals • Identify assets • Don’t break stuff • Discover vulnerabilities • Report them to people who can fix them • Continuously discover vulnerabilities that remain • Report progress to management
You Can’t Fix it if You Don’t Know it Exists • Detect hosts: Netflow Data o Firewall Logs o Arp Tables o Sniff Network Traffic o Connection tables o Query VMWare o Look at your logs o
Check out Bro IDS • Regex for your network • Write rules to discover hosts, attacks, vulnerabilities and more • Command line kung fu, Security Onion Liam has the coolest title: “Brovangelist”
P0f – Passive OS and Host detection • This tool is 14 years old…(Been around a long time) • Big thanks to Rob over at the SANS ISC, nice articles and examples http://isc.sans.org/diary/Passive+Scanning+Two+Ways++How-Tos+for+the+Holidays/17246 o http://isc.sans.org/diary/Scanning+without+Scanning/17189 o Not as long as Jack….
Sniffing the Network • Passive sniffing • Firewalls • Virtualization • This shouldn’t be on the network
Sniffing & Logging – New Hosts
Nessus for Host Discovery • Nessus is an active vulnerability scanner, however: o o o You can use credentials to audit patches Configuration auditing points out flaws Policies are highly configurable • http://www.tenable.com/blog/u sing-nessus-for-host-discovery Ninja convention
Credentials: Checking for Patches • Easy to create, use the wizard • Upload the SSH keys • Nessus automatically selects the appropriate plugins
Credentials: Checking for Patches (2)
Lots of Results, “No Problem”
Credentials: Checking Configuration
Credentials: Checking Configuration (2)
VMware Virtual Machine Info
Vulnerability Management • You must keep up with patches on ALL of your systems • You must identify easily exploitable vulnerabilities and patch them FAST
The Patch Management Struggle Our systems are missing patches! Security Guy Sysadmin
Step 1 – Define • Policy – What you will do and where you will do it • Procedures – How you will do it and who you will do it with • Get management to sign off on both of the above
Step 2 – Communication & Process • Communicate your policy and procedures to the right people! • Management, security, administrators and end users
Step 3 – Find Them All • Scan your network (frequently) • Perform authenticated vulnerability scans Servers & Desktops o Network infrastructure o Virtualization platform o Storage systems o • Sniff your network for These are not the vulnerabilities you’re looking for vulnerabilities • Mine your logs for data
Application Discovery • Get rid of applications not supported or not in use • Reduce your attack platform • Less stuff to patch
Eek, why TELNET?
Phone + Wifi Here’s my number, call me after you patch your phone.
Applications How many browsers do you need?
Scanning Embedded Systems
This is not a tablet, phone or “phablet”
2012 Wife Christmas Gift • Has Wifi • “Runs” Android
2013 Wife Christmas Gift • Has Wifi • Runs….?
“Scanning” Embedded Systems • Many embedded devices are Wifi-only • Some devices are transient or only are online for a short time then go away • Many do not react well to an active networkbased scan (ICS type devices for example) • Resources are an issue (not enough CPU/RAM)
Passive Vulnerability Scanner Trending
Conclusions • There are many ways to continually perform host discovery, from sniffing to log monitoring • Once you’ve identified all the hosts, have a process for vulnerability management • There are numerous ways in which to “scan” a host, including credentialed patch audits and configuration auditing • Embedded systems are tricky, require special attention, and passive scanning is best in this case
Sub-Themes Check list Ninjas Star Wars Reference ONE lolcat Old Joke directed at my friend Jack Daniel Wife/Kids related humor Unicorns
Tenable Resources Blog: http://blog.tenable.com Podcast: http://www.tenable.com/podcast Videos: http://www.youtube.com/tenablesecurity Discussion portal: https://discussions.nessus.org Buy Nessus, Perimeter Service, Training & Bundles: https://store.tenable.com Become a Tenable Partner: https://www.tenable.com/partners
Try SecurityCenter and Nessus now For more information, or to evaluate SecurityCenter Continuous View: http://www.tenable.com/products/securitycenter-continuous-view Evaluate Nessus free for 14 days: http://www.tenable.com/products/nessus/evaluate
Questions?
Thank you Contact me: Paul Asadoorian – paul@nessus.org for Tenable related items paul@securityweekly.com for anything else…

Recomendados

Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
Shadow IT
Shadow ITShadow IT
Shadow IT
Risk Analysis Consultants, s.r.o.
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 

Recomendados

Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
Shadow IT
Shadow ITShadow IT
Shadow IT
Risk Analysis Consultants, s.r.o.
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in Perspective
Dragos, Inc.
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
SOCIALware Benelux
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
Ryan G. Murphy
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
Dragos, Inc.
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
Iftikhar Ali Iqbal
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Dragos, Inc.
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 

Mais conteúdo relacionado

Mais procurados

Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Dragos, Inc.
 

Mais procurados (20)

TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in Perspective
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
 

Destaque

Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Digital Bond
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
Digital Bond
 

Destaque (7)

Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 

Semelhante a Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments, Paul Asadoorian of Tenable Network Security

Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
Positive Hack Days
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
Adrian Sanabria
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 

Semelhante a Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments, Paul Asadoorian of Tenable Network Security (20)

CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integration
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Luis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia IBWAS
Luis Grangeia IBWAS
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's Standpoint
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 

Mais de Digital Bond

Mais de Digital Bond (20)

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICS
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments, Paul Asadoorian of Tenable Network Security

  • 1. Tiptoe Through The Network: Practical Vulnerability Assessments in Control Systems Environments Paul Asadoorian Product Evangelist Tenable Network Security
  • 2. About Me • Currently Product Evangelist at Tenable Network Security • Founder & CEO of Security Weekly (formerly “PaulDotCom”) • Worked for Digital Bond in 2008/2009 • Love hacking and breaking embedded systems
  • 3. Warning: Sub-Themes I am Known to Use in All My Presentations • Ninjas (Check) • Star Wars Reference • ONE lolcat • Old Joke directed at my friend Jack Daniel • Wife/Kids related humor • Unicorns
  • 4. I can “scan” your networks without breaking “stuff” And spoons don’t really sound like airplanes?
  • 5. You Don’t Have to Feel Vulnerable • There is typical hesitation when scanning a network and/or any systems • Scans may “cause an undesirable condition on a remote host” (Okay, it could crash it) • Problem is you must: Identify the device o Enumerate vulnerabilities o
  • 6. Goals • Identify assets • Don’t break stuff • Discover vulnerabilities • Report them to people who can fix them • Continuously discover vulnerabilities that remain • Report progress to management
  • 7. You Can’t Fix it if You Don’t Know it Exists • Detect hosts: Netflow Data o Firewall Logs o Arp Tables o Sniff Network Traffic o Connection tables o Query VMWare o Look at your logs o
  • 8. Check out Bro IDS • Regex for your network • Write rules to discover hosts, attacks, vulnerabilities and more • Command line kung fu, Security Onion Liam has the coolest title: “Brovangelist”
  • 9. P0f – Passive OS and Host detection • This tool is 14 years old…(Been around a long time) • Big thanks to Rob over at the SANS ISC, nice articles and examples http://isc.sans.org/diary/Passive+Scanning+Two+Ways++How-Tos+for+the+Holidays/17246 o http://isc.sans.org/diary/Scanning+without+Scanning/17189 o Not as long as Jack….
  • 10. Sniffing the Network • Passive sniffing • Firewalls • Virtualization • This shouldn’t be on the network
  • 11. Sniffing & Logging – New Hosts
  • 12. Nessus for Host Discovery • Nessus is an active vulnerability scanner, however: o o o You can use credentials to audit patches Configuration auditing points out flaws Policies are highly configurable • http://www.tenable.com/blog/u sing-nessus-for-host-discovery Ninja convention
  • 13. Credentials: Checking for Patches • Easy to create, use the wizard • Upload the SSH keys • Nessus automatically selects the appropriate plugins
  • 15. Lots of Results, “No Problem”
  • 19. Vulnerability Management • You must keep up with patches on ALL of your systems • You must identify easily exploitable vulnerabilities and patch them FAST
  • 20. The Patch Management Struggle Our systems are missing patches! Security Guy Sysadmin
  • 21. Step 1 – Define • Policy – What you will do and where you will do it • Procedures – How you will do it and who you will do it with • Get management to sign off on both of the above
  • 22. Step 2 – Communication & Process • Communicate your policy and procedures to the right people! • Management, security, administrators and end users
  • 23. Step 3 – Find Them All • Scan your network (frequently) • Perform authenticated vulnerability scans Servers & Desktops o Network infrastructure o Virtualization platform o Storage systems o • Sniff your network for These are not the vulnerabilities you’re looking for vulnerabilities • Mine your logs for data
  • 24. Application Discovery • Get rid of applications not supported or not in use • Reduce your attack platform • Less stuff to patch
  • 26. Phone + Wifi Here’s my number, call me after you patch your phone.
  • 29. This is not a tablet, phone or “phablet”
  • 30. 2012 Wife Christmas Gift • Has Wifi • “Runs” Android
  • 31. 2013 Wife Christmas Gift • Has Wifi • Runs….?
  • 32. “Scanning” Embedded Systems • Many embedded devices are Wifi-only • Some devices are transient or only are online for a short time then go away • Many do not react well to an active networkbased scan (ICS type devices for example) • Resources are an issue (not enough CPU/RAM)
  • 34. Conclusions • There are many ways to continually perform host discovery, from sniffing to log monitoring • Once you’ve identified all the hosts, have a process for vulnerability management • There are numerous ways in which to “scan” a host, including credentialed patch audits and configuration auditing • Embedded systems are tricky, require special attention, and passive scanning is best in this case
  • 35. Sub-Themes Check list Ninjas Star Wars Reference ONE lolcat Old Joke directed at my friend Jack Daniel Wife/Kids related humor Unicorns
  • 36. Tenable Resources Blog: http://blog.tenable.com Podcast: http://www.tenable.com/podcast Videos: http://www.youtube.com/tenablesecurity Discussion portal: https://discussions.nessus.org Buy Nessus, Perimeter Service, Training & Bundles: https://store.tenable.com Become a Tenable Partner: https://www.tenable.com/partners
  • 37. Try SecurityCenter and Nessus now For more information, or to evaluate SecurityCenter Continuous View: http://www.tenable.com/products/securitycenter-continuous-view Evaluate Nessus free for 14 days: http://www.tenable.com/products/nessus/evaluate
  • 39. Thank you Contact me: Paul Asadoorian – paul@nessus.org for Tenable related items paul@securityweekly.com for anything else…