industrial control systems honeypot
play

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan - PowerPoint PPT Presentation

Feb 28, 2024 •221 likes •384 views

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik Kinkel Jon Osborne Korbin Stich http://may1601.sd.ece.iastate.edu Client : Alliant Energy Advisor : Dr. Doug Jacobson April 28, 2016 May1601 ICS

  1. Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik Kinkel Jon Osborne Korbin Stich http://may1601.sd.ece.iastate.edu Client : Alliant Energy Advisor : Dr. Doug Jacobson April 28, 2016 May1601 ICS Honeypot April 28, 2016 1 / 15

  2. Threat Overview Highly critical threat Advanced attackers First attack on a power grid (Ukraine) May1601 ICS Honeypot April 28, 2016 2 / 15

  3. Project Overview What is a honeypot? A security mechanism designed to detect, deflect or counteract attempts at unauthorized use of information systems. Purpose Trick intruders Alert administrators Detect attack vectors Prevent data loss/corruption May1601 ICS Honeypot April 28, 2016 3 / 15

  4. The Deliverable Customized honeypots for multiple protocols Minimal IDS Automated deployment & management Configurable logging backends Raspberry Pi 2 Cheap, plug & play device May1601 ICS Honeypot April 28, 2016 4 / 15

  5. Tech Challenge 1: Dealing with Lots of Protocols Alert Honeypot Logs Traffic Many honeypot protocols and Splunk SSH logging backends to deal with New protocols must be Syslog HTTPS integrated quickly and safely Text File DNP3 May1601 ICS Honeypot April 28, 2016 5 / 15

  6. Design 1: Honeypot Plugin Framework Figure: Multi-process, message-passing architecture Splunk SSH Application-specific alerts broadcasted to loggers HTTP Syslog Custom Custom Honeypot Logger HTTPS Text File Controller DNP3 S3 pluggable concurrent separate address space easy testing · · · May1601 ICS Honeypot April 28, 2016 6 / 15

  7. Demo: Honeypot Plugin Framework Demo May1601 ICS Honeypot April 28, 2016 7 / 15

  8. Tech Challenge 2: Obscure SCADA Protocols DNP3 Application layer protocol built on TCP/IP Consists of Data, Transport, and Application layers Testing Secure Authentication DNP3Spec-V1-Introduction-20071215 May1601 ICS Honeypot April 28, 2016 8 / 15

  9. Design 2: Device Architecture Network Traffic Sniffed Snort Alerts Snort Traffic IDS Honeypot Alerts Honeypot Framework Incoming Public Traffic Interface SSH Admin Simplified Device Internals May1601 ICS Honeypot April 28, 2016 9 / 15

  10. Testing 1: Unit Tests Test Set Unit Testing Code Output Verification Plugin Strategies Plugins Loggers Log Strategies Core Strategies dnp3 splunk syslog fssh webauth May1601 ICS Honeypot April 28, 2016 10 / 15

  11. Testing 2: Integration Testing Vagrant Repeatable environment simulation Automatic streamlined VM Provisioning Vagrant Environment May1601 ICS Honeypot April 28, 2016 11 / 15

  12. Tech Challege 3: Simultaneous, Multi-Site Deployment Deployment Directory 28 Devices. Numerous Locations Ansible Makes This EASY Ansible Honeypot Administration May1601 ICS Honeypot April 28, 2016 12 / 15

  13. Demo: Provisioning with Ansible Demo May1601 ICS Honeypot April 28, 2016 13 / 15

  14. Long-term Support, Administration, and Maintenance Update process must be: flexible single-step fault-tolerant idempotent Manual administration option necessary Auto-notify for security updates Ansible Updates May1601 ICS Honeypot April 28, 2016 14 / 15

  15. Questions May1601 ICS Honeypot April 28, 2016 15 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden & Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2 Part 2 Introduction to centralized control Independent joint decentralized control may prove inadequate when the user requires high task

673 views • 36 slides
Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation

Holistic Control for Wireless Control Systems Yehan Ma CSE 521S Industrial Process Automation Large Scale Challenging environment q Physical plant Relative low speed q Network communication Stability is critical q Health, Safety, and

391 views • 38 slides
Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What is ICS and SCADA Industrial Control Systems (ICS): Chemical, water, gas processing. Transportation, electricity, nuclear systems.

331 views • 7 slides
yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

yxwvutsrponmlkihgfedcbaUTSONCA Control systems are computer based facilities, systems, and

7/11/2011 Why this presentation? This is an emerging and important area of information assurance that of cyber physical systems. CPS instantiated in the industrial world can be view as control system security or sometimes called

130 views • 10 slides
Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019

3/8/2019 Industrial Control Systems The Other Network And Cyber Security Dated: March 7, 2019 Davenport GICSP 1848 What are ICS Networks? 1 3/8/2019 What are ICS Networks? ICS, or Industrial Controls Systems, is a generic

360 views • 20 slides
Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Programming and Automation Ltd. www.proconingenieros.com Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H Granada. info@proconingenieros.com Automation and control Industrial I.T. - Industrial

304 views • 19 slides
Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor

Security Challenges and Requirements for Industrial Control Systems in the Semiconductor Manufacturing Sector Malek Ben Salem Accenture Technology Labs NIST Workshop on Cyber-Security for Cyber-physical Devices April 23 rd , 2012 Outline

837 views • 37 slides
KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda,

KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda,

KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems Pavel eleda, Jan Vykopal, Valdemar vbensk, Karel Slavek celeda@ics.muni.cz Institute of Computer Science, Masaryk University March 14, 2020 @

657 views • 13 slides
Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings

Security Controls for Industrial Control Systems EEI/AGA Security Committee Fall Meetings September 13, 2006 Boston, MA Stuart Katzke and Keith Stouffer, National Institute of Standards & Technology, Gaithersburg, MD Marshall Abrams, The

460 views • 23 slides
Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD.

Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD.

Network Monitoring on Industrial Control Systems Alvaro Cardenas, PhD. David I Urbina, PhD. candidate Introduction of NSM Long term goals Current Research ICS T raffjc Analysis Intrusion Detection Some T ools for NSM

458 views • 22 slides
HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for

HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for

HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Reykjavk, July 29, 2013 Outline 1 Introduction 2 An IPv6 darknet experiment HoneydV6 -

890 views • 31 slides
Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1

Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1

Industrial Robots Industrial Robots Control Control Part 1 Control Control Part 1 Part 1 Part 1 Introduction to robot control The motion control problem motion control problem consists in the design of control algorithms for the robot

822 views • 46 slides
Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken Wai-Kin Au School of Computing Science University of Glasgow Zhaohui Tang School of Infocomm Republic Polytechnic, Singapore 1 Introduction

576 views • 21 slides
Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what this device is doing, but at least its still doing the same thing. CRITIS 2017, October 9 th , 2017 Pol Van Aubel 1/31 Authors Joint work:

928 views • 31 slides
RECONNAISSANCE CAMPAIGNS TARGETING INDUSTRIAL CONTROL SYSTEMS By Olivier Cabana, Amr M. Youssef,

RECONNAISSANCE CAMPAIGNS TARGETING INDUSTRIAL CONTROL SYSTEMS By Olivier Cabana, Amr M. Youssef,

DETECTING, FINGERPRINTING AND TRACKING RECONNAISSANCE CAMPAIGNS TARGETING INDUSTRIAL CONTROL SYSTEMS By Olivier Cabana, Amr M. Youssef, Mourad Debbabi, Bernard Lebel, Marthe Kassouf & Basile L. Agba June 17, 2019 Detecting, Fingerprinting

631 views • 35 slides
Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel & Justin

Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel & Justin

Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel & Justin Neumann University of Connecticut The role of the honeypot The limitations Low-interaction honeypots: "Artificial" attack surface

846 views • 13 slides
Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani Name Here About Serianu Limited Serianu is a Pan Africa based Cyber Security and business consulting firm. We are an award winning company in the

759 views • 46 slides
Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

OWASP T urkey - Uygulama Gvenlii Gn Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci Siber Gvenlik Dernei ali@ikinci.info 9 June 2012 Turkey About Me Working on Malicious Web Sites

505 views • 31 slides
NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana Medkov Martin Husk, Martin Draar Introduction optimal strategy to defend network infrastructure no standard for benchmarking Network Defence

574 views • 18 slides
NCSC One: IoT Honeypot Pieter Jansen & Jurriaan Bremer On the agenda: 1. Introduction 2.

NCSC One: IoT Honeypot Pieter Jansen & Jurriaan Bremer On the agenda: 1. Introduction 2.

NCSC One: IoT Honeypot Pieter Jansen & Jurriaan Bremer On the agenda: 1. Introduction 2. SBIR 3. Cuckoo Sandbox 4. Project 5. Architecture 6. Offline demo 7. Roadmap Introduction Pieter Jansen - CEO @ Cybersprint -

859 views • 42 slides
Towards malware inspired management frameworks J er ome Fran cois, Radu State and

Towards malware inspired management frameworks J er ome Fran cois, Radu State and

April, 8 2008 http://madynes.loria.fr/ Towards malware inspired management frameworks J er ome Fran cois, Radu State and Olivier Festor Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2

513 views • 34 slides
@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining

@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining

@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining the root of fear and its effects Fear-based architecture and antipatterns Fear leads to anger, anger leads to hatred. Fearless security

765 views • 40 slides
UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager,

UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager,

UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager, Scotland What we will cover today Who UKinbound is and what we do What do we mean by Travel Trade and why is it important ? Scotland from the

381 views • 19 slides

More recommend