SlideShare ist ein Scribd-Unternehmen logo

Paul Coggin - Digital Energy BPT (Basic Persistent Threat)

B
bsidesaugusta

This document discusses common security issues seen in critical infrastructure networks that can enable basic persistent threats. It notes that default passwords, lack of network segmentation, open remote access ports, unrestricted trust relationships, and other issues are often exploited by attackers to compromise these networks. The document provides examples of specific incidents where critical infrastructure networks were hacked by exploiting these basic vulnerabilities.

TechnologieBusiness
1 von 15
Downloaden Sie, um offline zu lesen
UNCLASSIFIED V100230_Faint UNCLASSIFIED 1 UNCLASSIFIED0000-00-yymm Information Engineering Solutions www.dynetics.com 1V## Goes Here Digital Energy – BPT BSidesAugusta 2013 Paul Coggin Internetwork Consulting Solutions Architect paul.coggin@dynetics.com
UNCLASSIFIED V100230_Faint UNCLASSIFIED 2 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Digital Energy – Basic Persistent Threat •  APT default excuse for any compromise •  Default passwords •  Little to no separation of control, management and data planes •  Layer 2 security issues •  Lack of Perimeter Egress filtering •  Lack of Perimeter Egress authentication •  Trust Relationships •  Integration •  Interdependencies •  Dependencies •  Vendor remote access •  Default database client/server protocol configuration •  Lack of security policies driving network and security infrastructure configuration •  Flat earth network architecture philosophy Talented attackers exploiting critical infrastructure using basic attack vectors are not an APT.
UNCLASSIFIED V100230_Faint UNCLASSIFIED 3 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Residential Branch Office MPLS/IP, DWDM, SONET, ATM Internet Video Headend IPTV/VOD SIP Proxy Residential Telecommuter SOHO Energy Distribution Provisioning Servers Assurance Servers Online and Internal Billing Servers Public Network Infrastructure Overview Water / Sewer Treatment Plant Web server VoIP GW Si Si SiS i SiSi SiSi SiSi Enterprise Policy Server DHCP Server AAA Server Lawful Intercept ICS / SCADA Cell Tower DWDM Situational Awareness Servers - Vendor/Mfg. Remote Support - Internal Tech Staff VPN - Customer online bill payment - Misconfigured Backdoor GPON GigE SONET
UNCLASSIFIED V100230_Faint UNCLASSIFIED 4 UNCLASSIFIED0000-00-yymm Information Engineering Solutions0000-00-yymm UNCLASSIFIED 0000-00-yymm UNCLASSIFIED www.dynetics.com 4 ANSI/ISA99 ICS – Industrial Control Systems SCADA – Supervisory Control and Data Acquisition PLC – Programmable Logic Controller RTU – Remote Terminal Unit IED – Intelligent Electronic Device Historian HMI – Human Machine Interface Protocols - Modbus, ICCP, DNP3, Others In many networks there is not a firewall securing the integration between the Enterprise and ICS/SCADA network. A multi-homed Windows system is commonly integrates the two networks Typically, the ICS/SCADA network utilizes a flat network architecture. The vendors have VPN, Telnet and/or SSH holes punched through the firewall with weak authentication in most cases. Older systems will have back door modem connections for vendor remote access. Reference: www.isa.org - ANSI/ISA99 Standard
UNCLASSIFIED V100230_Faint UNCLASSIFIED 5 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Voice Soft Switch Network Voice Transport Network Management Network Internet EMS The service provider transport and soft switch vendors commonly provide a EMS for their solution. The EMS server commonly is multi-homed with one interface connected directly to the Internet and a second connected to the management network. The transport and voice technical staff may have the system installed without the protection of a firewall or VPN. A number of soft switch EMS systems have been hacked using SSH brute force attacks. In some cases the EMS is installed behind a firewall with ACL’s trusting any inbound IP connection destined to the SSH service. Backup EMS Internet Backup Soft Switch Soft Switch
UNCLASSIFIED V100230_Faint UNCLASSIFIED 6 UNCLASSIFIED0000-00-yymm Information Engineering Solutions What Kind of Ring is It? Ring Topology Collapsed Ring Topology Any disruption to the single physical fiber run disrupts the logical ring. End point devices such as DSLAMs are configured to form a ring on both ends of the fiber run. One service provider had their fiber cut between CO’s by copper thieves. Logical Ring for Regulatory Requirements
UNCLASSIFIED V100230_Faint UNCLASSIFIED 7 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Dual Purposed Online Bill Paying Web Server & Internal Billing System AAA SiSi Provisioning & Monitoring EMS Video On Demand Services Voice Services IPTV Internet Middleware Internal Enterprise LAN Internal Billing System & Online Billing Web Server NetMgtDirectory Traversal led to root access to Internal billing system that was also the online billing system for customers. A billing system vendor designed architecture. The billing system vendor argued this architecture was secure even after their system was hacked. Billing system hack exposes provisioning, network management, IPTV Middleware etc. to being compromised through trust relationships. Power distributors may utilize the transport and access network for smart grid services.
UNCLASSIFIED V100230_Faint UNCLASSIFIED 8 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Internet Services Secure  Visualiza-on  and  Instrumenta-on   Deep  Inspec-on  and  Monitoring  of  Network  Flows  /   Packets  Diagnosed  Configura-on  Issue   On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   GPON   Residential Customer Separation of Service/ VLANs •  Malware existed on Data (ISP) user computers – Malware sends ICMP packets to DOS target. •  Transport equipment encapsulated DOS packets into multicast packets. •  Transport equipment replicated DOS in hardware to all users. Private Virtual Circuits •  Customer with SVI was alerted to unusual traffic on multicast VLAN for video. •  Called for remote Incident Analysis/ Forensics on Network Packets showed multicasting of “bad Info” and misconfiguration of network logical data flows Transport Network Disrupted by Accidental Misconfiguration SiSi On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   SM SM Service Provider Employee Mistakenly Integrated Data and Video Networks
UNCLASSIFIED V100230_Faint UNCLASSIFIED 9 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Internet Services On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   GPON   Residential Customer Separation of Service/ VLANs Private Virtual Circuits CPE Router Hijacking SiSi On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   SM SM •  Hacker attacked DSL Modems. •  Changed DNS address to Relay Box. Deep Inspection and Monitoring of Network Flows / Packets Hijacked web requests and web traffic redirected to rogue site •  6K DSL Routers hacked before stopped •  Router management access with open trust •  Unknown default router password
UNCLASSIFIED V100230_Faint UNCLASSIFIED 10 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Utility CATV Head End Scenario Vendor aggregates customer VPN’s to HQ site. The customer inherits the security risk of the vendor through the VPN trust relationship. Vendor was hacked enabling billing system integration server to be hacked. No Segmentation No PVLAN, VACL Middleware Billing System Integration TV   SM On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   Internet Vendor VPN Router Vendor HQ Dedicated VPN for Remote Mgt Fiber Node Cable Modem Termination System (CMTS) Cable Routers Routers downstream upstream RF Combiner CM
UNCLASSIFIED V100230_Faint UNCLASSIFIED 11 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Utility CATV Head End Scenario 2 No Segmentation No PVLAN, VACL Freely Pivot between Vendors & Head End Exploit Enterprise Trust Relationships Middleware Billing System Integration Fiber Node Cable Modem Termination System (CMTS) Cable Routers Routers downstream upstream RF Combiner CM TV   SM On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   Internet Vendor VPN Routers Vendor 2 Dedicated VPN for Remote Mgt Vendor 1 Enterprise If a vendor network, the CATV head end or the enterprise network is exploited. The trust relationships can then be easily used to pivot between networks.
UNCLASSIFIED V100230_Faint UNCLASSIFIED 12 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Transport Network – Remote Support OSS / NOC Optical EMS Enterprise Internet Services Multi-homed EMS Server SSH Access for Transport and Access Vendor Firewall Physically Bypassed Open Trust Relationship for SSH
UNCLASSIFIED V100230_Faint UNCLASSIFIED 13 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Layer 2 Security Issues Prevalent Routers Rogue Insider Crafted HSRP coup packet with higher priority •  STP / BPDU •  VTP •  VLAN Hopping •  ARP Poisoning •  FHRP •  Rogue DHCP Server •  Horizontal and Vertical Pivoting Common Issues Suggested Remediation •  BPDU and Root Guard •  Secure VTP •  Disable Dynamic Trunking •  Dynamic ARP Inspection •  Limit MACs per Port •  Secure FHRP •  DHCP Snooping, Disable DHCP Trust •  PVLAN’s, VACL’s, DHCP Option 82 •  L2 NetFlow •  Secure Information Flow Trust Relationships
UNCLASSIFIED V100230_Faint UNCLASSIFIED 14 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Bottom Line Whitelist the Applications Whitelist the Network Trust Relationships Whitelist Trusted Information Flows in Monitoring
UNCLASSIFIED V100230_Faint UNCLASSIFIED 15 UNCLASSIFIED0000-00-yymm Information Engineering Solutions     Ques-ons?     paul.coggin@dyne-cs.com   @PaulCoggin    

Empfohlen

How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networksWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
SELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA
 

Empfohlen

How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networksWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
SELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA
 
Dn 7049-1 manual-english_20110603
Dn 7049-1 manual-english_20110603Dn 7049-1 manual-english_20110603
Dn 7049-1 manual-english_20110603Ömer Faruk Tokatlı
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsWestermo Network Technologies
 
Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
How to build resilient industrial networks
How to build resilient industrial networksHow to build resilient industrial networks
How to build resilient industrial networksWestermo Network Technologies
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi ModuleMohsen Sarakbi
 
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comCh11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comphanleson
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo Network Technologies
 
Ap6532 ss
Ap6532 ssAp6532 ss
Ap6532 ssAdvantec Distribution
 
Ap6532 spec sheet
Ap6532 spec sheetAp6532 spec sheet
Ap6532 spec sheetAdvantec Distribution
 
Preparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11acPreparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11acCisco Mobility
 
Ss wlan ap_621
Ss wlan ap_621Ss wlan ap_621
Ss wlan ap_621Advantec Distribution
 
Ap621 spec sheet
Ap621 spec sheetAp621 spec sheet
Ap621 spec sheetAdvantec Distribution
 
Databook 2018
Databook 2018Databook 2018
Databook 2018DrayTek
 
Ldn slide
Ldn slideLdn slide
Ldn slideAlber Louis
 
Datasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FPDatasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FPEnGenius Europe
 
ENH200 Engenius
ENH200 EngeniusENH200 Engenius
ENH200 EngeniusOneTel
 
AD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptxAD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptxRahafKhalid14
 
Cisco NM1FE2W
Cisco NM1FE2WCisco NM1FE2W
Cisco NM1FE2Wsavomir
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1Chaing Ravuth
 
Cisco WIC1T
Cisco WIC1TCisco WIC1T
Cisco WIC1Tsavomir
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comCh11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comphanleson
 
Preparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11acPreparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11acCisco Mobility
 
Databook 2018
Databook 2018Databook 2018
Databook 2018DrayTek
 
Datasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FPDatasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FPEnGenius Europe
 
ENH200 Engenius
ENH200 EngeniusENH200 Engenius
ENH200 EngeniusOneTel
 

Was ist angesagt? (18)

Dn 7049-1 manual-english_20110603
Dn 7049-1 manual-english_20110603Dn 7049-1 manual-english_20110603
Dn 7049-1 manual-english_20110603
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet Communications
 
Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platform
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKL
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliation
 
How to build resilient industrial networks
How to build resilient industrial networksHow to build resilient industrial networks
How to build resilient industrial networks
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
 
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comCh11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networks
 
Ap6532 ss
Ap6532 ssAp6532 ss
Ap6532 ss
 
Ap6532 spec sheet
Ap6532 spec sheetAp6532 spec sheet
Ap6532 spec sheet
 
Preparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11acPreparing Your Network for Wave 2 of 802.11ac
Preparing Your Network for Wave 2 of 802.11ac
 
Ss wlan ap_621
Ss wlan ap_621Ss wlan ap_621
Ss wlan ap_621
 
Ap621 spec sheet
Ap621 spec sheetAp621 spec sheet
Ap621 spec sheet
 
Databook 2018
Databook 2018Databook 2018
Databook 2018
 
Ldn slide
Ldn slideLdn slide
Ldn slide
 
Datasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FPDatasheet EnGenius EGS7252FP
Datasheet EnGenius EGS7252FP
 
ENH200 Engenius
ENH200 EngeniusENH200 Engenius
ENH200 Engenius
 

Ähnlich wie Paul Coggin - Digital Energy BPT (Basic Persistent Threat)

AD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptxAD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptxRahafKhalid14
 
Cisco NM1FE2W
Cisco NM1FE2WCisco NM1FE2W
Cisco NM1FE2Wsavomir
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1Chaing Ravuth
 
Cisco WIC1T
Cisco WIC1TCisco WIC1T
Cisco WIC1Tsavomir
 
Cisco WIC-2T
Cisco WIC-2TCisco WIC-2T
Cisco WIC-2Tsavomir
 
Twtelecom.Detailed.It.Exec Overview2011 Staicer
Twtelecom.Detailed.It.Exec Overview2011 StaicerTwtelecom.Detailed.It.Exec Overview2011 Staicer
Twtelecom.Detailed.It.Exec Overview2011 Staicerastaicer
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answersccna4discovery
 
Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Timothy R. (Tim) Loftus
 
Twtelecom Exec Overview3 Q09
Twtelecom Exec Overview3 Q09Twtelecom Exec Overview3 Q09
Twtelecom Exec Overview3 Q09meyersb1
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
從INTEL技術談網路卡
從INTEL技術談網路卡從INTEL技術談網路卡
從INTEL技術談網路卡zman
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Verizon Disaster Avoidance Services
Verizon Disaster Avoidance ServicesVerizon Disaster Avoidance Services
Verizon Disaster Avoidance ServicesVideoguy
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1CCNA (R & S) Module 02 - Connecting Networks - Chapter 1
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1Waqas Ahmed Nawaz
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Visualizing Network Security Threats
Visualizing Network Security ThreatsVisualizing Network Security Threats
Visualizing Network Security ThreatsThousandEyes
 

Ähnlich wie Paul Coggin - Digital Energy BPT (Basic Persistent Threat) (20)

AD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptxAD-WAN-Tech-Chapter 1.pptx
AD-WAN-Tech-Chapter 1.pptx
 
Cisco NM1FE2W
Cisco NM1FE2WCisco NM1FE2W
Cisco NM1FE2W
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
 
Cisco WIC1T
Cisco WIC1TCisco WIC1T
Cisco WIC1T
 
Cisco WIC-2T
Cisco WIC-2TCisco WIC-2T
Cisco WIC-2T
 
Twtelecom.Detailed.It.Exec Overview2011 Staicer
Twtelecom.Detailed.It.Exec Overview2011 StaicerTwtelecom.Detailed.It.Exec Overview2011 Staicer
Twtelecom.Detailed.It.Exec Overview2011 Staicer
 
Mpls vpn1
Mpls vpn1Mpls vpn1
Mpls vpn1
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answers
 
Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814
 
Twtelecom Exec Overview3 Q09
Twtelecom Exec Overview3 Q09Twtelecom Exec Overview3 Q09
Twtelecom Exec Overview3 Q09
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
從INTEL技術談網路卡
從INTEL技術談網路卡從INTEL技術談網路卡
從INTEL技術談網路卡
 
Vpn1 a
Vpn1 aVpn1 a
Vpn1 a
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
Verizon Disaster Avoidance Services
Verizon Disaster Avoidance ServicesVerizon Disaster Avoidance Services
Verizon Disaster Avoidance Services
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1CCNA (R & S) Module 02 - Connecting Networks - Chapter 1
CCNA (R & S) Module 02 - Connecting Networks - Chapter 1
 
Wide area networks
Wide area networksWide area networks
Wide area networks
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Visualizing Network Security Threats
Visualizing Network Security ThreatsVisualizing Network Security Threats
Visualizing Network Security Threats
 

Mehr von bsidesaugusta

Ron Martin - Human Shields for your Network
Ron Martin - Human Shields for your NetworkRon Martin - Human Shields for your Network
Ron Martin - Human Shields for your Networkbsidesaugusta
 
Not Big Data, AnyData
Not Big Data, AnyData Not Big Data, AnyData
Not Big Data, AnyData bsidesaugusta
 
David Bianco - Enterprise Security Monitoring
David Bianco - Enterprise Security MonitoringDavid Bianco - Enterprise Security Monitoring
David Bianco - Enterprise Security Monitoringbsidesaugusta
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 

Mehr von bsidesaugusta (6)

Ron Martin - Human Shields for your Network
Ron Martin - Human Shields for your NetworkRon Martin - Human Shields for your Network
Ron Martin - Human Shields for your Network
 
EMET
EMETEMET
EMET
 
Not Big Data, AnyData
Not Big Data, AnyData Not Big Data, AnyData
Not Big Data, AnyData
 
Eyeing the Onion
Eyeing the OnionEyeing the Onion
Eyeing the Onion
 
David Bianco - Enterprise Security Monitoring
David Bianco - Enterprise Security MonitoringDavid Bianco - Enterprise Security Monitoring
David Bianco - Enterprise Security Monitoring
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutes
 

Kürzlich hochgeladen

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Kürzlich hochgeladen (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

Paul Coggin - Digital Energy BPT (Basic Persistent Threat)

  • 1. UNCLASSIFIED V100230_Faint UNCLASSIFIED 1 UNCLASSIFIED0000-00-yymm Information Engineering Solutions www.dynetics.com 1V## Goes Here Digital Energy – BPT BSidesAugusta 2013 Paul Coggin Internetwork Consulting Solutions Architect paul.coggin@dynetics.com
  • 2. UNCLASSIFIED V100230_Faint UNCLASSIFIED 2 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Digital Energy – Basic Persistent Threat •  APT default excuse for any compromise •  Default passwords •  Little to no separation of control, management and data planes •  Layer 2 security issues •  Lack of Perimeter Egress filtering •  Lack of Perimeter Egress authentication •  Trust Relationships •  Integration •  Interdependencies •  Dependencies •  Vendor remote access •  Default database client/server protocol configuration •  Lack of security policies driving network and security infrastructure configuration •  Flat earth network architecture philosophy Talented attackers exploiting critical infrastructure using basic attack vectors are not an APT.
  • 3. UNCLASSIFIED V100230_Faint UNCLASSIFIED 3 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Residential Branch Office MPLS/IP, DWDM, SONET, ATM Internet Video Headend IPTV/VOD SIP Proxy Residential Telecommuter SOHO Energy Distribution Provisioning Servers Assurance Servers Online and Internal Billing Servers Public Network Infrastructure Overview Water / Sewer Treatment Plant Web server VoIP GW Si Si SiS i SiSi SiSi SiSi Enterprise Policy Server DHCP Server AAA Server Lawful Intercept ICS / SCADA Cell Tower DWDM Situational Awareness Servers - Vendor/Mfg. Remote Support - Internal Tech Staff VPN - Customer online bill payment - Misconfigured Backdoor GPON GigE SONET
  • 4. UNCLASSIFIED V100230_Faint UNCLASSIFIED 4 UNCLASSIFIED0000-00-yymm Information Engineering Solutions0000-00-yymm UNCLASSIFIED 0000-00-yymm UNCLASSIFIED www.dynetics.com 4 ANSI/ISA99 ICS – Industrial Control Systems SCADA – Supervisory Control and Data Acquisition PLC – Programmable Logic Controller RTU – Remote Terminal Unit IED – Intelligent Electronic Device Historian HMI – Human Machine Interface Protocols - Modbus, ICCP, DNP3, Others In many networks there is not a firewall securing the integration between the Enterprise and ICS/SCADA network. A multi-homed Windows system is commonly integrates the two networks Typically, the ICS/SCADA network utilizes a flat network architecture. The vendors have VPN, Telnet and/or SSH holes punched through the firewall with weak authentication in most cases. Older systems will have back door modem connections for vendor remote access. Reference: www.isa.org - ANSI/ISA99 Standard
  • 5. UNCLASSIFIED V100230_Faint UNCLASSIFIED 5 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Voice Soft Switch Network Voice Transport Network Management Network Internet EMS The service provider transport and soft switch vendors commonly provide a EMS for their solution. The EMS server commonly is multi-homed with one interface connected directly to the Internet and a second connected to the management network. The transport and voice technical staff may have the system installed without the protection of a firewall or VPN. A number of soft switch EMS systems have been hacked using SSH brute force attacks. In some cases the EMS is installed behind a firewall with ACL’s trusting any inbound IP connection destined to the SSH service. Backup EMS Internet Backup Soft Switch Soft Switch
  • 6. UNCLASSIFIED V100230_Faint UNCLASSIFIED 6 UNCLASSIFIED0000-00-yymm Information Engineering Solutions What Kind of Ring is It? Ring Topology Collapsed Ring Topology Any disruption to the single physical fiber run disrupts the logical ring. End point devices such as DSLAMs are configured to form a ring on both ends of the fiber run. One service provider had their fiber cut between CO’s by copper thieves. Logical Ring for Regulatory Requirements
  • 7. UNCLASSIFIED V100230_Faint UNCLASSIFIED 7 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Dual Purposed Online Bill Paying Web Server & Internal Billing System AAA SiSi Provisioning & Monitoring EMS Video On Demand Services Voice Services IPTV Internet Middleware Internal Enterprise LAN Internal Billing System & Online Billing Web Server NetMgtDirectory Traversal led to root access to Internal billing system that was also the online billing system for customers. A billing system vendor designed architecture. The billing system vendor argued this architecture was secure even after their system was hacked. Billing system hack exposes provisioning, network management, IPTV Middleware etc. to being compromised through trust relationships. Power distributors may utilize the transport and access network for smart grid services.
  • 8. UNCLASSIFIED V100230_Faint UNCLASSIFIED 8 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Internet Services Secure  Visualiza-on  and  Instrumenta-on   Deep  Inspec-on  and  Monitoring  of  Network  Flows  /   Packets  Diagnosed  Configura-on  Issue   On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   GPON   Residential Customer Separation of Service/ VLANs •  Malware existed on Data (ISP) user computers – Malware sends ICMP packets to DOS target. •  Transport equipment encapsulated DOS packets into multicast packets. •  Transport equipment replicated DOS in hardware to all users. Private Virtual Circuits •  Customer with SVI was alerted to unusual traffic on multicast VLAN for video. •  Called for remote Incident Analysis/ Forensics on Network Packets showed multicasting of “bad Info” and misconfiguration of network logical data flows Transport Network Disrupted by Accidental Misconfiguration SiSi On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   SM SM Service Provider Employee Mistakenly Integrated Data and Video Networks
  • 9. UNCLASSIFIED V100230_Faint UNCLASSIFIED 9 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Internet Services On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   GPON   Residential Customer Separation of Service/ VLANs Private Virtual Circuits CPE Router Hijacking SiSi On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   PC   TV   IP  Phone   SM SM •  Hacker attacked DSL Modems. •  Changed DNS address to Relay Box. Deep Inspection and Monitoring of Network Flows / Packets Hijacked web requests and web traffic redirected to rogue site •  6K DSL Routers hacked before stopped •  Router management access with open trust •  Unknown default router password
  • 10. UNCLASSIFIED V100230_Faint UNCLASSIFIED 10 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Utility CATV Head End Scenario Vendor aggregates customer VPN’s to HQ site. The customer inherits the security risk of the vendor through the VPN trust relationship. Vendor was hacked enabling billing system integration server to be hacked. No Segmentation No PVLAN, VACL Middleware Billing System Integration TV   SM On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   Internet Vendor VPN Router Vendor HQ Dedicated VPN for Remote Mgt Fiber Node Cable Modem Termination System (CMTS) Cable Routers Routers downstream upstream RF Combiner CM
  • 11. UNCLASSIFIED V100230_Faint UNCLASSIFIED 11 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Video On Demand Services Voice Services IPTV Utility CATV Head End Scenario 2 No Segmentation No PVLAN, VACL Freely Pivot between Vendors & Head End Exploit Enterprise Trust Relationships Middleware Billing System Integration Fiber Node Cable Modem Termination System (CMTS) Cable Routers Routers downstream upstream RF Combiner CM TV   SM On-­‐Line  Message  Network  Power  Ch  Up  Ch  Dn  Select  Guide  Menu   NLC  3   STB   Internet Vendor VPN Routers Vendor 2 Dedicated VPN for Remote Mgt Vendor 1 Enterprise If a vendor network, the CATV head end or the enterprise network is exploited. The trust relationships can then be easily used to pivot between networks.
  • 12. UNCLASSIFIED V100230_Faint UNCLASSIFIED 12 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Transport Network – Remote Support OSS / NOC Optical EMS Enterprise Internet Services Multi-homed EMS Server SSH Access for Transport and Access Vendor Firewall Physically Bypassed Open Trust Relationship for SSH
  • 13. UNCLASSIFIED V100230_Faint UNCLASSIFIED 13 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Layer 2 Security Issues Prevalent Routers Rogue Insider Crafted HSRP coup packet with higher priority •  STP / BPDU •  VTP •  VLAN Hopping •  ARP Poisoning •  FHRP •  Rogue DHCP Server •  Horizontal and Vertical Pivoting Common Issues Suggested Remediation •  BPDU and Root Guard •  Secure VTP •  Disable Dynamic Trunking •  Dynamic ARP Inspection •  Limit MACs per Port •  Secure FHRP •  DHCP Snooping, Disable DHCP Trust •  PVLAN’s, VACL’s, DHCP Option 82 •  L2 NetFlow •  Secure Information Flow Trust Relationships
  • 14. UNCLASSIFIED V100230_Faint UNCLASSIFIED 14 UNCLASSIFIED0000-00-yymm Information Engineering Solutions Bottom Line Whitelist the Applications Whitelist the Network Trust Relationships Whitelist Trusted Information Flows in Monitoring
  • 15. UNCLASSIFIED V100230_Faint UNCLASSIFIED 15 UNCLASSIFIED0000-00-yymm Information Engineering Solutions     Ques-ons?     paul.coggin@dyne-cs.com   @PaulCoggin