Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis...
Transcript of Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis...
![Page 1: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/1.jpg)
Security assessment of critical infrastructure
Rikard Bodforss, Founding partner Bodforss Consulting AB
![Page 2: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/2.jpg)
Who am I?...I wasn’t always an IT-manager...
Listen to Säkerhetspodcasten!
![Page 3: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/3.jpg)
Securing human rights
![Page 4: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/4.jpg)
Promised deliverables• Preamble
• Passive test methods
• Active test methods
• Choosing method and approach
• Summary
![Page 5: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/5.jpg)
Preamble
![Page 6: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/6.jpg)
Why do we test security?
![Page 7: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/7.jpg)
What could possibly go wrong?
![Page 8: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/8.jpg)
![Page 9: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/9.jpg)
A brief summary of the state of academic research on the subject…
© 2005 Sandia National Laboratories, Duggan et.al.
![Page 10: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/10.jpg)
Passive methods
![Page 11: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/11.jpg)
Pen-test?
![Page 12: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/12.jpg)
The map v/s the real world
![Page 13: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/13.jpg)
Identify the weak links
![Page 14: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/14.jpg)
Identify attack vectors
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege
![Page 15: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/15.jpg)
More passive methods• Log analysis
• Wireshark, Sniffer, etc.
• Monitor ports
• Passive wireless tools
• Config file analysis
• System charts
• Process inventory
• Protocol analyzers for I2C, RS232, RS485, etc.
• Etc….
![Page 16: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/16.jpg)
Drawbacks with passive methods• Won’t find everything
• False sense of security
• Demands skills, experience and competence
• Time consuming
![Page 17: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/17.jpg)
Active test methods
![Page 18: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/18.jpg)
Target analysis
![Page 19: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/19.jpg)
Test systems
![Page 20: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/20.jpg)
FAT/SAT
![Page 21: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/21.jpg)
Virtualization
![Page 22: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/22.jpg)
Active methods• Test systems (PHYSICALLY separated)
• Virtualization in lab environment (PHYSICALLY separated)
• FAT tests at supplier
• SAT tests on pre-production systems
• Shodan.io on your own networks
• Hack someone else (Just KIDDING!!!!!)
![Page 23: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/23.jpg)
Problems with active methods• Lab is always a lab
• Real world and map don’t match
• Oops… I thought those systems were running on separate environments…
![Page 24: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/24.jpg)
Choosing methods
![Page 25: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/25.jpg)
It all comes down to risk apetite• Your mileage may vary…
• There are many ways to skin a cat….
• ”It depends…”
![Page 26: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/26.jpg)
Who should perform the tests?• Internal or external
• If external, check for reference assignments
• Security clearance for sensitive infrastructure?
• Competence
![Page 27: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/27.jpg)
SummaryAnd some final thoughts
![Page 28: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/28.jpg)
Trust, but verify
![Page 29: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/29.jpg)
Nobody is an expert on everything• Share intel with colleagues in the business
• Hire help if you don’t have all the pieces in the puzzle
• Become friends with the automation engineers
• Create teams and networks
• Cooperate with the suppliers
• Constant improvements (PDCA)
• Work strategically and proactively with risk management
![Page 30: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/30.jpg)
Network and cooperate • Learn from colleagues and peers in the business
• Form expert teams with specialists from both the business side and from the suppliers
• Attend conferences and network meetings
• Share knowledge and data
![Page 31: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/31.jpg)
Further reading (and listening)• http://energy.sandia.gov/wp-
content//gallery/uploads/sand_2005_2846p.pdf
• https://scadahacker.com/library/
• https://www.msb.se/scada
• http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
• https://ics-cert.us-cert.gov/Standards-and-References
• https://www.microsoft.com/en-us/sdl/
• http://www.rics.se/
• http://www.sakerhetspodcasten.se/
![Page 32: Security assessment of critical infrastructure SLIDESNOTES...More passive methods •Log analysis •Wireshark, Sniffer, etc. •Monitor ports •Passive wireless tools •Config file](https://reader035.fdocuments.net/reader035/viewer/2022070915/5fb5adfeead1ac20aa0d35a0/html5/thumbnails/32.jpg)
Rikard Bodforss
Thank you for listening!
Twitter: @rbodforss
Web: www.bodforss.se
www.sakerhetspodcasten.se
Email: [email protected]
Tel: +46-70 312 33 11