Applying Policy-Based Intrusion Detection to SCADA Networks

Slides:



Advertisements
Similar presentations
TRUST for SCADA: A Simulation-based Experimental Platform
Advertisements

Application of Bayesian Network in Computer Networks Raza H. Abedi.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Presented by Serge Kpan LTEC Network Systems Administration 1.
Adrian Lauf, Jonathan Wiley, William H. Robinson, Gabor Karsai (Vanderbilt ISIS) Tanya Roosta (Berkeley) 1.
Urban Sensing Jonathan Yang UCLA CS194 Fall 2007 Jonathan Yang UCLA CS194 Fall 2007.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,
Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
FI-WARE – Future Internet Core Platform FI-WARE Interface to Networks and Devices (I2ND) July 2011 High-level description.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Intrusion Detection System for Wireless Sensor Networks: Design, Implementation and Evaluation Dr. Huirong Fu.
TRUST, Berkeley Meetings, March 19-21, 2007 A Distributed Intrusion Detection System for Resource-Constrained Devices in Ad Hoc Networks Adrian P. Lauf,
Web Application Firewall (WAF) RSA ® Conference 2013.
Module 7: Fundamentals of Administering Windows Server 2008.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.
RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
3 June, 2016 Toorcon Security Expo Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed.
Packet Capture and Analysis: An Introduction to Wireshark 1.
Module 7: Advanced Application and Web Filtering.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Cryptography and Network Security Sixth Edition by William Stallings.
Venus Project Brief Description. What It Do What Monitor Log Analyze Block Narrow Report Search Where Single stations Internet Gates Special Devices Web.
SMUHACNet 2005 Information Infrastructure for Border and Transportation Security Suku Nair.
June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.
for SDN-based flow handover in wireless environments Daniel Corujo Carlos Guimarães Rui L. Aguiar
IS3220 Information Technology Infrastructure Security
BORDER SECURITY USING WIRELESS INTEGRATED NETWORK SENSORS (WINS) By B.S.Indrani (07841A0406) Aurora’s Technological and Research Institute.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
CloudMAC: Moving MAC frames processing of the Sink to Cloud.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Some Great Open Source Intrusion Detection Systems (IDSs)
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
In the name of God.
CompTIA Security+ Study Guide (SY0-401)
Chapter 19: Network Management
Working at a Small-to-Medium Business or ISP – Chapter 8
Module Overview Installing and Configuring a Network Policy Server
MetaOS Concept MetaOS developed by Ambient Computing to coordinate the function of smart, networked devices Smart networked devices include processing.
Implementing Network Access Protection
How SCADA Systems Work?.
Detection and Analysis of Threats to the Energy Sector (DATES)
Network Administration CNET-443
iWay Sentinel: Centralized Monitoring and Management Inessa Gerber
CompTIA Security+ Study Guide (SY0-401)
Internet of Things Vulnerabilities
ISMS Information Security Management System
Firewalls Routers, Switches, Hubs VPNs
TRUST:Team for Research in Ubiquitous Secure Technologies
Chapter 3 VLANs Chaffee County Academy
FIREWALL.
Security in SDR & cognitive radio
Yining ZHAO Computer Network Information Center,
Task Manager & Profile Interface
Presentation transcript:

Applying Policy-Based Intrusion Detection to SCADA Networks Adrian P. Lauf, Jonathan Wiley, William H. Robinson, Gabor Karsai, Vanderbilt University Institute for Software Integrated Systems Tanya Roosta, UC Berkeley Project Description The Tennessee Eastman Plant Security Scenario: a SCADA process control system in a chemical plant consists of wireless sensors and actuators Sensors and Actuators form discrete devices Devices are mesh-networked Unsecured setup provides no security beyond a firewall Objective: Develop an intrusion detection system (IDS) capable of monitoring conditions on the mesh-routed network Use pre-defined policies to identify when network traffic and content is non-compliant Use distributed IDS instances across the network for improved identification Identify various classes of intrusions MATLAB/Simulink implementation of a well-documented chemical process control system Identification of key sensor/actuator blocks involved in control aspect Grouping sensor/actuator blocks into discrete network-enabled nodes Nodes can perform data acquisition, control, and routing 802.15.4 protocol used for wireless data AODV routing for link-level stability and reduced radio traffic IDS Architecture SCADA network IDS Operation Implemented as a discrete event monitoring system with policy advising Core IDS event logging implemented in Java Events recorded to individual logging tables managed by an Event Manager Policies apply directly to single or multiple event tables Events are fed to IDS via C-based monitoring applications JVM has no access to kernel and driver-level OS functionality Specific monitoring applications written in C return event notifications to IDS Notifications sent over local UDP connection Permits flexibility of device-specific implementations Individual nodes tasked with performing data acquisition and routing Select nodes outfitted with IDS Access Point also outfitted with IDS Statistics gathered by monitors are aggregated in event tables Policies are analyzed against data in the tables Exceptions noted and reported Attack types: Jamming (detect radio power utilization) Packet data alteration Packet replay attacks Routing failures (redirection) Command injection Authentication failures = IDS-enabled node Abstraction Levels November 11, 2008