Network Security Lewis R. Folkerth, P. E. Consumers Energy Energy Management Systems
Overview Why Network Security? Types of Security Network Configurations Intrusion Detection Maintaining Security
Why Network Security? EMS as installed: –no outside connections –no or limited dialup –few threats
Why Network Security? EMS today –Network connections Company Internet –Dialup –More threats “Hackers” Competitors Terrorists
Types of Security Host Security –Passwords –OS –Vulnerability Analysis –Intrusion Detection Network Security –Firewalls –Packet Filtering –Vulnerability Analysis –Intrusion Detection
Common EMS Network
Add a Layer of Protection
Add Intrusion Detection
Isolate the Intrusion Detection
Firewalls Commercial product is probably best Consider location when choosing brand and type –Parallel implementations Use same type and brand as main Internet firewall –Series implementations Use different brand from main firewall
Packet Filtering Available in most routers Used where a firewall is overkill More difficult to maintain
Vulnerability Analysis Host based –COPS (UNIX) –ASET (Solaris) –SCE (NT) –Commercial Network Based –SATAN –nmap –Commercial
Intrusion Detection Host Based –Tripwire (UNIX) –Commercial (Other) Network Based –SHADOW –Commercial
Building an Intrusion Detection System (IDS) Obtain Software Obtain Hardware –Sensor Requirements –Analysis Station Requirements Install the sensor –OS –tcpdump, libpcap, ssh, SHADOW –Configure Install the analysis system –OS –tcpdump, libpcap, ssh, apache, browser, SHADOW –Configure
Maintaining Security Keep up with the latest exploits Ongoing education Newsletters Incident Response Groups NIPC - Infragard