• No results found

Network/Cyber Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Network/Cyber Security"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Joe Howland,VC3

Network/Cyber Security

SCAMPS Annual Meeting 2015

Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes

Security Breaches

 Several small, mostly rural, police and sheriff offices-Targeted

by company they had investigated. Computer systems hacked, websites defaced, sensitive information exposed, (emails, tips on suspected crimes and profiles of gang members)

 $200,000 theft of electronic fund transfers for schools and

cities in a county

 Wastewater management system hacked by computer expert

rejected for city job

 SCDOR SS Numbers of 3.6 million SC residents  40 million customer’s credit and debit card data stolen

(2)

The Security Challenge

 Topic can be overwhelming  Concepts are confusing  Seen as purely an IT issue  Ignore until an event occurs

 Rapidly changing technology and tactics  Large time investment to remain current

Areas of focus

 Perimeter Security  Device Security  Monitoring  Change control  Testing  User training  Incident Response  SCADA/ICS Specific

Perimeter Security

 Physical security  Firewalls

 Network segmentation - VLANs

 Implement DMZs to contain any Internet facing services  Wireless Networks

 Intrusion Detection Systems (IDS)  Identify malicious traffic and notify  Intrusion Prevention Systems (IPS)

 Identify malicious traffic and act

Protecting your networks from directed attacks

(3)

Device Security

 Patch management (Servers,Workstations)

 Code management (Firewalls, switches, appliances)

 Lifecycle management – Ensure security from deployment to

decommission

 Anti-Virus  Anti-Spam

 Mobile Device Management  Data Encryption  Remote wipe capabilities

 Network Access Control

Preventative Maintenance

7

Monitoring

 IDS/IPS – Need to know an event has happened

 Log and Event Management Systems (LEMS)  Managed Security Services

 3rdParty Monitoring

 Do you know what’s leaving your network?

 Malicious traffic

 Confidential documents and information

Tracking your security state

8

Change Control

 IT environments change constantly  Change introduces new risk

 New systems brought online without current security patches

 Removal of legacy equipment leaves vulnerabilities  Make sure your decommission process is complete!

Does your change control process account for

security?

(4)

Testing

 Vulnerability scans  External & Internal  Periodic review of access rights

 Terminated employees

 Process audits  Third party reviews

Scans & Audits

10

End Users

 Consider using a password management tool (forces regular change, authentication)

 Grant access rights on an as needed basis  Don’t click on links in emails/texts

 Don’t open attachments unless you are expecting them

 Don’t click on email or pop-up messages that ask for personal or financial information

 Don’t download and install software

 Don’t email personal or financial information

Your #1 Security Risk

11

End Users

 Implement encryption on laptops and mobile devices  Exercise caution when accessing public hotspots  Avoid risky sites (gambling, foreign, etc.)

 Install a comprehensive security suite  Limit use of the Administrator account

Don’t ever share your password!!!!  Implement dual factor authentication

Your #1 Security Risk

(5)

End User Training

“Education is the first line of

defense”

 Explain the ramifications of a breach

 Start with basics as simple as

password policies

 Document rules for various situations  Expose your employees to real world

scenarios

Employee Termination

 Change password and disable users account

 Remote access  Vendor sites  Partner sites

 Mobile devices

 Hosted services

Take the necessary steps

14

Incident Response Plan

 Assess and categorize impact  Engage your Incident Response team

 Roles should be pre-defined

 Nature of incident dictates which roles are required

 Containment – Stop the spread

 Eradicate – Remove the cause of the incident

 Recovery – Return to normal operation  Lessons learned – How did it happen?  Complete Incident Report

How will you react when the inevitable occurs?

(6)

Security and SCADA

 Blocked or delayed

information flow

 Unauthorized changes  Instruction sets, controls,

alarm thresholds

 Inaccurate information

 ICS systems infected with malware

 Impact to safety systems

ICS / SCADA Specific Risks

16

Homeland Security Policy

 Security policies, procedures, training and educational

 Addressing security throughout the lifecycle of the ICS

 Implementing a network topology for the ICS that has multiple

layers

 Employing a DMZ network architecture

 Ensuring that critical components are redundant and are on redundant networks

 Disabling unused ports and services on ICS devices

 Restricting physical access to the ICS network and devices  Restricting ICS user privileges to only those that are required to

perform each person’s job

17

Homeland Security Policy

 Separate authentication mechanisms and credentials for users of the ICS network and the corporate network

 Using modern technology, such as smart cards for Personal Identity Verification (PIV)

 Implementing security controls such as intrusion detection

software, antivirus software and file integrity checking

 Applying security techniques such as encryption and/or

cryptographic hashes to ICS data storage

 Expeditiously deploying security patches after testing all patches

under field conditions on a test system if possible

 Tracking and monitoring audit trails on critical areas of the ICS http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf

(7)

Practical Steps

 Isolate your SCADA networks  Encrypt network traffic if possible  Grant access to only those that need it

 Do not mix administrative and SCADA systems  Implement dual factor authentication  Define strict policies and procedures  Leverage independent audits

Joe Howland,VCIO

joe.howland@vc3.com (803) 978.2714

Larry Mattox,Account Executive

larry.mattox@vc3.com (803) 978.2725

References

Download now ( PDF - 7 Page - 320.74 KB )

Related documents

A Comparison of Risk Exposure in Aquaculture and Agricultural Businesses

The aim of this paper is to compare risk exposure in salmon farming and agricultural enterprises in Norway by using an implicit error component model to examine

VoLTE_Parametros.pptx

I/S-CSCF /BGCF DRA PCRF VoLTE SBC MGCF IBCF SAE GW/ GGSN/PC EF DNS /ENUM eMSC GMSC CallSignature Platform CRBT Platform VoLTEAS /IM-SSF IN SCP MME/ SGSN IP-SM- GW Sh Mw SGi Rx Gx Mx

Caldwell Community College and Technical Institute

The purpose of this document is to define the policies and procedures for using the administrative systems, computer resources, and network systems at Caldwell Community College

Pure1 Manage User Guide

In the Analytics page, set the projection method to None to display historical capacity information for each array over the specified range of time.. Hover over the line graph to

Cross-species extrapolation of chemical sensitivity

To understand interspecific differences in species sensitivity towards chemical exposure, it is useful to divide sensitivity into two processes: toxicokinetics (TK) and

Protecting Organizations from Cyber Attack

Implement a Defensive Architecture Define a series of concentric defensive levels (or layers) of increasing cyber security to protect critical systems.. Defensive

Road Map for WCF

If you create the proxy using "SvcUtil.exe", system will generate the contract, service client operation and data contract in single "service.cs" file. If you want

COURT OF APPEALS OF VIRGINIA

Wife’s evidence included a return of service indicating that the amended show cause order and sworn petition were served on husband’s mother-in-law at the Washington address