Industrial Security
Industrial Ethernet
Data Centers
Broadcast AV
Belden News
Blog Home
Popular Tags

Featured Bloggers

Belden.com

Popular Tags results for "SCADA Security"

#1 ICS and SCADA Security Myth: Protection by Air Gap
Blog Category: Industrial Security

Posted by: Industrial IT Team on July 09, 2012

The existence of an “air gap” between control system networks and the rest of the world has been one of the most enduring fairy tales in the field of SCADA / ICS security. The idea is that in a properly designed system, there is a physical gap between the control network and the business network. Since digital information cannot cross such a gap, bad things like hackers and worms can never get into critical control systems. From this, a corollary flows:

“Companies that get worms in their systems obviously have not created the proper air gap and deserved to be infected.”

Now there are many materials supporting the idea of the air gap. Every week a new SCADA and ICS vulnerability notice comes out and every week end users get to read statements like this:

"In addition, it is important to ensure your automation network is protected from unauthorized access using the strategies suggested in this document or isolate the automation network from all other networks using an air gap.”

Read More >>

Defense in Depth Part 2: Layering Multiple Defenses
Blog Category: Industrial Security

Posted by: Industrial IT Team on March 21, 2012

In my earlier column on the philosophy of Defense in Depth, I discussed how relying on a single defensive solution exposes a system to a single point of failure. No matter how well designed or strong that single defense is, either resourceful adversaries or Murphy’s Law eventually results in the defense malfunctioning or being bypassed. When that happens, the entire system is wide open to attack.

A far more effective strategy for reliable security is called “Defense in Depth”. Today’s blog will discuss what this actually means in the real world of SCADA and ICS security.

Read More >>

SCADA Security and Deep Packet Inspection - Part 1
Blog Category: Industrial Security

Posted by: Industrial IT Team on March 29, 2012

I have talked repeatedly about something called Deep Packet Inspection (DPI) and why it is so important for SCADA / ICS security (for example, see Air Gaps won’t Stop Stuxnet’s Children). The trouble is, I have never described what DPI actually is. So in today’s blog I will back up and explain what DPI firewall technology is all about.

Some Firewall Basics

To understand DPI, it is first important to understand how the traditional IT firewall works. A firewall is simply a device that monitors and controls traffic flowing in or between networks. It starts by capturing traffic passing through it and comparing that traffic to a predefined set of rules (called Access Control Lists or ACLs). Any messages that do not match the ACLs are then discarded.

Read More >>

SCADA Security and Deep Packet Inspection - Part 2
Blog Category: Industrial Security

Posted by: Industrial IT Team on April 04, 2012

Deep Packet Inspection (DPI) is important for the future of SCADA / ICS security - and in this article I explain why.

DPI SCADA Security: Reviewing the Basics
In Part 1 of this series I explained DPI technology in detail. To review, the traditional IT firewall examines the TCP/IP and Ethernet headers in the network messages it sees. It then makes decisions whether to allow or block a message based on this limited information.

DPI technology allows the firewall to dig deep into the SCADA protocols that sit on top of TCP/IP and Ethernet. The firewall then determines exactly what the SCADA protocol is being used for and makes better decisions on what should be allowed or blocked.

Read More >>

Why SCADA Firewalls Need to be Stateful - Part 1 of 3
Blog Category: Industrial Security

Posted by: Industrial IT Team on April 11, 2012

This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com.

Following on from Eric Byres’ discussion of Deep Packet Inspection (DPI), this article discusses a second and equally important aspect of effective firewall security referred to as “stateful inspection”.

In order to understand exactly what is meant when we talk about “state”, we need to look at the specifics behind the TCP communication sessions that are most common in modern day industrial control systems (ICS) and SCADA applications.[1] The figure below illustrates the model.The DPI that was previously discussed is actually analyzing and making decisions based on the information contained in the upper layer of the model. This layer is where you would typically see specific application operands such as a Modbus Read Coil (e.g. function code 2) or a Modbus Write Single Register (e.g. function code 6).

Read More >>

Why SCADA Firewalls Need to be Stateful - Part 2 of 3
Blog Category: Industrial Security

Posted by: Industrial IT Team on April 25, 2012

This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com.

In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security. In this article I will show you just how dangerously insecure these devices are.

Setting Up the Stateless Firewall
Let's consider a simple session where a client computer issues a request to a web server using the HTTP protocol as shown in the figure below. As defined in the IETF specifications, this message will contain the IP addresses of both computers ("src.ip" and "dst.ip"in Figure 1). It will also contain the number 80 in the destination port ("dst.port") field to indicate that the TCP packet contains a message for a HTTP server.


Read More >>

Why SCADA Firewalls Need to be Stateful - Part 3 of 3
Blog Category: Industrial Security

Posted by: Industrial IT Team on May 10, 2012

This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com.

In Part 1 of this series I explained what "state" means in network communications and the hazards of stateless security. Part 2 detailed the behavior of a stateless firewall and included a demonstration of me attacking one. In this closing article, I describe stateful inspection and its importance in securing ICS and SCADA systems.

Read More >>

SCADA Security and Fault Tolerance - A Beautiful Pairing!
Blog Category: Industrial Security

Posted by: Oliver Kleineberg on May 24, 2012

In 2010, the whole industrial automation world was stirred by the sudden appearance of the now infamous Stuxnet malware. In 2011 there were more publicly disclosed vulnerabilities than in the previous decade, with attack code readily available for more than a third of them. The need for improved cyber security for industrial networks has never been more apparent. Besides this targeted need, however, there is another reason why cyber security technology like Tofino is needed. That reason is the broader need for reliable networks that are used in mission-critical applications.

Read More >>

Follow Us

Subscribe
Blog Home
RSS Feed
Blog Home
Email Notifications

Search
All Belden Blogs


Stay Informed