How to Detect Attacks and Supervise Rail Systems?

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Guide to Network Defense and Countermeasures Second Edition
IDS/IPS Definition and Classification
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
seminar on Intrusion detection system
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
IIT Indore © Neminah Hubballi
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Guide to Network Defense and Countermeasures
Operating system Security By Murtaza K. Madraswala.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Wireless Intrusion Prevention System
Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –
A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
Some Great Open Source Intrusion Detection Systems (IDSs)
Security Methods and Practice CET4884
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
SIEM Rotem Mesika System security engineering
CompTIA Security+ Study Guide (SY0-401)
IDS Intrusion Detection Systems
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Security measures deployed by e-communication providers
Security Methods and Practice CET4884
Intrusion Prevention Systems
Click to edit Master subtitle style
CompTIA Security+ Study Guide (SY0-401)
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Industrial Control Systems Security Market to reach $7bn by 2024: Global.
NETWORK SECURITY LAB Lab 9. IDS and IPS.
CompTIA Security+ Study Guide (SY0-501)
Intrusion Detection & Prevention
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems
How to Mitigate the Consequences What are the Countermeasures?
Enhanced alerting and collaborative incident management
Intrusion Detection system
Presentation transcript:

How to Detect Attacks and Supervise Rail Systems? CYRAIL Final Conference Paris, 18.09.2018 How to Detect Attacks and Supervise Rail Systems? Taha Abdelmoutaleb Cherfia fortiss

Assessment of Existing IDS Solutions Identifying and analyzing the current open source and commercial intrusion detection solutions for IT and OT systems.

Intrusion Detection Intrusion detection is the process of monitoring the events occurring in a computer system or network and analysing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Analysis Collection Response

Intrusion Detection System An intrusion detection system (IDS) is a hardware/software that automates the intrusion detection process.

IDS Characteristics An intrusion detection system has to fulfil the following requirements: Accuracy: IDS must detect and distinguish malicious activities from the legitimate ones. Performance: IDS must be able to perform real-time intrusion detection. Completeness: IDS should not fail to detect and intrusion. Fault tolerance: IDS must itself be resistant and robust against malicious attacks. Scalability: IDS must be able to monitor the worst-case number of events in a large network topology

IDS Taxonomy Host-based Intrusion Detection System (HIDS): HIDS is a software application which resides on and monitors a single host and the events occurring within that host for malicious activities. Network-based Intrusion Detection System (NIDS): NIDS is a standalone hardware device that monitors networks traffic for particular network segments or devices to identify malicious activities.

Intrusion Detection Methodologies Signature-based intrusion detection is the process of comparing signatures against observed events to identify possible incidents. Anomaly-based intrusion detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Audit Data Knowledge Base Attack Match ? Audit Data Knowledge Base Attack Statistically Anomalous?

Technical Assessment Exhaustive study on current intrusion detection solutions to assess their applicability to railways. HIDS NIDS . HYBRID IDS UTM Firewalls CyRail – Internal Review © fortiss GmbH March 08, 2018

Technical Assessment 26 open-source and commercial intrusion detection solutions 8 5 13 Open-source and Commercial IT solutions Commercial IT + OT solutions Industrial-focused solutions

Assessment Criteria Asset Discovery Type Protocol Country Response Capacity Maturity Solution Detection Mode Integration Capacity

Railways IDS Solutions Country: Israel Type: Industrial Detection Mode: Anomaly Protocol: Unknown Asset : Unknown Response : Yes Integration: Unknown Maturity: Weak Country: Israel Type: Industrial Detection Mode: Hybrid Protocol: DPI / OT Asset : Yes Response : Yes Integration: SIEM Maturity: Good Country: United Kingdom Type: Industrial Detection Mode: Anomaly Protocol: N/A Asset Discovery: N/A Response : Yes Integration: SIEM Maturity: Weak Country: France Type: Industrial Detection Mode: Anomaly Protocol: DPI / OT Asset Discovery: Yes Response : Unknown Integration: SIEM Maturity: Medium Cylus RadiFlow RazorSecure Sentryo

Deployment of Intrusion Detection Solutions Proposing a flexible deployment scheme of the intrusion detection solutions on the different zones of CyRail’s operational scenario.

NIDS Solutions 1 = NIDS for CI 1 NIDS monitoring internet networks for critical infrastructures They are designed by cyber security experts and then implement attack detection rules (attack patterns and behaviour). They have to be deployed in a way they can analyse the IN/OUT internet network traffic. Eg. GateWatcher and KeelbackNet. 1 Network-based Intrusion Detection System

Industrial NIDS Solutions Specialized in the industrial protocols, based on operational knowledge of the processes and communications. They are mostly designed to detect anomalies. Eg. Claroty, Cyberbit, CyberX, Cylus, Cypres, ICS², Indegy, NexDefense, Nozomi, Radiflow, SecurityMatters and Sentryo. 2 Network-based Intrusion Detection System

HIDS Solutions 3 = HIDS 3 Host-based Intrusion Detection System Eg. RazorSecure. 3

FW/IPS Solutions 4 = FW/IPS 4 Firewall Intrusion Prevention System Located at the border of a zone. E.g. Stormshield. 4

IT NIDS Solutions 5 = IT NIDS 5 Intrusion Detection System IT-extended IDS They can fit IT networks monitoring, due to their origin. Their capability to address industrial networks is more limited than industrial NIDS. Eg. Checkpoint, TippingPoint, Cisco IPS, Fortinet, Forcepoint, Leidos and Juniper. Intrusion Detection System

Deployment of Intrusion Detection Solutions 1 = NIDS for CI 5 2 = Industrial NIDS 1 3 = HIDS 2 4 = FW/IPS 4 3 5 = IT NIDS

Facts and Figures Europe has a strong representation of industrial IDS companies. Most Industrial IDS vendors are recent SMEs. Fast growing market, but not mature enough yet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.