firewall deployment for scada pcn
play

FIREWALL DEPLOYMENT FOR SCADA/PCN How closed need your network needs - PowerPoint PPT Presentation

Sep 30, 2022 •151 likes •634 views

FIREWALL DEPLOYMENT FOR SCADA/PCN How closed need your network needs to be? How open can you afford your network to be? Where from the vulnerability is coming? How to mitigate the vulnerability? How to detect that anyone

  1. FIREWALL DEPLOYMENT FOR SCADA/PCN

  2.  How closed need your network needs to be?  How open can you afford your network to be?  Where from the vulnerability is coming?  How to mitigate the vulnerability?  How to detect that anyone un-authorized is trying to jeopardize the network services?  How the Business Continuity can be maintained in the long run with the steps taken?  How to envisage future requirements? Network Security

  3. 1. Denial of Service Types of 2. Unauthorized Access: Attempt to access Attacks command shell 3. Illicit command execution: Hacking  Administrator’s password Changing IP Address  Putting a Start-up  Script 4. Confidentiality Breach 5. Destructive Attacks Data Diddling  Data destruction 

  4. Balancing act between:  Keeping equipment and processes protected.  Allowing them to touch larger computing realms via Ethernet protocols and the internet to gain new connections and capabilities. Solution:  Multiple Zone Network with Subzone. Network Security

  6. Generic IT security goals versus ICS security goals

  7. Assessment process flow chart

  8. OSI Model – 7 Layers

  9. Network Security Tools  Intelligent Network Switches and Routers  Firewalls  Hardware and Software Devices for managing network connections  User Authentication  Encrypting Data  DMZ Network Security

  10. Firewall Firewall is a mechanism used to control and monitor traffic to and from a network for the purpose of protecting devices on a network.  Compares traffic passing through it to a pre- defined security criteria  Can be a hardware device (CISCO PIX or Semantic Security Gateway)  Can be a hardware/Software unit with OS based firewall capabilities (“ iptables ” running on a Linux Server)  Host based software solution installed on the workstation directly (Norton Personal Firewall or Sygate Personal Firewall) FIREWALL

  11. Internet facing firewall protecting PC & PLC

  12. Network Traffic Network traffic is sent in discrete group of bits, called a packet which includes  Sender’s Identity (Source Address)  Recipient’s Identity (Destination Address)  Service to which the packet pertains (Port Number)  Network Operation and Status Flags  Actual payload of data to be delivered to service A firewall analyzes these characteristics and decides what to do with the packet based on a series of rules, known as Access Control Lists (ACL). Content of Network Traffic

  13. Host Based Firewalls  Available on Windows or Unix based platforms  Primary function is Workstation or Server Tasks like Database Access or Web Services  Can do little to regulate traffic destined for Embedded Control Devices Classes of Firewall

  14. Packet Filter Firewall  Simplest class of Firewall following a set of static rules  Only the IP Addresses and the port number of the packet is examined  No intelligence to identify spoofed (Forged source IP Address) packages Classes of Firewall

  15. Packet Filter Firewall

  16. Application Proxy Firewalls  Open Packets at Application Layer  Process them based on specific application rules  Reassemble and forward to target devices  No direct connection to external server  Possible to configure internal clients to redirect traffic without the knowledge of the sender  Possible to apply access control lists against the application protocol Classes of Firewall

  20.  Acting as Intrusion Detection System ; Logging denied packets, Recognizing network packages specifically designed to cause problems, Reporting unusual traffic patterns  Blocking infected traffic by deploying Front-line Anti-Virus Software on firewall  Authentication services through passwords or Public Key Encryption  Virtual Private Network (VPN) gateway services by setting up an encrypted tunnel between firewall and remote Host devices  Network Address Translation (NAT) where a set of IP addresses used on one side of a firewall are mapped to a different set on the other side. Other Firewall Services

  21.  No direct connection from the Internet to the PCN/SCADA Network and vice versa  Restricted access from the enterprise network to the control network  Unrestricted (but only authorized) access from the enterprise network to shared PCN/Enterprise servers  Secured methods for authorized remote support of control system  Secure connectivity for wireless devices  Well defined rules outlining the type of traffic permitted  Monitoring the traffic attempting to enter PCN  Secure connectivity for management of firewall Overall Security Goals of PCN/SCADA Firewalls

  22. Security: The likely effectiveness of the architecture to prevent possible attacks. Manageability: Ability of the architecture to be easily managed (both locally as well as from remote). Scalability: Ability of the architecture to be effectively deployed in both large and small systems or in large numbers. Firewall Selection Criteria

  23. Dual-Homed Computers Common SCADA/PCN Segregation Architecture

  24. Dual Homed Server with Personal Firewall Software Common SCADA/PCN Segregation Architecture

  25. Packet Filtering Router/Layer-3 Switch between PCN & EN Common SCADA/PCN Segregation Architecture

  26. Two Port Firewall between PCN & EN Common SCADA/PCN Segregation Architecture

  27. Router/Firewall combination between PCN & EN Common SCADA/PCN Segregation Architecture

  28. DMZ is a critical part of a firewall.  Neither part of un-trusted Network, nor part of trusted network  Puts additional layer of security to DDCMIS LAN  Physical or Logical sub-network that provides services to users outside LAN DMZ

  29. Firewall with DMZ between PCN & EN Common SCADA/PCN Segregation Architecture

  30. Paired Firewalls with DMZ between PCN & EN Common SCADA/PCN Segregation Architecture

  31. Firewall with DMZ and SCADA/PCN VLAN Common SCADA/PCN Segregation Architecture

  32. Comparison Chart for PCN/SCADA segregation Architecture

  33. DDCMIS NETWORK SECURITY MEASURES TAKEN AT NTPC/TALCHER-KANIHA

  35. PI Server Port 5450 10.0.120.202 Office Network Firewall Firewall Firewall ABT OPC Gateway PC Gateway PC Server + PI Honeywell + + OPC Server OPC PI OPC PI OPC Interface Interface Interface Stage I Plant Network Stage II Plant Network ABT Network Unit 2 Unit 6 Unit 1 Unit 3 Keltron Honeywell Keltron Honeywell OPC Experion OPC Experion Server System Server System Network T opology

  36. Network Topology PI Server Port 545 PI Client 0 10.0.120.202 Office Network (NTPC LAN) Firewall Firewall-2 Firewall- -3 1 ABT OPC Gateway Server PC Honeywel OPC OPC (Redundant) l WAN + PI OPC Server Server Server Interface Main Standby ABT Network L-3 Switch L-3 Switch Unit 3 Unit 6 Unit 2 Unit 1 Honeywell Honeywell DDCMS DDCMS Experion Experion System System Stage II Plant Network

  37. HEADS OF PLC COOLING CHP-1 CHP-2 DM PLANT PT PLANT COOLING PC - O&M TOWER-1 PLC PLC PLC PLC TOWER2 HEAD - OPER -C&I SHIFT M/C PLC OF - BOILER/TURBINE M/C ENGR PROJ etc -C&I M/C ENGR PT PLANT SWITCH SERVICE BLDG SWITCH Ash handling fire proof AC CPU PLC PLC PLC PLC PC1 … .. P C n SERVER PR SWITCH IT SWAS C&I shift PC Incharge PC FIREWALL BPOS system LA U#3,4,5 &6 N ESP GATEWAY PCs PC # MOR STN LAN STATION LAN SWITCH 3,4,5,6 PC SERVER OWS OWS / OWS UNIT-3 UNIT UNIT UNIT Unit 1 Unit 2 in PR LVS in PR -4 -5 -6 & CER in CCR & CER UNIT HMI LAN U#3 SWITCH Station LAN of Talcher-II UNIT HMI SERVERS Typical before PI connectivity CONTROL SYSTEM

  38. HEADS OF PLC COOLING CHP-1 CHP-2 DM PLANT PT PLANT COOLING PC - O&M TOWER-1 PLC PLC PLC PLC TOWER2 HEAD - OPER -C&I SHIFT M/C PLC OF - BOILER/TURBINE M/C ENGR PROJ etc -C&I M/C ENGR PT PLANT SWITCH SERVICE BLDG SWITCH Ash handling fire proof AC CPU PI- PLC PLC PLC PLC SERVER PC1 … .. P C n PR SWITCH IT FIREWALL LA SWAS C&I shift PI- GATEWAY PC Incharge PC N BPOS system PC Interface U#3,4,5 &6 ESP PCs DMZ # 3,4,5,6 MOR STN LAN STATION LAN SWITCH PC SERVER OWS OWS OWS in PR UNIT-3 UNIT UNIT UNIT / LVS in PR Unit 1 Unit 2 & -4 -5 -6 in & CER UNIT CCR CER HMI LAN U#3 SWITCH Station LAN of Talcher-II UNIT HMI SERVERS after PI connectivity Typical CONTROL SYSTEM

  39. PI- Server NTPC Office LAN PI- Interface - - - PI system connectivity at Talcher-II

  40. Steps: 1. Review the existing LAN of NTPC/Talcher Kaniha 2. Perform a Bandwidth Assessment Test 3. Perform a Vulnerability Test 4. Conduct a Penetration Test 5. Conduct a Security Audit 6. Conduct a CCTV Demo between Talcher Kaniha & EOC-NOIDA 7. Recommendation and Suggested Up- Gradation Network Testing Methodology

Recommend

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views • 52 slides
SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK. E-Mail: andrew.blyth@southwales.ac.uk SCADA and Ukraine SCADA Hacking Typical SCADA Critical Infrastructure Architecture 4 SCADA and IPC Forensic

303 views • 17 slides
SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and

480 views • 12 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 > L2 ) network at network at security

1.07k views • 67 slides
THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS COMMUNICATIONS Dieter Gtschow Telecommunications specialist Industry Association Resource Centre African Utility Week, 810 May 2006 Overview

549 views • 21 slides
Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013 Agenda SCADA 101 Attack Scenarios Common Vulnerabilities Remediation Exploit Demo SCADA 101 SCADA DCS Supervisory Distributed

626 views • 45 slides
SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and other Gleb Gritsai *All pictures are taken from Dr Group of security researchers focused on ICS/SCADA Alexander Timorin Dmitry Serebryannikov

1.13k views • 65 slides
_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor slrtu030.doc ~_-Computer Alternate Signal Path (3 x #16 wires) 3.275 Ghz Satollite Earth Station 3.275 Ghz Satellite _-'/P"lnK Antenna

2.28k views • 183 slides
SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data Acquisition SCADA is the system that controls the various operating processes at our facilities. It is also the system that collects and stores

1.17k views • 23 slides
System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is SCADA? S upervisory C ontrol A nd D ata A cquisition , a computer system for gathering and analysing real-time data. SCADA systems are used to

309 views • 15 slides
Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

www.elvac.eu Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems for energetics Quality metering in class A ARTIQ 144 measurements 4V4I, communication interface RS-485, optionally Ethernet or USB,

605 views • 13 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views • 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views • 106 slides
Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

10/30/2015 Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh University by Dr. Liang Cheng and Dr. Shalinee Kishore. Motivation for SCADA Suppose you have a simple electrical circuit consisting

538 views • 15 slides
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views • 14 slides
ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, & Jason Wong 1. BACKGROUND What is Spire? What is SCADA? What is SCADA? Supervisory Control and Data Acquisition Allows for centralized

530 views • 18 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

426 views • 25 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

453 views • 34 slides
SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar Krishnan & Dr. Mingkui Wei Department of Computer Science Sam Houston State University, Huntsville, Texas ISDFS 2019 SC SCADA Ov Overv

635 views • 22 slides
SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin 05|06|07 September 2014 # whoami penetration tester at Positive Technologies SCADA security researcher, main specialisation -

1.03k views • 81 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA networks Researchers: Wenyu Ren , Klara Nahrstedt, Tim Yardley Motivation Supervisory Control And Data Acquisition (SCADA) Problem with

1.12k views • 22 slides

More recommend