SCADA Security, DNS Phishing

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Cyber X-Force-SMS alert system for threats.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Introduction to Security Computer Networks Computer Networks Term B10.

Chapter 7 HARDENING SERVERS.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Web server security Dr Jim Briggs WEBP security1.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Lesson 19: Configuring Windows Firewall

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

A Critical Infrastructure Testbed for Cybersecurity Research and Education Ai Onda, Kalana Pothuvila, Joseph Urban, and Jordan Berg Abstract Awareness.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Windows Server 2008 Chapter 8 Last Update

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Norman SecureSurf Protect your users when surfing the Internet.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Attacks on Computer Systems

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Network Tools TCP/IP interface configuration query - MAC (HW) address and IP address – Linux - /sbin/ifconfig – MS Windows – ipconfig/all 1.

Web Page Design I Retest Terms Review. 1. Web pages are created using a language known as ___________. The coding of this language must follow specific.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Module 4: Fundamentals of Communication Technologies.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

ARP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Module 10: Windows Firewall and Caching Fundamentals.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

Role Of Network IDS in Network Perimeter Defense.

Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

E-Commerce & Bank Security By: Mark Reed COSC 480.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

SECURING NETWORK TRAFFIC WITH IPSEC

Securing the Network Perimeter with ISA 2004

Man-in-the-Middle Attacks

Network Security: DNS Spoofing, SQL Injection, ARP Poisoning

Intrusion Detection system

(DNS – Domain Name System)

Designing IIS Security (IIS – Internet Information Service)

Wireless Spoofing Attacks on Mobile Devices

Presentation transcript:

SCADA Security, DNS Phishing Avesta Hojjati, Commuter science department Advisor Dr Akbar Namin Texas Tech University

What is SCADA? Supervisory Control And Data Acquisition, type of Industrial Control System (ICS). Computer based Communication through IPv4 & IPv6 Uses PLC (Programing Logic Controller) as the main operator

Main Areas of Concern Security and authentication in the design, deployment and operation of existing SCADA networks The premise that SCADA systems are secure because they use specialized protocols and have proprietary interfaces The premise that SCADA networks are secure because they have been physically secured The premise that SCADA networks are secure because they are not exposed to the Internet

SCADA Vulnerabilities DoS (Denial of Service). Vulnerabilities found in FactoryTalk Services Platform and RSLinx Enterprise November 2011: The cyber-security of the North American power grid is "in a state of near chaos," according to a report by a respected U.S. energy consultancy monitoring the industry's transition to wireless digital technologies. Critical Remote Code Execution (CRCE). Vulnerabilities found in Modbus Serial Driver, product by Schneider Electric September 2010: Iran admits that the Stuxnet worm had infected at least 30,000 computers in the country. The worm, which researchers have dubbed the most sophisticated malware ever, targets Windows PCs that manage large-scale SCADA systems at manufacturing and utility companies.) Most SCADA protocols were never intended for use on publically accessible networks, and in some cases, not even on IP networks. MODBUS, a common SCADA protocol, was originally designed for use only within simple process control Networks to enable low speed serial communications between clients and servers

Point of Attack

CRCE Attack

CRCE Prevention

Securing SCADA Networks Patch host operating systems, applications and SCADA components Control application communications between SCADA networks and other networks Control application communications within SCADA networks Control what and who are allowed to interact with SCADA networks and systems Monitor all networks closely and react quickly to viruses and attacks

What is DNS? The DNS (Domain Name System)translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. (wiki)

DNS Phishing (Fake HTTP request) Redirecting all incoming traffic to a fake server Enables to launch additional attacks, or collect traffic logs that contain sensitive information Capturing all in-bound email Allows the attacker to send email on their behalf, using the victim organization's domain and cashing-in on their positive reputation

DNS Phishing (Fake HTTP request) Taking over the registration of a domain Attackers take over the registration of a domain and change the authoritative DNS servers This was the type of attack used by the Syrian Electronic Army. They gained access to the domain registration accounts operated by Melbourne IT, changed the authoritative DNS servers to ns1.syrianelectronicarmy.com and ns2.syrianarmyelectronicarmy.com. Cache poisoning Attackers inject malicious DNS data into the recursive DNS servers operated by Internet Service Providers (ISPs). The damage cause by this attack is localized to specific users connecting to the compromised servers

DNS Phishing scenario

Demonstrating an attack using Demonstrating an attack using BackTrack Using ARP spoofing Technique (Address Resolution Protocol)

Avoidance Good security practices such as strong passwords, IP acceptable client lists (ACLs) and social engineering training will help guard against attack DNSSTOP( Domain Name Server STOP) A curses-based application that displays various tables of DNS statistics DSC (Domain Statistics Collector) DNS Statistics Collector is designed to collect and aggregate statistics from busy authoritative servers, such as those used by TLD (Top-Level Domain) and root server operators. Traffic Gist A network traffic statistics collection tool. Gist can collect statistics about live traffic and do postmortem packet capture analysis

Limiting Recursion to Authorized Clients For DNS servers that are deployed within an organization or Internet Service Provider, the resolver should be configured to perform recursive queries on behalf of authorized clients only. These requests typically should only come from clients within the organization’s network address range. We highly recommend that all server administrators restrict recursion to only clients on the organization’s network. BIND9 In the global options, include the following [10]: acl corpnets { 192.168.1.0/24; 192.168.2.0/24; }; options { allow-query { any; }; allow-recursion { corpnets; }; };

References http://www.fastandeasyhacking.com/ (Armitage) http://ettercap.github.io/ettercap/ (Ettercap) Siemens PLS Simulator (S7 Seriese)

Questions?