Control system network security issues and recommendations

Slides:

Advertisements

Similar presentations

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Advertisements

CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,

Guide to Network Defense and Countermeasures Second Edition

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Computer Networks IGCSE ICT Section 4.

Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.

Objectives  Understand the purpose of the superuser account  Outline the key features of the Linux desktops  Navigate through the menus  Getting help.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Chapter 10: Authentication Guide to Computer Network Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

Windows 7 Firewall.

1 Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22,

1 Overview of Microsoft ISA Server Introducing ISA Server Protects resourcesProtects resources Connects directly to the Internet and your private.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

Lesson 1-Logging On to the System. Overview Importance of UNIX/Linux. Logging on to the system.

REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Chapter 28 - Remote Login and Remote Desktops(TELNET) Introduction Early Computers Used Textual Interfaces A Timesharing System Requires User Identification.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Security Vulnerabilities in A Virtual Environment

Chapter 4: Implementing Firewall Technologies

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

Chapter 9 The People in Information Systems. Learning Objectives Upon successful completion of this chapter, you will be able to: Describe each of the.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

LHC Section Meeting 1.eLogbook 2.LHC Controls Security Panel.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Yanz Limited IT SUPPORT BRISTOL - IT CONSULTANCY SERVICES ( ) Website : Contact us :

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK

Secure Connected Infrastructure

Securing Network Servers

Web Applications Security Cryptography 1

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Data and database administration

Operational Technology Information Technology

N-Tier Architecture.

Information Security Professionals

Securing the Network Perimeter with ISA 2004

Computing infrastructure for accelerator controls and security-related aspects BE/CO Day – 22.June.2010 The first part of this talk gives an overview of.

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

FTP - File Transfer Protocol

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

NERC CIP Implementation – Lessons Learned and Path Forward

Chapter 3: Windows7 Part 4.

Unit 27: Network Operating Systems

Firewalls Jiang Long Spring 2002.

How to Mitigate the Consequences What are the Countermeasures?

CEBAF Control System Access

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

PLANNING A SECURE BASELINE INSTALLATION

Designing IIS Security (IIS – Internet Information Service)

Client/Server and Peer to Peer

IT Office hours – 1 Data Sharing 101

Implementing Firewalls

Presentation transcript:

Control system network security issues and recommendations Stephen Page

The role of a control system network Contain controls equipment. Provide separation from non-critical devices, such as office computing. Prime purpose is to operate the accelerator complex and its technical infrastructure. Should be largely independent of other networks. Should be physically available in control rooms, equipment halls and in the accelerators themselves. Should allow decoupled operation of accelerators or at least critical infrastructure services in the event of a computer security incident.

Rules for connection Devices should be well-described. They should conform to a naming convention. They must not bridge to other networks. WiFi interfaces are forbidden. There should be a declared person or team responsible for them. There should be a strategy for keeping them patched and up-to-date.

Challenges typical to the control system Many devices connected to the accelerator network are old, obsolete, out-of-support or otherwise difficult to secure and therefore are vulnerable. It is not practical to replace all of them. They therefore must be contained within the network. Even the patching of modern systems is constrained by the accelerator schedule. We therefore depend strongly upon securing the perimeter of the controls network. Features and functionality of the control system tend to be of far greater perceived priority than its security.

Control system network users The controls network must accommodate multiple types of users, with different needs and access rights: Accelerator operators Equipment experts Software developers Some of those people may be working outside of the accelerator networks: in offices, or even at home, if they are on-call. The rights of those different classes of user within the control system must be managed. So-called ‘service accounts’, whose credentials may be known by multiple people, should be avoided where possible and otherwise have their scope carefully controlled.

Types of control system network access Services: Control system servers providing access to operational data or services. Office network servers which either provide services needed from the control system or because they need access to it. Interactive: Servers & virtual machines for expert access and software development. Windows terminal servers running expert applications. Both of the above types of access are required: Office network central services are needed on the control system network. Software development requires access to the control system network as separating it can mean significant duplication of systems and accelerator equipment and final validation against the accelerator complex is often needed. Experts need to be able to intervene from outside the control room to keep the complex running.

Define network rules for inter-network services Historically, the approach for computers on one network needing to access services on another has been to grant them full access to that network. The causes a proliferation of varied points of entry into the controls network. We now define rules permitting access to only the required services, with connections allowed only in the needed direction. Applying rules to existing services is very time-consuming. The ability to define such rules on a large network can be limited by the type of hardware used, so it is important to take these security considerations into account when designing the network infrastructure.

Bastion hosts as network entry points A bastion host is a secured server providing minimal services to access a resource. In our case, bastions will be used as secure gateways for interactive access between the office network and the accelerator network. SSH, web and Windows remote desktop services will be supported. No applications or development will be able to run on the bastions themselves. Only accounts belonging to individual people will be allowed to connect. All accesses will be rigorously logged. Two-factor authentication and other security policies can be implemented on the bastions as technology evolves.

Two-factor authentication Both the user’s password and a physical second factor would be needed for access. The second factor can be a USB key, smartphone application (e.g. Google Authenticator) or SMS with a one-time password. Prevents access if a password is compromised. To be integrated into central account management and applied to SSH, web (Single Sign-On) and Windows remote desktop. Should be applied on the bastion hosts and required when passing over the perimeter of the accelerator network.

Security within the control system Systems such as RBAC provide access control within the control system, not computer or network security. This is independent of computer and network security and instead controls access to accelerator equipment and devices from applications. RBAC allows us to define who can access which devices, when and from where. RBAC is mostly intended to protect against well-intentioned users, but nonetheless should follow computer security principles. Such access control systems are relatively recent and should be retrofitted to older parts of the accelerator complex.

Summary The problem of controls network security is multifaceted, involving: computers, networks, users and controls equipment. Our strategy is to: Define fine-grained rules permitting only needed services between networks. Limit and control points of entry. Ensure that users identify themselves personally. Log all accesses in and out. Adopt modern security technologies at the points of entry. Manage rights within the control system via roles. Nurturing a culture of security remains an ongoing challenge.