cyber securing physical security may 2015
TRANSCRIPT
2
Introduction• A physical security system is actually a network of embedded devices that
were designed, implemented and deployed with no cyber security in-mind• These devices has minimal (if any) security mechanisms which makes
them exposed to cyber attacks that might decrease the physical security level in the site
• The network in exposed to threats coming from outside (connections to other networks and remote access) and from inside (connected devices, servers and workstations and from unsecured network equipment)
• Physical security systems are predictable in their operation which makes the network to be predictable and this makes it easier to secured them while relying on searching for abnormal behavior
3
Vulnerabilities – IT Aspect• Infected devices can attack the network by a DoS attack or a stream of
bad Ethernet packets• DHCP attack may end up with an upload of Trojan software to a valid
device or to IP misconfiguration attack• ARP poisoning / MAC spoofing attacks may allow injection of false data to
the network or interception of data• Forgotten remote connection might expose the network to threats from the
internet (or any remote network)• Using default or weak passwords might expose the system to various
attacks including taking over devices• Network connections (wired and wireless) are exposed to attacks
especially in the outdoor environment
4
Vulnerabilities – Physical Security Aspect• DoS attack = Loss of alarms, video stream and ability to control devices
(i.e. PTZ IP cameras)• DHCP attack = Injection of false data (alarms, video) to the security
system and/or creating network failure• ARP poisoning / MAC spoofing attacks = Injection of false data (alarms,
video) and interception of data (viewing video stream)• Forgotten remote access connection, Using default or weak passwords,
Network connections = All of the above…
5
The Senstar Solution• Senstar offers a unique solution to cyber secure physical security systems
while taking advantage on the unique network behavior of such networks• The solution focuses on sealing the network and assuring that only valid
devices and data streams will be part of the network by providing security to each of the network layers (in the OSI 7 layers model)
• The solution does not affect the operation of the physical security system, the structure of the network and does not add more hardware or software components
• The solution takes the “human factor” (AKA as “layer 8” in the OSI 7 layers model) out of the security equation and eliminates the affect of user passwords on the security of the system and network
6
The Senstar Solution
Monitoring link status, mapping MAC addresses, data flows and utilization
Monitoring the fibers, copper cables and PoE consumption
Mapping IP addresses and sessions
Mapping TCP/UDP ports (protocols)
Monitoring application usage (Deep Packet Inspection)
{
Tungsten, just another switch?
Slide 7
1. Tungsten is a ruggedized cyber security appliance for the edge of the network
2. It is not “just another switch”, it seals the network in both physicaland logical ways
3. Since building networks require switches, the cyber security was embedded into a switch
8
Securing the Physical Layer• Our patented approach offers a simple, yet powerful level of security to the
edge of the network• The philosophy behind this unique cyber security approach is to seal the
network rather than dealing with the user settings (i.e. passwords) and applications
• Based on the physical layer security we are offering several applications including a robust but cost sensitive dark fiber protection (compliant with the NERC/FERC CIP)
Closing the door!
9
Cyber Security in 5 Simple Steps
• Install the Tungsten switches instead of non-secured Ethernet switches (mainly at the edge of the network)
• Turn on the Tungsten, configure the security level per each port and let it map the network (in most cases it takes about 1 second)
• View the list of discovered connections (including the mapping of the cables and fibers) and approve it
• View the list of discovered devices (including the mapping of the Ethernet and IP addresses) and approve it
• View the list of discovered data streams (including the TCP/IP characteristics) and approve it
• Done… It takes 5 minutes to secure a network.
Slide 10
Current Solutions
No one offers a solution to secure the edge of the network
No one offers an appliance that seals the network
No one is securing the physical layer
No one… other than Senstar!