More Related Content
Similar to ICS_Cybersecurity_FINAL
Similar to ICS_Cybersecurity_FINAL (20)
ICS_Cybersecurity_FINAL
- 1. Designing & Deploying ICS Honeypots
Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, CCSP, Cloud +
Principal, nControl, LLC
Adjunct Professor
- 4. • ICS Componentry
– Programmable Logic Controller (PLC)
– Distributed Control Systems (DCS)
– Embedded Control
– Safety Instrumented Systems (SIS)
ICS Honeypots
- 15. • Honeypot Strategies
– Thick Deployments
• Small Scale: Each Entity Contains Whole Logic / Stack
– Thin Deployments
• Larger Scale: Traffic Reflector
ICS Honeypots
- 16. • Honeypot Solution Options
– Open-Source
• T-Pot
– ELK
• HoneyDrive Framework
– Kippo, Conpot, Dionaea, Honeyd, Glastopf, Amun, Wordpot, LaBrea
– LAMP, ELK & Other Analytics
– Commercial
• Offensive & Deceptive
– Ridgeback
• Traditional Deception
– Deception Tool Kit (DTK)
– KFSensor
– HoneyPoint Security Server
ICS Honeypots
- 17. • One-Off Deception Maneuvers
– Bastion Hosts
• Windows Environment: Telnet / SSH (like Kippo)
• Linux Environment: RDP / RDC
– VLANs
• Passive Sniffers
– Proxies
• Forward
• Reverse
• Dual (WAF-like, LaBrea / Glastopf)
ICS Honeypots
- 34. • Questions?
• Contact
– Email: smarkey@ncontrolsec.com
– Twitter: @markes1
– LI: http://www.linkedin.com/in/smarkey
Editor's Notes
- Process
for
Attack
Simulation
&
Threat
Analysis
- USB, HDMI, VGA, CD-ROM, APT, MalWare, DDoS
- T-Pot = Multiple honeypots
Dionaea = Malware & VoIP protections
- T-Pot = Multiple honeypots
Dionaea = Malware & VoIP protections
- T-Pot - Kibana
- hpfeed
- hpfeed
- OPC added by Steve
- OPC added by Steve
- Log Shipping
- Ridgeback Security Solution
- T-Pot = Multiple honeypots
Dionaea = Malware & VoIP protections