Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Advertisements

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Chapter 12 Network Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Department Of Computer Engineering
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep
How to protect your Virtual Datacenter Michiel van den Bos.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Lessons Learned in Smart Grid Cyber Security
Dell Connected Security Solutions Simplify & unify.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Chapter 5: Implementing Intrusion Prevention
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.
Introduction to Information Security
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Private Branch eXchange (PBX)
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Role Of Network IDS in Network Perimeter Defense.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Information Security tools for records managers Frank Rankin.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Defining your requirements for a successful security (and compliance
CompTIA Security+ Study Guide (SY0-401)
© 2002, Cisco Systems, Inc. All rights reserved.
Critical Security Controls
Security Standard: “reasonable security”
Real-time protection for web sites and web apps against ATTACKS
Firewalls.
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
Unit 27: Network Operating Systems
* Essential Network Security Book Slides.
IS4680 Security Auditing for Compliance
Skybox Cyber Security Best Practices
Security Essentials for Small Businesses
How to Mitigate the Consequences What are the Countermeasures?
Chapter 3 VLANs Chaffee County Academy
Intrusion Detection system
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc

Outline Critical Infrastructure Protection ICS/SCADA Security Training Next-Generation Security

About Me Blaž Ivanc Assistant at Jožef Stefan Institute Head of the ICS Center for Information Security Research Work: Critical Infrastructure Protection Attack Modeling Techniques Intelligence & Security Informatics

Critical Infrastructure Protection ● Critical infrastructure faces the interaction of industrial control and business information systems. ● Several field components of industrial control systems have strong communication support and an increasing ability to process the data. ● Numerous opportunities for the implementation of information attacks on critical infrastructure. ● Infrastructure services are perceived as critical to the users only after a failure occurs and when services and resources are no longer available.

● Critical infrastructure is subject to a number of vulnerabilities, weaknesses, and security flaws. ● Growing interest for performing attacks on critical infrastructure. ● Publicly known cyber attacks directed against critical infrastructure have generated numerous books, papers and researches in the field of critical infrastructure protection. ● Compromising the industrial-control systems can lead to consequences in the physical space. Critical Infrastructure Protection

● Due to the required availability, all system interventions are planned. ● After setup, ICS are rather static, have a relatively long service life and are characterized by difficult access to individual components. ● System setup and maintenance require specialized knowledge. ● Due to the specific nature of the system, prior experience and direct cooperation with the manufacturers are necessary. Critical Infrastructure Protection

● The incidents connected to control systems are divided into intentional targeted attacks, unintentional incidents and unintentional internal security events ● ICS-CERT (2012) warns that the risk for control system attacks is represented by: ● control system configurations accessible via the Internet ● easily accessible tools for the exploitation of vulnerabilities ● increase in the interest in attacks on control systems Critical Infrastructure Protection

● Findings regarding the situation of the security of ICS, which can be divided in five groups (U.S. DHS): ● Control systems – the use of default accounts and passwords, available visitor accounts, inadequate use of services and the presence of unnecessary services and software. ● Switches and routers –the state of devices is the same as at the time of equipment installation. Furthermore, a lack of appropriate security knowledge and experience by the operators has been established as well. ● Firewalls – in general, insufficient, inadequate and too simple rules as well as the absence of logging have been established. ● IDS & IPS – they are relatively new in the control system environment. Consequently, fewer signatures as well as insufficient means and support for adequate staff training are available. Critical Infrastructure Protection

ICS/SCADA Security Training ● 4-Day Course: Industrial Control System / SCADA Security ● „Hands-on“ ● Topics covered by the course: ● Industrial Control System – threats, attacks, vulnerabilities, countermeasures ● Network Vulnerabilities and Attacks ● Server/Client Side Attacks ● Digital Forensics and Incident Response

ICS/SCADA Security Training ● 22 – 24 September 2014 ● Zagreb, Croatia ● Who should attend: IT management, IT professionals, System Administrators, Security Administrators, and ICS Professionals in general.

Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Critical infrastructure operators face many challenges in securing ICS/SCADA Networks: Improving visibility to network traffic, usage and associated risks. Protecting unpatchable critical assets from sophisticated threats. Safely allowing external access and usage of networked applications. Reducing incident response time and complexity.

Solutions: ● Deep packet inspection technology that provides intuitive and actionable intelligence about network traffic ● Granular control over applications, users, content, and web traffic Palo Alto Networks Next-Generation Security Platform ● Native threat prevention against both known and unknown threats ● App-ID identifies all applications on all ports all the time (vs. port/protocol) ● Centralized management that expedites forensics and remediation Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

● Application signatures for ICS/SCADA ● Lifecycle approach to threat prevention ● Modern cyberattacks and APTs rely on stealth, persistence, and the skilled avoidance of traditional security throughout the lifecycle of the attack. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

● Least privilege network access model ● Apply segmentation best practices described in standards such as ISA- 99 and IEC to define security zones. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Use standard appliance for controlled environments or ruggedized server plus VM- series virtualized appliance for harsh environment. Limit traffic to control network protocols and limited set of approved applications/protocols for administration/alarms. Track all command-related packets by user to help with event correlation. Allow access from enterprise for select users and applications. Monitor and control third-party VPN and terminal server access. Implement time of day policies along with application and user identification to limit exposure. Consistently enforce next-generation firewall rules on mobile devices.

● Central management and reporting ● Panorama central management platform makes management and intelligence gathering easier: Next-generation security that protects critical assets, enables safe modernization and keeps uptime high Enabling centralized deployment of distinct IT/OT policies and configurations on geographically dispersed firewalls. Supporting role based administration for added security. Providing powerful centralized reports which facilitate forensics and regulatory compliance to standards such as NERC CIP and CFATS.

● Implementing security in control networks must not adversely impact availability or performance. ● Palo Alto Networks security platform was designed from the ground up to address next-generation security requirements while delivering performance and availability. Next-generation security that protects critical assets, enables safe modernization and keeps uptime high

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.