Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Discovery in Industrial Control Systems

Published byRalph Casey Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Discovery in Industrial Control Systems"— Presentation transcript:

1 Network Discovery in Industrial Control Systems
Charlie Rutherford Office: University of Glasgow 23/02/2019 © C. Rutherford 2018

2 Network discovery, a (very) brief introduction
Definition: Processes to discover hosts on a computer network and information about those hosts. Active & Passive scanning, Host detection, OS detection, port scanning, service detection Useful security-related information as specific vulnerabilities are tied to OS, software versions etc. Can be used to find valuable information for both attackers and defenders 23/02/2019 © C. Rutherford 2018

3 Network discovery in ICS
So far not a lot of public peer-reviewed research on this topic, more public work in enterprise IT domain. Some complications in ICS: Serial protocols, strange network topologies, unsupported protocols, fragile network components in devices, safety-critical environments, also lack of understanding of how and when to apply current tools to networks relating to security policies and standards. 23/02/2019 © C. Rutherford 2018

4 Some scanning safety concerns
Network effects: Active scans can send 1000s of packets onto network, can cause increases in latency, retransmissions, dropped packets etc. This is unacceptable in safety-critical or real-time environments. Passive scans can also potentially cause latency and bottlenecks, especially on older hardware. Device effects: Some devices can react in unpredictable ways when scanned. There have been cases of devices becoming unusable after being scanned on certain ports. Obviously this can be a problem for safety. 23/02/2019 © C. Rutherford 2018

5 What’s been done at Glasgow?
Recreating vendor discovery methods from programming software using packet crafting software (Scapy). Attempts at doing discovery on serial network showed that PLC on serial network can be manipulated from Ethernet network through a gateway, more work needs done to show discovery. Initial work to examine impact of using IT scanning tools Nmap & Nessus on ICS testbed, and developing scanning methods for ICS with fewer side effects. Image credit: HMS Industrial Networks AB 23/02/2019 © C. Rutherford 2018

6 Where does my research fall in the Purdue model?
Layer 5 Enterprise network/ Internet Not really interested, can apply ‘traditional’ IT discovery techniques Layer 4 Local Business Layer 3 DMZ Layer 2 Our area of interest/research Supervisory layer Layer 1 Control layer Layer 0 Process I/O 23/02/2019 © C. Rutherford 2018

7 What’s next? More thorough examination of the effects that existing tools have on control networks: impact of scanning on network, use cases for different levels of “aggressiveness” of scans, investigation of potential safety related problems and solutions Closer look at ICS application level protocols Ethernet/IP and CIP (ABB), Profibus and ProfiNet (Siemens), Modbus TCP (generic), to see the benefits of leveraging vendor discovery techniques, consolidating into a toolset. Work on Industrial wireless and serial discovery methods. 23/02/2019 © C. Rutherford 2018

8 Thanks Any questions? Charlie Rutherford
Office: University of Glasgow 23/02/2019 © C. Rutherford 2018

Download ppt "Network Discovery in Industrial Control Systems"

Similar presentations

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College  What are the main layers? What happens at each?

Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College  What are the main layers? What happens at each?
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Hardware & Software Needed For LAN and WAN

Hardware & Software Needed For LAN and WAN
Penetration Testing.

Penetration Testing.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
FORESEC Academy FORESEC Academy Security Essentials (III)

FORESEC Academy FORESEC Academy Security Essentials (III)
Securing Wired Local Area Networks(LANs)

Securing Wired Local Area Networks(LANs)
Scapy. Introduction  It’s a packet manipulation tool.  It can forge or decode packets of a wide number of protocols, send them on the wire, capture.

Scapy. Introduction  It’s a packet manipulation tool.  It can forge or decode packets of a wide number of protocols, send them on the wire, capture.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Improving TCP Performance over Wireless Networks

Improving TCP Performance over Wireless Networks

Similar presentations

Ads by Google