Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine:...

Preview:

Click to see full reader

Citation preview

Ciberseguridad en Redes Industriales

Ing. Gerardo Viar

Aceleración de Ataques a OT

2015Ukraine:Grid taken down for up to 6 hours

2017Attack triggers 150+ warning sirens across Dallas

2014Germany:Attackers damage smelter

2016Ukraine:Second Electric Grid Attack

2017Hospitals, FactoriesImpacted by Wannacry Ransomware

2014US:Paper Mill damaged remotely by former worker

2017Malware used in 2016 Ukraine attack found to have ICS unique modules

Evolución de los Ataques• Ataques IT en puntos de entrada• Brechas de IDMZ • Tools de ataque específicas para OT m

Search Engine for IoT Devices

Title

Panorama en Latinoamerica

2016

2016

• Real-Time Control

• Fast Convergence

• Traffic Segmentation and Management

• Ease of Use

• Site Operations and Control

• Multi-Service Networks

• Network and Security Management

• Routing

• Application and Data share

• Access Control

• Malware Protection

• Enterprise/IT Integration

• Collaboration

• Wireless

• Application Optimization

Cell/Area ZoneLevels 0–2

Layer 2 Access

Manufacturing ZoneLevel 3

Distribution and Core

Industrial DemilitarizedZone

(IDMZ) Firewalls

Enterprise NetworkLevels 4–5

Arquitectura Industrial – Modelo ISA99/ISA95

Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror

AV ServerGbps Linkfor Failover Detection

Firewall

(Active)

Firewall

(Standby)

Switches L3 Flow Sensor

Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process

I/O SensorController /

PLC

HMI

Switches

Qué hacer? NERC-CIP v5

Los Riesgos por Sector

Title

Title

LERC – Low Impact External Routable Connectivity

Vulnerabilidades

• Equipos sin funciones de Seguridad

• Diseño de red sin Seguridad

• Servicios innecesarios levantados

• Falta de integración Seguridad Física y Seguridad Lógica

• Insuficiente Auditoria y Monitoreo

• Falta de Autenticación/Autorización para las HMI

• Conocimiento de Normas y Ciberseguridad

• Real-Time Control

• Fast Convergence

• Traffic Segmentation and Management

• Ease of Use

• Site Operations and Control

• Multi-Service Networks

• Network and Security Management

• Routing

• Application and Data share

• Access Control

• Malware Protection

• Enterprise/IT Integration

• Collaboration

• Wireless

• Application Optimization

Cell/Area ZoneLevels 0–2

Layer 2 Access

Manufacturing ZoneLevel 3

Distribution and Core

Industrial DemilitarizedZone

(IDMZ) Firewalls

Enterprise NetworkLevels 4–5

Arquitectura Industrial – Modelo ISA99/ISA95

Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror

AV ServerGbps Linkfor Failover Detection

Firewall

(Active)

Firewall

(Standby)

Switches L3 Flow Sensor

Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process

I/O SensorController /

PLC

HMI

Switches

Passive/Active HybridPLC/RTU Config Management

Passive/Active HybridIDS, Zone enforcement, app control, Malware protection, etc.

ActiveIPS, Firewall, malware protection, etc.

ActiveIPS, Firewall, app. control, web content, malware protection, etc.

• Real-Time Control

• Fast Convergence

• Traffic Segmentation and Management

• Ease of Use

• Site Operations and Control

• Multi-Service Networks

• Network and Security Management

• Routing

• Application and Data share

• Access Control

• Malware Protection

• Enterprise/IT Integration

• Collaboration

• Wireless

• Application Optimization

Cell/Area ZoneLevels 0–2

Layer 2 Access

Manufacturing ZoneLevel 3

Distribution and Core

Industrial DemilitarizedZone

(IDMZ) Firewalls

Enterprise NetworkLevels 4–5

Factory Talk

Application and

Service Platform

Servers

Web Apps DNS FTP

Internet

Patch Management

Terminal Services

Application Mirror

AV ServerGbps Linkfor Failover Detection

Firewall

(Active)

Firewall

(Standby)

Switches L3 Flow Sensor

Network

Services

Robotics

Material

Handling

Machines

Basic Control

Process

I/O SensorController /

PLC

HMI

Switches

SIEM

NGFWNGFW

NGFW

IAM

IAM

NBAD

Recomendaciones Generales

• Establecer políticas para el control de la Seguridad

• Crear una DMZ para comunicar IT/OT

• Proteger el interior y las fronteras de la red

• Crear Políticas de Acceso Remoto

• Integrar la Seguridad física y electrónica

• Activar funciones de seguridad en HW disponible

Visibilidad y

Analisis

Acceso RemotoSegmentación Servicios

Gracias !

Recommended

MGS Ciberseguridad
Documents
CIBERSEGURIDAD - advantic.es
Documents
Sirens Company Profile
Documents
ANÁLISIS CIBERSEGURIDAD Estado Actual de la Ciberseguridad
Documents
Beacons & Sirens - wacoelec.co.za · • Banshee Combi Units - Flashtone - Multi-tone • Hooters • Hand Opertated Sirens Beacons & Sirens 11 Pg 181 182 182 183
Documents
Emergency Vehicle Sirens
Automotive
gotham city sirens 22
Documents
Sirens song 3-15
Documents
Red Lights and Sirens
Documents
Video analysis sirens.5
Entertainment & Humor
EARL FOOLISH // SS14 Sinister Sirens
Art & Photos
Delensing Gravitational Wave Standard Sirens
Documents
SIRENS AND CONTROLS
Documents
Sirens Song - Chinese
Documents
GIS and tornado sirens
Documents
Video analysis sirens.3
Entertainment & Humor
Ciberseguridad Mexico
Presentations & Public Speaking
Chasing The Sirens
Travel
Sirens song 7-15
Documents
Ciberseguridad en Redes Industriales - uruman.org · Uruguay de las amenazas del mundo ... todas las redes corporativas . ... Cisco 2015 Midyear Security Report . El robo de datos
Documents