network security lewis r. folkerth, p. e. consumers energy energy management systems...
TRANSCRIPT
Network Security
Lewis R. Folkerth, P. E.
Consumers Energy
Energy Management Systems
Overview
• Why Network Security?
• Types of Security
• Network Configurations
• Intrusion Detection
• Maintaining Security
Why Network Security?
• EMS as installed:– no outside connections
– no or limited dialup
– few threats
EM S
R TU
Why Network Security?
• EMS today– Network connections
• Company
• Internet
– Dialup
– More threats• “Hackers”
• Competitors
• Terrorists
EM SH ub
C orporate N etw orks D ia lup
In ternet
Types of Security
• Host Security– Passwords
– OS
– Vulnerability Analysis
– Intrusion Detection
• Network Security– Firewalls
– Packet Filtering
– Vulnerability Analysis
– Intrusion Detection
Common EMS Network
R oute r
F irew a ll
In te rne t
S C A D A N e tw ork
E M S P C N e tw ork
C orpo ra te N e tw orks
Add a Layer of Protection
S C A D A N e tw ork
E M S P C N e tw ork
C orpo ra te N e tw orks
R ou te r
F irew a ll
In te rne t
R ou te r
F irew a ll
Add Intrusion Detection
S C A D A N e tw ork
E M S P C N e tw ork
C orpo ra te N e tw orks
R ou te r
F irew a ll
In te rne t
R ou te r
F irew a ll
S
A
S
SS
S - SensorA - Ana lysis System
Isolate the Intrusion Detection
S C A D A N e tw ork
E M S P C N e tw ork
C orpo ra te N e tw orks
R ou te r
F irew a ll
In te rne t
R ou te r
F irew a ll
SA
SS
Firewalls
• Commercial product is probably best
• Consider location when choosing brand and type– Parallel implementations
• Use same type and brand as main Internet firewall
– Series implementations• Use different brand from main firewall
Packet Filtering
• Available in most routers
• Used where a firewall is overkill
• More difficult to maintain
Vulnerability Analysis
• Host based– COPS (UNIX)
– ASET (Solaris)
– SCE (NT)
– Commercial
• Network Based– SATAN
– nmap
– Commercial
Intrusion Detection
• Host Based– Tripwire (UNIX)– Commercial (Other)
• Network Based– SHADOW– Commercial
Building an Intrusion Detection System (IDS)
• Obtain Software• Obtain Hardware
– Sensor Requirements– Analysis Station
Requirements
• Install the sensor– OS– tcpdump, libpcap, ssh,
SHADOW– Configure
• Install the analysis system– OS
– tcpdump, libpcap, ssh, apache, browser, SHADOW
– Configure
Maintaining Security
• Keep up with the latest exploits
• Ongoing education
• Newsletters
• Incident Response Groups
• NIPC - Infragard