logical ports and services
play

Logical Ports and Services David Sopata 4/14/2016 Agenda High - PowerPoint PPT Presentation

Mar 12, 2024 •377 likes •836 views

Logical Ports and Services David Sopata 4/14/2016 Agenda High level methodology and tips from a recovering CIP Auditor on how to: Identify Ports and Services for BES Cyber Systems and/or Assets CIP-007-6 Justifying the use of Ports

  1. Logical Ports and Services David Sopata 4/14/2016

  2. Agenda  High level methodology and tips from a recovering CIP Auditor on how to: • Identify Ports and Services for BES Cyber Systems and/or Assets CIP-007-6 • Justifying the use of Ports and Services CIP-007-6 • Incorporating the information into a baseline CIP-010-2 • Monitoring the Baseline CIP-010-2, CIP-008-5 2 Forward Together • ReliabilityFirst

  3. A little bit about me…  I am a recovering CIP Auditor  I love technology  I enjoy helping others  I’m not afraid of a terminal  I enjoy learning from others  I consider myself a process improvement hacker  I also enjoy memes! 3 Forward Together • ReliabilityFirst

  4. WARNING!!!!  I might just get silly and talk about things outside of the standards. However, these would be the next maturity step towards good practice.  Also… 4 Forward Together • ReliabilityFirst

  5. CIP-007-6 Part 1.1 Asset Level Requirement, High and Medium Impact 5 Forward Together • ReliabilityFirst

  6. CIP-007-6 R1.1  CIP-007-6 R1.1: Protecting Logical Port s • This is similar to CIP-007-3 R2 • This includes: ‒ All enabled logical ports that are generally associated with “layer 4” of the OSI Network model on BES Cyber Assets/other cyber assets. ‒ “windows services” for Windows environments or PID for the “*nix” type environments. • Other appliances/devices may call this something different. 6 Forward Together • ReliabilityFirst

  7. CIP-007-6 R1.2  CIP-007-7-6 R1.2: Protecting Physical Ports • Additional documentation in the key Lessons Learned and FAQs • This includes ‒ Disabling all unnecessary input/output ports on BES Cyber Assets i.e. (Ethernet, Serial, USB, and/or other common/proprietary ports) ‒ This is to try to prevent plugging in unauthorized removable storage, and/or transient devices  This can be accomplished through logical and physical means of disabling the ports and through signage . 7 Forward Together • ReliabilityFirst

  8. 8 Forward Together • ReliabilityFirst

  9. CIP-007-6 R1.1 Evidence/Audit Approach  Need to provide one or more documented processes for disabling or restricting ports  Need a complete list of EACMS, PACS, and PCA that are included in your High and Medium BES Cyber Systems.  Need to provide a list/document of what is needed and/or a baseline of ports that are used and what services they are tied to for ALL Cyber Assets included in your High and Medium BES Cyber Systems. • This can be shown through: ‒ Command Line output such as “netstat –boan” for Windows or “netstat – pault” for *nix ‒ Configuration files ‒ Vendor/third-party device configuration/policy management tools and reports  Bottom Line, need to see ports and protocols tied to a program/PID that are listening/active, and justified! 9 Forward Together • ReliabilityFirst

  10. CIP-007-6 R1.1 Evidence/Audit Approach  Need to provide how these baselines are being enforced for ALL BES Cyber Assets. • This can be shown through: ‒ Vendor/third-party device configuration/policy management tools ‒ Device-level/host-based firewalls systems/tools  “Where technically feasible,” indicates that if a BES Cyber Asset can not enforce/restricts these ports and services, TFEs may be required.  As always… go to the vendor documentation and/or vendor for guidance. 10 Forward Together • ReliabilityFirst

  11. 11 Forward Together • ReliabilityFirst

  12. Need to start at our foundation!!!  This all starts at CIP-002-5 • Need to start with how BES Cyber assets make up the BES Cyber Systems ‒ It may be found that there could be some better logical grouping of assets. • Remember, Entities have the ability to slice and dice BES Cyber System assets however they see fit. It can even be different between standards and requirements. * * In order to survive CIP-010-2 baselines, it has to get down to the Cyber Asset Level.  Now that we have our foundation, we can now start digging around and start poking cyber assets right?... 12 Forward Together • ReliabilityFirst

  13. We Research! 13 Forward Together • ReliabilityFirst

  14. Sources to start the search  Vendor Documentation • The best place to start is with the vendor documentation for your BES Cyber System and specific BES Cyber Assets i.e. EMS, DCS, ICS, SCADA systems • Some vendors realize this need, and are providing a list of needed ports and services required to run the system. Some don’t…  Other outside sources might be needed or we may need to do some technical device interrogation. (I hope in a lab!) 14 Forward Together • ReliabilityFirst

  15. Sources to start the search cont.  Other Vendor documentation • Hardware/Software vendors generally have marketing and/or technical manuals that show capabilities, what ports and protocols are available, and even example configurations and/or configuration options.  Third-party baselines • In addition to vendor documentation, there are also some suggested best practice baselines such as ‒ NIST Special Publications (NIST-SP-800-XXX) (some are device specific, but most are more general best practice) ‒ SANS Institute (some are device specific, but most are more general best practice) ‒ Center for Internet Security (CIS)* baselines and benchmarks (device specific, line-by- line configuration)  * Caution!…. There will be a need to modify these baselines to meet your environment!!!! 15 Forward Together • ReliabilityFirst

  16. Sources to start the search cont.  What if I have Cyber Assets or programs that can’t be found in these sources or the vendor site is not easy to navigate? 16 Forward Together • ReliabilityFirst

  17. Search Engine Hacking  Known as “Google Hacking” or “Google Dorking” • These are general terms. You can use your favorite search engine.  • These techniques are used to search hard to find documents and information, and even vulnerabilities! Aka... Open- source Intelligence (OSTIN) • This is using the built-in operators of the search engine • Example : Google operator search: site:www.url.com – ext:pdf • Google will only search the specific site containing all files ending in .pdf . https://www.ethicalhacker.net/features/book-reviews/google- hacking-ten-simple-security-searches-that-work Google Hacking for Pentesters 3 rd Addition, by Johnny Long 17 Forward Together • ReliabilityFirst

  18. Search Engine Hacking cont.  WayBack machine • http://archive.org/web/ • It’s an internet archive site that allows you to search previously cached webpages from back in the past  User forums… • User forums can be a wealth of information where someone can find problem and/or answers to issues found with different devices.  A word of caution !!!… • Be Careful what you post to these sites!!! People with malicious intent search these sites too! 18 Forward Together • ReliabilityFirst

  19. How do I find Ports and Protocols?  IANA Service Name and Transport Protocol Port Number Registry • http://www.iana.org/assignments/service-names-port- numbers/service-names-port-numbers.xhtml • It’s a great reference of ‒ System Ports ( 0-1023 ) assigned by IETF ‒ User Ports ( 1024-49151 ) assigned by IETF ‒ Dynamic and/or Private Ports ( 49152 – 65535 ) assigned by IANA using the IETF review process ‒ Transport Protocol used (udp/tcp) ‒ RFCXXXX reference of known protocols • This information can be downloaded in many formats. (CVS, XML, HTML, Plain Text) • Millage will very … Some software/OS vendors take liberties with protocols and do not follow protocols as they were defined in the RFCs. • On that note.. If you want some “light” reading it’s a good to read through some of the RFCs (Don’t operate heavy machinery while reading.) 19 Forward Together • ReliabilityFirst

  20. Quiz Time…  What are the common port numbers of these protocols commonly found in ESPs? • DNP/DNP3 • MODBUS • HTTP • HTTPS • DNS • NTP • SSH 20 Forward Together • ReliabilityFirst

  21. I found it, now what do I do with it?  STORE THE INFORMATION!!!!  This can help in building a good knowledge base system of your BES Cyber System Assets and other cyber assets  If it took this much time and effort to find it, why would you want to go hunting for it again? Why make someone else hunt for it?  This information can be used in helping to develop your baselines for CIP-010-2, monitoring rules for the SIEM, help new hires understand your systems. etc. 21 Forward Together • ReliabilityFirst

  22. Who’s talking to whom? Why?  What should we know by now? • A list BES Cyber Assets and other associated cyber assets/devices/appliances • The additional programs and services that are running on the assets/devices • Hopefully at this point we only have a subset of assets/devices that are unknown where we would need to do additional technical interrogation.  We should have some rules from CIP-005-5 as a starting point telling us some port ranges. 22 Forward Together • ReliabilityFirst

Recommend

1 May 2006 - the provisional declaration of the BHP Billiton Mt Newman railway line to

1 May 2006 - the provisional declaration of the BHP Billiton Mt Newman railway line to

PORTS AND LANDSIDE LOGISTICS: CHANGING PERSPECTIVES PROFESSOR ROSS ROBINSON A NEW FUNCTIONALITY FOR PORTS? Is there a new role and functionality emerging for ports? And for Australian ports? July 1 2003 The Port Services

295 views • 8 slides
Presentation for 1 - Overview of Ports of Normandy What is Ports of Normandy ? Ports of

Presentation for 1 - Overview of Ports of Normandy What is Ports of Normandy ? Ports of

Presentation for 1 - Overview of Ports of Normandy What is Ports of Normandy ? Ports of Normandy is a public entity jointly created by : - Normandy Region - Calvados, Manche, Seine-Maritime Departments, - Caen, Cherbourg, Dieppe

387 views • 38 slides
Transnet National Ports Authority Tariff Application FY 2015/16 Ports Regulator Roadshows 1 15

Transnet National Ports Authority Tariff Application FY 2015/16 Ports Regulator Roadshows 1 15

Transnet National Ports Authority Tariff Application FY 2015/16 Ports Regulator Roadshows 1 15 22 September 2014 Contents NPA Strategic Focus Aligned to Transnet MDS Functions of the Authority Services within the Ports

639 views • 53 slides
Fertiliser ports in the Baltic Sea co-funded by EU LIFE Programme Fertiliser ports in the Baltic

Fertiliser ports in the Baltic Sea co-funded by EU LIFE Programme Fertiliser ports in the Baltic

Fertiliser ports in the Baltic Sea co-funded by EU LIFE Programme Fertiliser ports in the Baltic Sea Over 70 ports 33 million tons 10 largest ports: Klaipeda, St Petersburg, Gdansk, Gdynia, Szczecin Swinoujscie, Port of

844 views • 68 slides
LATVIAN PORTS PORTS Three main ports of Latvia: Advantages: Freeport of Riga

LATVIAN PORTS PORTS Three main ports of Latvia: Advantages: Freeport of Riga

LATVIAN PORTS PORTS Three main ports of Latvia: Advantages: Freeport of Riga Freeport statuss Freeport of Ventspils Tax advantages for investments Liepaja Special Economic Zone Free land plots available Up to

537 views • 49 slides
UK Ports EFF & EMFF schemes ESPO smaller ports meeting 5 October 2016 Richard Ballantyne

UK Ports EFF & EMFF schemes ESPO smaller ports meeting 5 October 2016 Richard Ballantyne

UK Ports EFF & EMFF schemes ESPO smaller ports meeting 5 October 2016 Richard Ballantyne British Ports Association British Ports Association 100 port members, owning and managing more than 350 ports, harbours and piers around the

415 views • 28 slides
SAUDI INDUSTRIAL SERVICES COMPANY GENERAL ASSEMBLY MEETING PRESENTATION Your Partner in Ports

SAUDI INDUSTRIAL SERVICES COMPANY GENERAL ASSEMBLY MEETING PRESENTATION Your Partner in Ports

SAUDI INDUSTRIAL SERVICES COMPANY GENERAL ASSEMBLY MEETING PRESENTATION Your Partner in Ports & Terminals | Logistics Parks & Services | Water Solutions DISCLAIMER This presentation is strictly confidential and is being shown to you

705 views • 25 slides
OREGON PUBLIC PORTS ASSOCIATION SDAO UPDATE OCTOBER 2018 SDAO AND SDIS SERVICES Consulting

OREGON PUBLIC PORTS ASSOCIATION SDAO UPDATE OCTOBER 2018 SDAO AND SDIS SERVICES Consulting

OREGON PUBLIC PORTS ASSOCIATION SDAO UPDATE OCTOBER 2018 SDAO AND SDIS SERVICES Consulting Services 8 hours free Board Practices Assessment 4% premium credit Board Training & Mediation Organization Assessments

550 views • 31 slides
Ports of Qingdao, Shanghai and Tianjin . Subsidiary for Services and Sales in France at

Ports of Qingdao, Shanghai and Tianjin . Subsidiary for Services and Sales in France at

China : Shandong Province Between Beijing and Shanghai Ports of Qingdao, Shanghai and Tianjin . Subsidiary for Services and Sales in France at Strasbourg. Center of Europe SINCHEM GROUP XINXU HONGTAI SINCHEM SINCERE PET SINCHEM

460 views • 27 slides
SOUTH CAR SOUTH CAROLINA PORTS AUTHORITY OLINA PORTS AUTHORITY HOUSE WAYS AND MEANS ECONOMIC

SOUTH CAR SOUTH CAROLINA PORTS AUTHORITY OLINA PORTS AUTHORITY HOUSE WAYS AND MEANS ECONOMIC

SOUTH CAR SOUTH CAROLINA PORTS AUTHORITY OLINA PORTS AUTHORITY HOUSE WAYS AND MEANS ECONOMIC DEVELOPMENT AND NATURAL RESOURCES SUBCOMMITTEE JANUARY 15, 2020 SC PORTS AUTHORITY SC PORTS AUTHORITY VISION VISION & VA & VALUES LUES

500 views • 20 slides
Terminals Inc. Rediscover the Strength of Americas Inland Rivers Inland Rivers, Ports &

Terminals Inc. Rediscover the Strength of Americas Inland Rivers Inland Rivers, Ports &

Inland Rivers, Ports and Terminals Inc. Rediscover the Strength of Americas Inland Rivers Inland Rivers, Ports & Terminals, Inc. National Trade Association Resource for river-borne services to promote value of system Provide

351 views • 14 slides
Update on EPAs Ports Initiative Army Corps Principal Ports and EPA Regions 1 Overview of

Update on EPAs Ports Initiative Army Corps Principal Ports and EPA Regions 1 Overview of

Update on EPAs Ports Initiative Army Corps Principal Ports and EPA Regions 1 Overview of EPAs Ports Initiative Through EPA tools and assistance in the five program areas, we are accelerating adoption of: Clean air planning

427 views • 23 slides
Expanding Freight on our W Waterways and d Modernizing our Ports Modernizing our Ports U.S.

Expanding Freight on our W Waterways and d Modernizing our Ports Modernizing our Ports U.S.

Expanding Freight on our W Waterways and d Modernizing our Ports Modernizing our Ports U.S. Department of Transportation Maritime Administration May 2014 May 2014 Americas Marine Highways: g y From Concept to Reality!

385 views • 20 slides
The Use of Simulation as a Tool for Developing Resilience of Ports Kamal Achuthan Andrew

The Use of Simulation as a Tool for Developing Resilience of Ports Kamal Achuthan Andrew

The Use of Simulation as a Tool for Developing Resilience of Ports Kamal Achuthan Andrew Grainger (Nottingham University Business School) Taku Fujiyama (Centre for Transport Studies, UCL) Why ports need to be resilient? Ports are critical

221 views • 18 slides
CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR

CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR

CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR logical NOT && || ! Fundamentals of Computer Science I Outline Review: The if-else statement The switch statement A look at

536 views • 25 slides
Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How

Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How

Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How do we order events in a distributed system? physical clocks logical clocks snapshots (break) application: state machine replication

1.06k views • 80 slides
Basic Computation logical AND logical OR logical NOT && || ! public static void

Basic Computation logical AND logical OR logical NOT && || ! public static void

Basic Computation logical AND logical OR logical NOT && || ! public static void main(String [] args) Fundamentals of Computer Science Outline Data Types Variables Primitive Data Types The String Class Type

922 views • 55 slides
PORTS PORTS OF OF INDIANA INDIANA INDIANA PORTS PORTS INDIANA OF OF Connecting I ndiana to

PORTS PORTS OF OF INDIANA INDIANA INDIANA PORTS PORTS INDIANA OF OF Connecting I ndiana to

PORTS PORTS OF OF INDIANA INDIANA INDIANA PORTS PORTS INDIANA OF OF Connecting I ndiana to the World Connecting I ndiana to the World A statewide system of ports A statewide system of ports at the Crossroads of America at the Crossroads

458 views • 22 slides
The World Ports Sustainability Program and how ports can address the UN SDGs Dr Antonis Michail

The World Ports Sustainability Program and how ports can address the UN SDGs Dr Antonis Michail

The World Ports Sustainability Program and how ports can address the UN SDGs Dr Antonis Michail WPSP Technical Coordinator IAPH workshop on integrating SDGs in port strategies and governance Geneva, 19-20 March 2019 Insert your logo here

188 views • 15 slides
A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano Cervesato - Frank Pfenning Department of Computer Science Carnegie Mellon University 11 th IEEE Symposium on Logic in Computer Science New

587 views • 30 slides
2004 Operating Results Presentation 23 March 2005 Corporate Overview PORTS 1 9 6 1 story

2004 Operating Results Presentation 23 March 2005 Corporate Overview PORTS 1 9 6 1 story

2004 Operating Results Presentation 23 March 2005 Corporate Overview PORTS 1 9 6 1 story PORTS 1961 is a high-end fashion company established in Canada in 1961 Ports Design Limited (PDL) has been operating the PORTS 1961

406 views • 30 slides
Circular Economy Network of Ports (LOOP-Ports) MEDPorts meeting 03/06/2020 Roco Garca

Circular Economy Network of Ports (LOOP-Ports) MEDPorts meeting 03/06/2020 Roco Garca

Circular Economy Network of Ports (LOOP-Ports) MEDPorts meeting 03/06/2020 Roco Garca Fundacin Valenciaport RATIONALE Crossing-points for all kinds of waste and industrial flows. Logistical hubs for the import and export of

384 views • 20 slides
CURAAO PORTS AUTHORITY WAAIGAT DEVELOPMENT GUIDELINES OCTOBER 2018 CURAAO PORTS AUTHORITY

CURAAO PORTS AUTHORITY WAAIGAT DEVELOPMENT GUIDELINES OCTOBER 2018 CURAAO PORTS AUTHORITY

CURAAO PORTS AUTHORITY WAAIGAT DEVELOPMENT GUIDELINES OCTOBER 2018 CURAAO PORTS AUTHORITY The Curaao Ports Authority (CPA) is looking to enter into a development agreement with a partner that will design, invest, build and operate the

511 views • 15 slides
Associated British Ports Alex Chinchen Port Manager Teignmouth and Plymouth Associated British

Associated British Ports Alex Chinchen Port Manager Teignmouth and Plymouth Associated British

Associated British Ports Alex Chinchen Port Manager Teignmouth and Plymouth Associated British Ports The UKs Leading Port Operator 21 Ports and a Rail Freight Terminal In ABP and its customers handle 90 million tonnes of cargo

466 views • 21 slides

More recommend