Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc.

Published byBenedict Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc."— Presentation transcript:

1 Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc

2 Outline Critical Infrastructure Protection ICS/SCADA Security Training Next-Generation Security

3 About Me Blaž Ivanc Assistant at Jožef Stefan Institute Head of the ICS Center for Information Security Research Work: Critical Infrastructure Protection Attack Modeling Techniques Intelligence & Security Informatics

4 Critical Infrastructure Protection ● Critical infrastructure faces the interaction of industrial control and business information systems. ● Several field components of industrial control systems have strong communication support and an increasing ability to process the data. ● Numerous opportunities for the implementation of information attacks on critical infrastructure. ● Infrastructure services are perceived as critical to the users only after a failure occurs and when services and resources are no longer available.

5 ● Critical infrastructure is subject to a number of vulnerabilities, weaknesses, and security flaws. ● Growing interest for performing attacks on critical infrastructure. ● Publicly known cyber attacks directed against critical infrastructure have generated numerous books, papers and researches in the field of critical infrastructure protection. ● Compromising the industrial-control systems can lead to consequences in the physical space. Critical Infrastructure Protection

6 ● Due to the required availability, all system interventions are planned. ● After setup, ICS are rather static, have a relatively long service life and are characterized by difficult access to individual components. ● System setup and maintenance require specialized knowledge. ● Due to the specific nature of the system, prior experience and direct cooperation with the manufacturers are necessary. Critical Infrastructure Protection

7 ● The incidents connected to control systems are divided into intentional targeted attacks, unintentional incidents and unintentional internal security events ● ICS-CERT (2012) warns that the risk for control system attacks is represented by: ● control system configurations accessible via the Internet ● easily accessible tools for the exploitation of vulnerabilities ● increase in the interest in attacks on control systems Critical Infrastructure Protection

8 ● Findings regarding the situation of the security of ICS, which can be divided in five groups (U.S. DHS): ● Control systems – the use of default accounts and passwords, available visitor accounts, inadequate use of services and the presence of unnecessary services and software. ● Switches and routers –the state of devices is the same as at the time of equipment installation. Furthermore, a lack of appropriate security knowledge and experience by the operators has been established as well. ● Firewalls – in general, insufficient, inadequate and too simple rules as well as the absence of logging have been established. ● IDS & IPS – they are relatively new in the control system environment. Consequently, fewer signatures as well as insufficient means and support for adequate staff training are available. Critical Infrastructure Protection

9 ICS/SCADA Security Training ● 4-Day Course: Industrial Control System / SCADA Security ● „Hands-on“ ● Topics covered by the course: ● Industrial Control System – threats, attacks, vulnerabilities, countermeasures ● Network Vulnerabilities and Attacks ● Server/Client Side Attacks ● Digital Forensics and Incident Response

10 ICS/SCADA Security Training ● 22 – 24 September 2014 ● Zagreb, Croatia ● Who should attend: IT management, IT professionals, System Administrators, Security Administrators, and ICS Professionals in general.

11 Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Critical infrastructure operators face many challenges in securing ICS/SCADA Networks: Improving visibility to network traffic, usage and associated risks. Protecting unpatchable critical assets from sophisticated threats. Safely allowing external access and usage of networked applications. Reducing incident response time and complexity.

12 Solutions: ● Deep packet inspection technology that provides intuitive and actionable intelligence about network traffic ● Granular control over applications, users, content, and web traffic Palo Alto Networks Next-Generation Security Platform ● Native threat prevention against both known and unknown threats ● App-ID identifies all applications on all ports all the time (vs. port/protocol) ● Centralized management that expedites forensics and remediation Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

13 ● Application signatures for ICS/SCADA ● Lifecycle approach to threat prevention ● Modern cyberattacks and APTs rely on stealth, persistence, and the skilled avoidance of traditional security throughout the lifecycle of the attack. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

14 ● Least privilege network access model ● Apply segmentation best practices described in standards such as ISA- 99 and IEC 62443 to define security zones. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Use standard appliance for controlled environments or ruggedized server plus VM- series virtualized appliance for harsh environment. Limit traffic to control network protocols and limited set of approved applications/protocols for administration/alarms. Track all command-related packets by user to help with event correlation. Allow access from enterprise for select users and applications. Monitor and control third-party VPN and terminal server access. Implement time of day policies along with application and user identification to limit exposure. Consistently enforce next-generation firewall rules on mobile devices.

15 ● Central management and reporting ● Panorama central management platform makes management and intelligence gathering easier: Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Enabling centralized deployment of distinct IT/OT policies and configurations on geographically dispersed firewalls. Supporting role based administration for added security. Providing powerful centralized reports which facilitate forensics and regulatory compliance to standards such as NERC CIP and CFATS.

16 ● Implementing security in control networks must not adversely impact availability or performance. ● Palo Alto Networks security platform was designed from the ground up to address next-generation security requirements while delivering performance and availability. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

17 Thank you! info@itipo.hr info@qstc.com

Download ppt "Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Chapter 12 Network Security.

Chapter 12 Network Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Department Of Computer Engineering

Department Of Computer Engineering
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
How to protect your Virtual Datacenter Michiel van den Bos.

How to protect your Virtual Datacenter Michiel van den Bos.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google