Your SlideShare is downloading. ×
Stuxnet
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Stuxnet

2,179
views

Published on

Published in: Technology

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,179
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • As part of the Q4 announcement group we are expanding our data center initiatives in 2 important ways, in line with our overall data center networking vision and strategy:1/ We are expanding our guidelines for designing next generation data center infrastructures, building on the foundations of our network simplification approach introduced in 2008 (simplifying the network, collapsing network tiers, virtualizing infrastructure elements, and simplifying management designs). We are expanding by delivering techniques for sharing network infrastructures with unique features, intelligence and scale, end-to-end based on Junos. And we are introducing a framework for delivering comprehensive and consistently managed security infrastructures for the cloud.2/ As detail to support delivering on the vision we are introducing 5 new security solution modules and associated best practices and implementation guidance to protect the critical information flows and assets associated with highly virtualized and distributed cloud data center networks.The rest of the presentation fills out information supporting these important announcements.
  • Transcript

    • 1. STUXNET – THE FORMIDABLE CYBER WEAPON
      Sathish Kumar
      Rajeev Chaubey
    • 2. AGENDA
      • Stuxnet Background
      • 3. Introduction to SCADA systems
      • 4. Stuxnet Architecture
      • 5. Installation procedure
      • 6. Injection technique
      • 7. Infection routine flow
      • 8. Command and Control server communication
      • 9. Stuxnet propagation methods
      • 10. Security issues and mitigation techniques
    • SCADA SYSTEMS – GLOBAL INCIDENTS
      Sewage Hacker - SCADA system of Maroochy Water Services in Australia beginning in January 2000, which saw millions of gallons of sewage spill into waterways, hotel grounds and canals around the Sunshine Coast suburb
      Trans-Siberian Pipeline USSR - spectacular trans-Siberian pipeline disaster in 1982
      Nuclear Power Plant, US - California, The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours
      Power Grid, US - California, hackers broke into computer systems owned by California's primary electric power grid operator and remained undetected for 17 days
      Airport Hacker, US - Massachusetts, a computer hacker who disabled a key telephone company computer servicing the Worcester airport. As a result of a series of commands sent from the hacker's personal computer, vital services to the FAA control tower were disabled for six hours in March of 1997. In the course of his hacking, the defendant also electronically broke into a pharmacy computer and copied patient records.
    • 11. STUXNET BACKGROUND
      Stuxnet is a Windows computer worm discovered in July 2010.
      Targets industrial software and equipment.
      Its speculated that stuxnet was specifically designed to damageIran nuclear facilities and widely believed stuxnet introduced delay in Iran's Bushehr Nuclear Power Plant startup
      The first to include a programmable logic controller (PLC) rootkit.
    • 12. STUXNET DAY BY DAY EVOLUTION
    • 13. SUPERVISORY CONTROL AND DATA ACQUISITION
    • 14. PLC – PROGRAMMABLE LOGIC CONTROLLER
      STUXNET SEEKS SPECIFIC MODELS S7-300 S7-400
    • 15. PLC – SCAN CYCLE
      Read Input
      Execute program
      Diagnostics and communications
      Update output
    • 16. STUXNET ARCHITECTURE
    • 17. STUXNET – INSTALLATION PROCEDURE
    • 18. STUXNET – INFECTION ROUTINE FLOW
    • 19. Stuxnet – C & C Server Communication
    • 20. STUXNET PROPAGATION METHODS
    • 21. Security issues and mitigation techniques
      Security Information and Event Management systems
      Intrusion monitoring systems integrated with SIEM
      Implement “Extrusion Detection”
      Implement passive vulnerability scanners (PVS) on the control systems network
    • 22. JUNIPER IDP SCADA SIGNATURES
      SCADA:DNP3:DISABLE-RESP - This signature detects attempts to stop unsolicited responses from devices. Attackers can prevent devices from sending alarms
      SCADA:DNP3:READ - This signature detects attempts by clients to read information from a Programmable Logic Controller (PLC). Attackers can use this information to plan future, more targeted attacks
      SCADA:DNP3:STOP - This signature detects attempts to stop a DNP3 server
      SCADA:DNP3:WARM-RESTART- This signature detects attempts to reinitialize a PLC or DNP3 server
      SCADA:MODBUS:LISTEN-ONLY -This signature detects attempts to force a Programmable Logic Controller (PLC) into listen-only mode, in which the PLC does not respond to request packets
      SCADA:MODBUS:DOS - This signature detects attempts to force a Programmable Logic Controller (PLC) to restart. The PLC is unavailable while powering on
    • 23. STUXNET – THE FORMIDABLE CYBER WEAPON
      Q&A
    • 24. STUXNET – THE FORMIDABLE CYBER WEAPON
      Thank you!