Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Incubation of ICS Malware (English)

Dale Peterson and Corey Thuen pinch hit for Kyle Wilhoit to present his concept of malware incubation. It is creating a realistic environment for malware to be grown so that it can be studied and help with incident response.

  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

Incubation of ICS Malware (English)

  1. 1. SCADA Honeypots • A device or system (Honeynet) that is on a live network, but has no operational purpose – Different levels of interaction / realism – How long will it fool an attacker
  2. 2. Detect Attacks • Nothing should access the Honeypot since it has no legitimate purpose • Any traffic is either an attack or spurious traffic • Debate on the value of Honeypot’s in detecting attacks – Many say there are better, more efficient solutions – IDS and other network monitoring
  3. 3. Learn How Attackers Work • Real value of the Honeypot • High interaction may lead to attacker revealing advanced techniques, end goals, other info • Decision … how exposed is the Honeypot? – Widely exposed (on Internet) many will hit the Honeypot and lots of data to review – Hidden on secure network, may see little activity
  4. 4. Analysis is Important
  5. 5. Incubator
  6. 6. Why An Incubator? • Be prepared to analyze malware / attacks • Identify what the attack did so you can fix the affected systems • Learn what information or control was lost • Attempt to identify the attacker