Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

SOC and ICS/SCADA Security

685 vues

Publié le

Educational presentation about security operation center in industrial control systems.

Publié dans : Internet

SOC and ICS/SCADA Security

  1. 1. ‫حساس‬ ‫های‬ ‫زیرساخت‬ ‫در‬ ‫امنیت‬ ‫عملیات‬ ‫مراکز‬ 1SOC and ICS/SCADA Security
  2. 2. 80% 20% ‫از‬ ‫کمتر‬20%‫اند‬ ‫کرده‬ ‫فراهم‬ ‫را‬ ‫سایبری‬ ‫مخاطرات‬ ‫با‬ ‫رویایی‬ ‫برای‬ ‫تدابیرامنیتی‬ ‫سازمانها‬! 2SOC and ICS/SCADA Security
  3. 3. ‫امنیتی‬ ‫مخاطرات‬ ‫و‬ ‫رویدادها‬ ‫به‬ ‫پاسخگویی‬ ‫ساختن‬ ‫هماهنگ‬ ‫و‬ ‫مدیریت‬ ‫مانیتورینگ‬24*7*365 ‫نظارتی‬ ‫نهادهای‬ ‫با‬ ‫هماهنگی‬ ‫ها‬ ‫پذیری‬ ‫آسیب‬ ‫و‬ ‫مخاطرات‬ ‫آنالیز‬ ‫امنیتی‬ ‫رویدادهای‬ ‫آنالیز‬ ‫امنیتی‬ ‫رویدادهای‬ ‫از‬ ‫پایگاهی‬ ‫ایجاد‬ ‫خاص‬ ‫و‬ ‫عمومی‬ ‫مخاطرات‬ ‫بابت‬ ‫امنیتی‬ ‫هشدارهای‬ ‫ایجاد‬ ‫سایبری‬ ‫حوادث‬ ‫دهندگان‬ ‫پاسخ‬ ‫و‬ ‫مدیران‬ ‫برای‬ ‫هایی‬ ‫گزارش‬ ‫ایجاد‬ ‫آن‬ ‫مهار‬ ‫گزارش‬ ‫تا‬ ‫اولیه‬ ‫لحظه‬ ‫از‬ ‫امنیتی‬ ‫رویدادهای‬ ‫به‬ ‫گویی‬ ‫پاسخ‬ ‫زمان‬ ‫مدت‬ ‫کاهش‬ ‫منابع‬ ‫و‬ ‫زمان‬ ‫در‬ ‫جویی‬ ‫صرفه‬ ‫شده‬ ‫نععین‬ ‫پیش‬ ‫از‬ ‫معییارهای‬ ‫اساس‬ ‫بر‬ ‫بالدرنگ‬ ‫امنیتی‬ ‫نظارت‬(KPI) ‫سازمان‬ ‫در‬ ‫امنیتی‬ ‫رسانی‬ ‫آگاهی‬ ‫سطح‬ ‫بردن‬ ‫باال‬ ‫یافته‬ ‫ساختار‬ ‫بصورت‬ ‫امنیتی‬ ‫رویدادهای‬ ‫و‬ ‫شبکه‬ ،‫کاربردی‬ ‫های‬ ‫برنامه‬ ،‫ها‬ ‫سیستم‬ ‫بین‬ ‫همبستگی‬ ‫ایجاد‬ ‫قابلیت‬ ‫ریسک‬ ‫مدیریت‬ ‫و‬ ‫امنیتی‬ ‫ارزیابی‬ ‫فرآیندهای‬ ‫خودکارسازی‬ ‫شبکه‬ ‫در‬ ‫تغییرات‬ ‫سازی‬ ‫یکپارچه‬ ‫تمامی‬ ‫شناسایی‬ ‫قابلیت‬Attack vector‫رخدادها‬ ‫بندی‬ ‫دسته‬ ‫و‬ ‫ها‬ ‫عملیات‬ ‫انجام‬Forensic‫مراکز‬ ‫با‬ ‫تعامل‬ ‫و‬CSIRT ‫مرکز‬ ‫با‬ ‫تامل‬CERT‫ملی‬ ‫مانند‬ ‫المللی‬ ‫بیت‬ ‫استانداردهای‬ ‫با‬ ‫امنیتی‬ ‫معیارهای‬ ‫انطباق‬ISO27001 3SOC and ICS/SCADA Security ‫های‬ ‫ویژگی‬SOC
  4. 4. Real-Time Monitoring - Data Aggregation - Data Correlation - Aggregates Logs - Coordinates Response - Automates Remediation Reporting - Executive Summary - Audit and Assessment - Security Metric Reporting - KPI Compliance - SLA Reporting Security Incident Management - Pre and Post Incident Analysis - Forensics Analysis - Root Cause Analysis - Incident Handling - aeCERT Integration ‫امنیت‬ ‫عملیات‬ ‫مرکز‬ ‫یک‬ ‫اجزای‬ 4SOC and ICS/SCADA Security
  5. 5. 10‫امنیت‬ ‫عملیات‬ ‫مرکز‬ ‫سازی‬ ‫پیاده‬ ‫در‬ ‫موفقیت‬ ‫برای‬ ‫نیاز‬ ‫مورد‬ ‫الزام‬ ‫مدیران‬ ‫سوی‬ ‫از‬ ‫پشتیبانی‬‫گیر‬ ‫تصمیم‬ 1 ‫گذاری‬ ‫سرمایه‬ 2 ‫استراتژی‬ 3 ‫انسانی‬ ‫نیروی‬ 4 ‫فرآیندها‬ 5 ‫تکنولوژی‬ 6 ‫محیط‬ 7 ‫تجزیه‬‫تحلیل‬ ‫و‬ 8 ‫فیزیکی‬ ‫فضای‬ 9 ‫تداوم‬ 10 5SOC and ICS/SCADA Security
  6. 6. ‫گیر‬ ‫تصمیم‬ ‫مدیران‬ ‫سوی‬ ‫از‬ ‫پشتیبانی‬ ‫تعریف‬‫مشکالت‬‫و‬‫تأثیرات‬ ‫چشم‬‫انداز‬ ‫نیاز‬‫سنجی‬ ‫بودجه‬ ‫ارزش‬‫آفرینی‬(‫بازگشت‬‫سرمایه‬) 6SOC and ICS/SCADA Security
  7. 7. ‫گذاری‬ ‫سرمایه‬ ‫خبره‬ ‫انسانی‬ ‫نیروی‬ ‫سرمایه‬ ‫تزریق‬ ‫و‬ ‫مناسب‬ ‫بستر‬ ‫سازی‬ ‫فراهم‬ 7SOC and ICS/SCADA Security
  8. 8. ‫استراتژی‬ ‫سازمان‬ ‫با‬ ‫مرتبط‬ ‫مخاطرات‬ ‫به‬ ‫نسبت‬ ‫کلی‬ ‫دید‬ ‫تعیین‬ ‫و‬ ‫بینی‬ ‫پیش‬ ‫و‬ ‫تجاری‬ ‫اهداف‬ ‫ضمانت‬Business Continuity ‫تطابق‬ ‫عدم‬ ‫و‬ ‫پذیر‬ ‫آسیب‬ ‫نقاط‬ ‫ساختن‬ ‫آشکار‬ 8SOC and ICS/SCADA Security
  9. 9. ‫انسانی‬ ‫نیروی‬ Talented Trained Experience 9SOC and ICS/SCADA Security
  10. 10. ‫فرآیندها‬ DATA SECURITY AND MONITORING • Data Asset Classification • Data Collection • Data Normalization • Data at Rest and In Motion • Data Protection • Data Distribution 10SOC and ICS/SCADA Security
  11. 11. ‫فرآیندها‬ EVENT MANAGEMENT • Event Correlation • Identification • Triage • Roles • Containment • Notification • Ticketing • Recovery • Forensics and Situational Awareness 11SOC and ICS/SCADA Security
  12. 12. ‫فرآیندها‬ INCIDENT RESPONSE PRACTICE • Security Incident Reporting Structure • Security Incident Monitoring • Security Incident Escalation Procedure • Forensics and Root Cause Analysis • Return to Normal Operations • Post-Incident Planning and Monitoring • Communication Guidelines • SIRT Integration 12SOC and ICS/SCADA Security
  13. 13. ‫فرآیندها‬ SOC OPERATING GUIDELINES • SOC Workflow • Personnel Shift Description • Shift Reporting • Shift Change • Information Acquisition • SOC Monitoring Suite • SOC Reporting Structure • Organizational Chart 13SOC and ICS/SCADA Security
  14. 14. ‫فرآیندها‬ ESCALATION MANAGEMENT • Escalation Procedure • Pre-Escalation Tasks • IT Security • Network Operation Center • Security Engineering • SIRT Integration • Law Enforcement • 3rd Party Service Providers and Vendors 14SOC and ICS/SCADA Security
  15. 15. ‫فرآیندها‬ DATA RECOVERY PROCEDURES • Disaster Recovery and BCP Procedure • Recovery Time Objective • Recovery Point Objective • Resiliency and High Availability • Facilities Outage Procedure 15SOC and ICS/SCADA Security
  16. 16. ‫فرآیندها‬ SECURITY INCIDENT PROCEDURES • Email Phishing - Email Security Incident • Virus and Worm Infection • Anti-Virus Management Incident • NetFlow Abnormal Behavior Incident • Network Behaviour Analysis Incident • Distributed Denial of Service Incident • Host Compromise - Web Application Security Incident • Network Compromise • Internet Misuse • Human Resource - Hiring and Termination • Domain Hijack or DNS Cache Poisoning • Suspicious User Activity • Unauthorized User Access (Employee) 16SOC and ICS/SCADA Security
  17. 17. ‫فرآیندها‬ VULNERABILITY AND PATCH MANAGEMENT • Vulnerability Research • Patch Management - Microsoft SCOM • Identification • Dissemination • Compliance Monitoring • Network Configuration Baseline • Anti-Virus Signature Management • Microsoft Updates 17SOC and ICS/SCADA Security
  18. 18. ‫فرآیندها‬ TOOLS OPERATING MANUAL FOR SOC PERSONNEL • Operating Procedure for SIEM Solutions – Event Management and Flow Collector/Processor • Firewall Security Logs • IDS/IPS Security Logs • DMZ Jump Server / SSL VPN logs • Endpoint Security logs (AV, DLP, HIPS) • User Activity / Login Logs • Operating Procedure for Policy and Configuration Compliance • Operating Procedure for Network Monitoring Systems • Operating Procedure for Vulnerability Assessment 18SOC and ICS/SCADA Security
  19. 19. ‫فرآیندها‬ SECURITY ALARMS AND ALERT CLASSIFICATION • Critical Alarms and Alerts with Action Definition Non-Critical and Information Alarms Alarm reporting and SLA to resolve the alarms 19SOC and ICS/SCADA Security
  20. 20. ‫فرآیندها‬ SECURITY METRIC AND DASHBOARD – EXECUTIVE SUMMARY • Definition of Security Metrics based on Center of Internet Security standards • Security KPI reporting definition • Security Balanced Scorecard and Executive Reporting 20SOC and ICS/SCADA Security
  21. 21. ‫تکنولوژی‬ • Penetration testing • Real-Time network security monitoring • Vulnerability scanning and management • Threat intelligence • Incident investigation • Malware forensics • Cybersecurity exercise creation and delivery 21SOC and ICS/SCADA Security
  22. 22. ‫کار‬ ‫و‬ ‫کسب‬ ‫محیط‬ 22SOC and ICS/SCADA Security
  23. 23. ‫تحلیل‬ ‫و‬ ‫تجزیه‬ 23SOC and ICS/SCADA Security
  24. 24. ‫تحلیل‬ ‫و‬ ‫تجزیه‬ 24SOC and ICS/SCADA Security
  25. 25. ‫فیزیکی‬ ‫فضای‬ 25SOC and ICS/SCADA Security
  26. 26. ‫تداوم‬ 26SOC and ICS/SCADA Security
  27. 27. ‫صنعتی‬ ‫کنترل‬ ‫های‬ ‫سیستم‬ 27SOC and ICS/SCADA Security
  28. 28. ‫صنعتی‬ ‫کنترل‬ ‫سیستم‬ ‫یک‬ ‫داشبورد‬ 28SOC and ICS/SCADA Security
  29. 29. ‫پذیر‬ ‫آسیب‬ ‫نقاط‬ 29SOC and ICS/SCADA Security
  30. 30. ‫امنیتی‬ ‫الزامات‬ •Segmentation •Firewalls •IDPS •Honepots •Antivirus •Hardening . . . ‫میباشد‬ ‫کافی‬ ‫موارد‬ ‫این‬ ‫آیا‬...‫؟‬! 30SOC and ICS/SCADA Security
  31. 31. ‫امنیتی‬ ‫الزامات‬ 31SOC and ICS/SCADA Security
  32. 32. ‫حیاتی‬ ‫الزامات‬ ‫فیزیکی‬ ‫امنیت‬: •Security Camera •Fencing •Guards •Gates •Smart Locks 32SOC and ICS/SCADA Security
  33. 33. ‫حیاتی‬ ‫الزامات‬ ‫زیرساخت‬: •Switch •Router •Firewalls •Modems •… 33SOC and ICS/SCADA Security
  34. 34. ‫حیاتی‬ ‫الزامات‬ ‫ناحیه‬DMZ: •Web Server •FTP •SMTP •DNS •… 34SOC and ICS/SCADA Security
  35. 35. ‫حیاتی‬ ‫الزامات‬ ‫ارتباطات‬: •Profibus •Modbus •OPC •… 35SOC and ICS/SCADA Security
  36. 36. ‫حیاتی‬ ‫الزامات‬ ‫تجهیزات‬: •PLC •RTU •IEDs •HMI •… 36SOC and ICS/SCADA Security
  37. 37. ‫حیاتی‬ ‫امنیتی‬ ‫الزامات‬ • Security Plans, Policies • Asset Inventory, System Documentation • Change management • Risk Management • Patch Management • Assessment • Crisis Management • Backup and Recovery 37SOC and ICS/SCADA Security
  38. 38. ‫طریق‬ ‫از‬ ‫ها‬ ‫دارایی‬ ‫کردن‬ ‫لیست‬Asset Management • Name • Description • Weight • OS • Location • Business Owner • Business Owner Contact Information • Technical Owner • Technical Owner Contact Information 38SOC and ICS/SCADA Security
  39. 39. ‫طریق‬ ‫از‬ ‫ها‬ ‫دارایی‬ ‫کردن‬ ‫لیست‬Asset Management 39
  40. 40. ‫نواحی‬ ‫اساس‬ ‫بر‬ ‫تهدیدات‬‫نوع‬ ‫و‬Vector • Extranet • Intranet • Internet • Data Center • Active Directory • Malware / Virus Infection and Propagation • NetFlow Analysis • Remote Sites / WAN • Remote Access – IPSEC VPN / SSL VPN • Wireless ... 40SOC and ICS/SCADA Security
  41. 41. ‫تهدید‬ ‫موارد‬ ‫بندی‬ ‫دسته‬ 41SOC and ICS/SCADA Security
  42. 42. ‫تهدید‬ ‫موارد‬ ‫بندی‬ ‫دسته‬ 42SOC and ICS/SCADA Security
  43. 43. ‫تهدید‬ ‫موارد‬ ‫بندی‬ ‫دسته‬ 43SOC and ICS/SCADA Security
  44. 44. Workflow 44SOC and ICS/SCADA Security
  45. 45. ‫حساس‬ ‫های‬ ‫زیرساخت‬ ‫در‬ ‫امنیت‬ ‫تضمین‬ ‫ضریب‬ .1‫حیاتی‬ ‫نیازهای‬ ‫پیش‬ .2‫امنیتی‬ ‫سطوح‬ 1.1 Access Control 1.2 Use Control 1.3 Data Integrity 1.4 Data Confidentiality 1.5 Restrict Data Flow 1.6 Timely Response to An Event 1.7 Resource Availability 45SOC and ICS/SCADA Security
  46. 46. ‫حساس‬ ‫های‬ ‫زیرساخت‬ ‫در‬ ‫امنیت‬ ‫تضمین‬ ‫ضریب‬ 46
  47. 47. ‫عملکرد‬ ‫ارزیابی‬‫امنیت‬ ‫تضمین‬ ‫ضریب‬ 47SOC and ICS/SCADA Security
  48. 48. Author: Ali Abdollahi • References: • "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014. • “Transaction Monitoring for HMG Online Service Providers" . CESG. Retrieved 22 June 2014 • "Managed Services at the Tactical FLEX, Inc. Network Security Operations Center (NSOC)". Tactical FLEX, Inc. Retrieved 20 September 2014. • Dts building scada security operation center • EY-security Security Operations Centers— helping you get ahead of cybercrime • Nadel, Barbara A. (2004). Building Security: Handbook for Architectural Planning and Design. McGraw-Hill. p. 2.20. ISBN 978-0-07-141171-4. SOC and ICS/SCADA Security 48

×