soc and ics/scada security
TRANSCRIPT
![Page 1: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/1.jpg)
مراکز عملیات امنیت در زیرساخت های حساس
1SOC and ICS/SCADA Security
![Page 2: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/2.jpg)
80%
20%
!سازمانها تدابیرامنیتی برای رویایی با مخاطرات سایبری را فراهم کرده اند% 20کمتر از
2SOC and ICS/SCADA Security
![Page 3: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/3.jpg)
مدیریت و هماهنگ ساختن پاسخگویی به رویدادها و مخاطرات امنیتی
365*7*24مانیتورینگ
هماهنگی با نهادهای نظارتی
آنالیز مخاطرات و آسیب پذیری ها
آنالیز رویدادهای امنیتی
ایجاد پایگاهی از رویدادهای امنیتی
ایجاد هشدارهای امنیتی بابت مخاطرات عمومی و خاص
ایجاد گزارش هایی برای مدیران و پاسخ دهندگان حوادث سایبری
کاهش مدت زمان پاسخ گویی به رویدادهای امنیتی از لحظه اولیه تا گزارش مهار آن
صرفه جویی در زمان و منابع
نظارت امنیتی بالدرنگ بر اساس معییارهای از پیش نععین شده(KPI)
باال بردن سطح آگاهی رسانی امنیتی در سازمان
قابلیت ایجاد همبستگی بین سیستم ها، برنامه های کاربردی، شبکه و رویدادهای امنیتی بصورت ساختار یافته
خودکارسازی فرآیندهای ارزیابی امنیتی و مدیریت ریسک
یکپارچه سازی تغییرات در شبکه
قابلیت شناسایی تمامیAttack vectorها و دسته بندی رخدادها
انجام عملیاتForensic و تعامل با مراکزCSIRT تامل با مرکزCERTملی
انطباق معیارهای امنیتی با استانداردهای بیت المللی مانندISO27001
3SOC and ICS/SCADA Security
SOCویژگی های
![Page 4: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/4.jpg)
Real-Time Monitoring- Data Aggregation - Data Correlation - Aggregates Logs- Coordinates Response- Automates Remediation
Reporting- Executive Summary- Audit and Assessment - Security Metric Reporting- KPI Compliance- SLA Reporting
Security Incident Management - Pre and Post Incident Analysis- Forensics Analysis- Root Cause Analysis- Incident Handling - aeCERT Integration
اجزای یک مرکز عملیات امنیت
4SOC and ICS/SCADA Security
![Page 5: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/5.jpg)
الزام مورد نیاز برای موفقیت در پیاده سازی مرکز عملیات امنیت10
تصمیم گیرپشتیبانی از سوی مدیران 1
سرمایه گذاری 2
استراتژی 3
نیروی انسانی 4
فرآیندها 5
تکنولوژی 6
محیط 7
و تحلیلتجزیه 8
فضای فیزیکی 9
تداوم 10
5SOC and ICS/SCADA Security
![Page 6: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/6.jpg)
پشتیبانی از سوی مدیران تصمیم گیر
تأثیراتومشکالتتعریف
اندازچشم
سنجینیاز
بودجه
(سرمایهبازگشت)آفرینیارزش
6SOC and ICS/SCADA Security
![Page 7: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/7.jpg)
سرمایه گذاری
نیروی انسانی خبره فراهم سازی بستر مناسب و تزریق سرمایه
7SOC and ICS/SCADA Security
![Page 8: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/8.jpg)
استراتژی
پیش بینی و تعیین دید کلی نسبت به مخاطرات مرتبط با سازمان
ضمانت اهداف تجاری وBusiness Continuity
آشکار ساختن نقاط آسیب پذیر و عدم تطابق
8SOC and ICS/SCADA Security
![Page 9: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/9.jpg)
نیروی انسانی
Talented
Trained
Experience
9SOC and ICS/SCADA Security
![Page 10: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/10.jpg)
فرآیندها
DATA SECURITY AND MONITORING
• Data Asset Classification• Data Collection• Data Normalization• Data at Rest and In Motion• Data Protection• Data Distribution
10SOC and ICS/SCADA Security
![Page 11: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/11.jpg)
فرآیندها
EVENT MANAGEMENT
• Event Correlation• Identification• Triage• Roles• Containment• Notification• Ticketing• Recovery• Forensics and Situational Awareness
11SOC and ICS/SCADA Security
![Page 12: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/12.jpg)
فرآیندها
INCIDENT RESPONSE PRACTICE
• Security Incident Reporting Structure• Security Incident Monitoring• Security Incident Escalation Procedure• Forensics and Root Cause Analysis• Return to Normal Operations• Post-Incident Planning and Monitoring• Communication Guidelines• SIRT Integration
12SOC and ICS/SCADA Security
![Page 13: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/13.jpg)
فرآیندها
SOC OPERATING GUIDELINES
• SOC Workflow• Personnel Shift Description• Shift Reporting• Shift Change• Information Acquisition• SOC Monitoring Suite• SOC Reporting Structure• Organizational Chart
13SOC and ICS/SCADA Security
![Page 14: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/14.jpg)
فرآیندها
ESCALATION MANAGEMENT
• Escalation Procedure• Pre-Escalation Tasks• IT Security• Network Operation Center• Security Engineering• SIRT Integration• Law Enforcement• 3rd Party Service Providers and Vendors
14SOC and ICS/SCADA Security
![Page 15: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/15.jpg)
فرآیندها
DATA RECOVERY PROCEDURES
• Disaster Recovery and BCP Procedure• Recovery Time Objective• Recovery Point Objective• Resiliency and High Availability• Facilities Outage Procedure
15SOC and ICS/SCADA Security
![Page 16: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/16.jpg)
فرآیندها
SECURITY INCIDENT PROCEDURES
• Email Phishing - Email Security Incident• Virus and Worm Infection• Anti-Virus Management Incident• NetFlow Abnormal Behavior Incident• Network Behaviour Analysis Incident• Distributed Denial of Service Incident• Host Compromise - Web Application Security Incident• Network Compromise• Internet Misuse• Human Resource - Hiring and Termination• Domain Hijack or DNS Cache Poisoning• Suspicious User Activity• Unauthorized User Access (Employee)
16SOC and ICS/SCADA Security
![Page 17: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/17.jpg)
فرآیندها
VULNERABILITY AND PATCH MANAGEMENT
• Vulnerability Research• Patch Management - Microsoft SCOM• Identification• Dissemination• Compliance Monitoring• Network Configuration Baseline• Anti-Virus Signature Management• Microsoft Updates
17SOC and ICS/SCADA Security
![Page 18: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/18.jpg)
فرآیندها
TOOLS OPERATING MANUAL FOR SOC PERSONNEL
• Operating Procedure for SIEM Solutions – Event Management and FlowCollector/Processor• Firewall Security Logs• IDS/IPS Security Logs• DMZ Jump Server / SSL VPN logs• Endpoint Security logs (AV, DLP, HIPS)• User Activity / Login Logs• Operating Procedure for Policy and Configuration Compliance• Operating Procedure for Network Monitoring Systems• Operating Procedure for Vulnerability Assessment
18SOC and ICS/SCADA Security
![Page 19: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/19.jpg)
فرآیندها
SECURITY ALARMS AND ALERT CLASSIFICATION
• Critical Alarms and Alerts with Action DefinitionNon-Critical and Information AlarmsAlarm reporting and SLA to resolve the alarms
19SOC and ICS/SCADA Security
![Page 20: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/20.jpg)
فرآیندها
SECURITY METRIC AND DASHBOARD – EXECUTIVE SUMMARY
• Definition of Security Metrics based on Center of InternetSecurity standards• Security KPI reporting definition• Security Balanced Scorecard and Executive Reporting
20SOC and ICS/SCADA Security
![Page 21: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/21.jpg)
تکنولوژی
• Penetration testing
• Real-Time network security monitoring
• Vulnerability scanning and management
• Threat intelligence
• Incident investigation
• Malware forensics
• Cybersecurity exercise creation and delivery
21SOC and ICS/SCADA Security
![Page 22: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/22.jpg)
محیط کسب و کار
22SOC and ICS/SCADA Security
![Page 23: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/23.jpg)
تجزیه و تحلیل
23SOC and ICS/SCADA Security
![Page 24: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/24.jpg)
تجزیه و تحلیل
24SOC and ICS/SCADA Security
![Page 25: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/25.jpg)
فضای فیزیکی
25SOC and ICS/SCADA Security
![Page 26: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/26.jpg)
تداوم
26SOC and ICS/SCADA Security
![Page 27: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/27.jpg)
سیستم های کنترل صنعتی
27SOC and ICS/SCADA Security
![Page 28: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/28.jpg)
داشبورد یک سیستم کنترل صنعتی
28SOC and ICS/SCADA Security
![Page 29: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/29.jpg)
نقاط آسیب پذیر
29SOC and ICS/SCADA Security
![Page 30: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/30.jpg)
الزامات امنیتی
•Segmentation•Firewalls•IDPS•Honepots•Antivirus•Hardening...
!؟...آیا این موارد کافی میباشد
30SOC and ICS/SCADA Security
![Page 31: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/31.jpg)
الزامات امنیتی
31SOC and ICS/SCADA Security
![Page 32: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/32.jpg)
الزامات حیاتی
:امنیت فیزیکی
•Security Camera
•Fencing
•Guards
•Gates
•Smart Locks
32SOC and ICS/SCADA Security
![Page 33: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/33.jpg)
الزامات حیاتی
:زیرساخت
•Switch
•Router
•Firewalls
•Modems
•…
33SOC and ICS/SCADA Security
![Page 34: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/34.jpg)
الزامات حیاتی
:DMZناحیه
•Web Server
•FTP
•SMTP
•DNS
•…
34SOC and ICS/SCADA Security
![Page 35: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/35.jpg)
الزامات حیاتی
:ارتباطات
•Profibus
•Modbus
•OPC
•…
35SOC and ICS/SCADA Security
![Page 36: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/36.jpg)
الزامات حیاتی
:تجهیزات
•PLC
•RTU
•IEDs
•HMI
•…
36SOC and ICS/SCADA Security
![Page 37: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/37.jpg)
الزامات امنیتی حیاتی
• Security Plans, Policies• Asset Inventory, System Documentation• Change management• Risk Management • Patch Management• Assessment• Crisis Management• Backup and Recovery
37SOC and ICS/SCADA Security
![Page 38: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/38.jpg)
Asset Managementلیست کردن دارایی ها از طریق
• Name• Description• Weight• OS• Location• Business Owner• Business Owner Contact Information• Technical Owner• Technical Owner Contact Information
38SOC and ICS/SCADA Security
![Page 39: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/39.jpg)
Asset Managementلیست کردن دارایی ها از طریق
39
![Page 40: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/40.jpg)
Vectorو نوع تهدیدات بر اساس نواحی
• Extranet
• Intranet
• Internet
• Data Center
• Active Directory
• Malware / Virus Infection and Propagation
• NetFlow Analysis
• Remote Sites / WAN
• Remote Access – IPSEC VPN / SSL VPN
• Wireless
... 40SOC and ICS/SCADA Security
![Page 41: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/41.jpg)
دسته بندی موارد تهدید
41SOC and ICS/SCADA Security
![Page 42: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/42.jpg)
دسته بندی موارد تهدید
42SOC and ICS/SCADA Security
![Page 43: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/43.jpg)
دسته بندی موارد تهدید
43SOC and ICS/SCADA Security
![Page 44: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/44.jpg)
Workflow
44SOC and ICS/SCADA Security
![Page 45: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/45.jpg)
ضریب تضمین امنیت در زیرساخت های حساس
پیش نیازهای حیاتی1.
سطوح امنیتی2.
1.1 Access Control
1.2 Use Control
1.3 Data Integrity
1.4 Data Confidentiality
1.5 Restrict Data Flow
1.6 Timely Response to An Event
1.7 Resource Availability
45SOC and ICS/SCADA Security
![Page 46: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/46.jpg)
ضریب تضمین امنیت در زیرساخت های حساس
46
![Page 47: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/47.jpg)
ضریب تضمین امنیتارزیابی عملکرد
47SOC and ICS/SCADA Security
![Page 48: SOC and ICS/SCADA Security](https://reader033.vdocuments.net/reader033/viewer/2022042506/58829f751a28ab92618b5c11/html5/thumbnails/48.jpg)
Author: Ali Abdollahi
• References:
• "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014.
• “Transaction Monitoring for HMG Online Service Providers" . CESG. Retrieved 22 June 2014
• "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014.
• Dts building scada security operation center • EY-security Security Operations Centers— helping you get ahead
of cybercrime • Nadel, Barbara A. (2004). Building Security: Handbook for Architectural Planning
and Design. McGraw-Hill. p. 2.20. ISBN 978-0-07-141171-4.
SOC and ICS/SCADA Security 48