Basics and Advanced of Industrial

Network Security for Scada, Automation,

Process Control and PLC

2018/12/01 11:22:34

Instructor

Edwn Wright

Edwin has over 40 years of practical experience in the planning, design, construction and operation of telecommunications systems, data networks, SCADA and Ethernet systems. He has also been involved as Project Manager on many projects and has a passion for technology topics

 


Edwin has published numerous papers and consulted widely on Ethernet, data communications and telecommunications issues in the USA, Canada, UK, Australia and New Zealand. Over the past 19 years more than 20,000 engineers and technicians have attended his workshops worldwide

Workshop start date: Sat. 01 Dec. 2018
Workshop end date:  Mon. 03 Dec. 2018
Duration: 3 days
Location: Cairo (Triumph Hotel – Misr Al-Gadeda)
Price: $1000

Workshop start date: Tue. 04 Dec. 2018
Workshop end date:  Thu. 06 Dec. 2018
Duration: 3 days
Location: Cairo (Triumph Hotel – Misr Al-Gadeda)
Price: $1000

* Discount 20% for registering in both Basics and Advanced Industrial Network Security workshops
* Price for both Basics and Advanced Industrial Network Security workshops after discount 20% ($1600)

OBJECTIVES:
At the end of this workshop participants will be able to:

  • Identify with various terminology when speaking about cyberspace

  • Explain the concept of cyber security

  • Apply the fundamental concepts of industrial network security to your SCADA and automation systems

  • Conduct a preliminary analysis of your industrial networks and prepare to withstand and anticipate attacks and apply defences

  • Discuss the issues of Industrial Network security competently with your associates in IT and vendors

  • Understand and be able to construct a secure robust Local Area Network

  • Learn how to plan and design your networks better

  • Analyse and construct a typical firewall



THE WORKSHOP:

This workshop will give you a fundamental understanding of security in effective industrial networking and data communications technology. It will also present you with the key issues associated with security in industrial communications networks and will assist managers, system operators and industrial data communications specialists in setting up secure systems.

One completion of the workshop you will have developed a practical insight into how to achieve optimum industrial network security for your organisation.

Topics covered include: Introduction and terminology; firewalls; authentication, authorisation and anonymity; remote access to corporate networks; cryptography; VPN’s; data security; desktop and network security; security precautions in a connected world; and internet security.



WHO SHOULD ATTEND?

If you are using any form of communication system this workshop will give you the essential tools in securing and protecting your industrial networks whether they be automation, process control, PLC or SCADA based. It is not an advanced workshop – but a hands-on one.

Anyone who will be designing, installing and commissioning, maintaining, securing and troubleshooting TCP/IP and Intra/Internet sites will benefit including:
Instrumentation Engineers, Technicians, Design Engineers, Network Engineers, Electrical Engineers, Engineering Managers, Network System Administrators



PRE-REQUISITES

A basic working knowledge of industrial communications and applications is useful

OBJECTIVES:

At the end of this workshop participants will be able to:

  • Explain the concept of cyber security

  • Identify different types of Cyber Security threats

  • Apply the fundamental concepts of industrial network security to your SCADA andautomation systems

  • Conduct a preliminary analysis of your industrial networks and prepare to
    withstand andanticipate attacks and apply defences

  • Discuss the issues of industrial network security competently with your
    associates in IT andvendors

  • Understand and be able to construct a secure robust Local Area Network

  • Identify steps to improve Cyber Security of Scada Systems


 

THE WORKSHOP:
This workshop will give you a fundamental understanding of security in effective industrial networking and data communications technology. It will also present you with the key issues associated with security in industrial communications networks and will assist managers, system operators and industrial data communications specialists in setting up secure systems.

One completion of the workshop you will have developed a practical insight into how to achieve optimum industrial network security for your organisation.
Topics covered include: introduction and terminology; firewalls; authentication, authorisation and anonymity; remote access to corporate networks; cryptography; VPN’s; data security; desktop and network security; security precautions in a connected world; and internet security



WHO SHOULD ATTEND?

If you are using any form of communication system this workshop will give you the essential tools in securing and protecting your industrial networks whether they be automation, process control, PLC or SCADA based. It is not an advanced workshop – but a hands-on one

Anyone who will be designing, installing and commissioning, maintaining, securing and troubleshooting TCP/IP and intra/internet sites will benefit including:

  • Design engineers

  • Electrical engineers

  • Engineering managers

  • Instrumentation engineers

  • Network engineers

  • Network system administrators

  • Technicians


PRE-REQUISITES
A basic working knowledge of industrial communications and applications is useful

REGISTRATION

INTRODUCTION TO INDUSTRIAL NETWORK SECURITY

  • Course outline

  • The evolution of networking

  • What is network security, Cyber Space and Cyber security?

  • Why has security assumed more importance in recent times?

  • Security in the context of Industrial automation systems

  • Information networks and industrial networks – the similarities and differences

  • rganizational issues

  • Network security solutions

  • Wireless networks

  • Security testing

  • Summary

NETWORK BASICS

  • Introduction

  • Network topologies

  • Medium Access Control

  • Ethernet

  • Networking Components

  • Network architectures and protocols

  • Architecture of real time industrial networks

  • Summary

NETWORK THREATS, VULNERABILITIES AND RISKS

  • Introduction

  • Security goal

  • Threats and underlying causes

  • Motivation for threats

  • Knowledge

  • Vulnerabilities

  • Network attacks

  • Security measures

  • Risks resulting from attacks

  • Attack scenarios in public utility systems

  • Common criteria based approach for analysis of threats and vulnerabilities

  • Summary

AN OVERVIEW OF IP NETWORK SECURITY

  • Introduction

  • Why do networks become vulnerable?

  • Weaknesses in TCP/IP Protocol

  • Attack mechanisms

  • Preparing for an attack

  • Attack through unauthorized access

  • Attack the data (Data diddling)

  • Attack the service through Denial of Service (DoS)

  • Vulnerabilities of OSI model layers

  • Network security at transport layer

  • Network layer security

  • Data link layer security

  • Summary

A COMPREHENSIVE APPROCH TO NETWORK SECURITY PLANNING

  • Network security

  • A comprehensive approach to network security

  • Risk evaluation

  • Plan for preventive measures

  • Detection of an attack and response

  • Prepare a security policy document

  • Auditing and monitoring

  • Special guidelines for industrial automation networks

  • Negative aspects of internet access

SECURING A NETWORK BY ACCESS CONTROL

  • Introduction

  • What is an Access Control List (ACL)?

  • What is a firewall?

  • Type of firewalls

  • Packet filter firewalls

  • Stateful inspection firewalls

  • Application-proxy gateway firewalls

  • Dedicated proxy server

  • Hybrid firewalls

  • Security through NAT

  • Port Address Translation (PAT)

  • Host based firewalls

  • Personal firewall and firewall appliances

  • Guidelines for establishing firewalls

  • Summary

AUTHENTICATION, AUTHORIZATION, ACCOUNTING (AAA) AND ENCRYPTION

  • Introduction

  • What is AAA?

  • Authentication

  • Authentication protocols

  • Authorization

  • Accounting

  • AAA Implementation using TACACS+ and RADIUS protocols

  • Use of remote security database

  • Encryption

  • Encryption implementation

  • Summary

INTRUSION DETECTION SYSTEMS

  • Who is an Intruder and what can he do?

  • Why do Intrusions happen?

  • What are Intrusion detection systems?

  • Network-based Intrusion detection systems

  • Host based systems

  • Comparison of the two types of IDS

  • Choice of IDS system

  • Responding to an attack

  • Summary

VIRTUAL LAN

  • Introduction

  • Need for VLAN

  • Benefits of a VLAN

  • VLAN constraints

  • Operating principle of a VLAN

  • VLAN-Implementation methods

  • Method of connections

  • Filtering table

  • Tagging

  • Summary

VIRTUAL PRIVATE NETWORKS (VPN) AND THEIR SECURITY

  • Introduction

  • The Internet and the new communication paradigm

  • What is a VPN?

  • Types of VPN

  • Requirements for designing a VPN system

  • Defining of policy

  • Functional requirements

  • Scalability

  • Manageability

  • Simplicity

  • Network infrastructure

  • Security

  • VPN protocols

WIRELESS NETWORKS AND THEIR SECURITY ISSUES

  • Basics of wireless technologies

  • Wireless standards

  • WLANS as per IEEE 802.11

  • Wireless security threats

  • Security requirements of WLANs

  • Security risks

  • WLAN security services

  • Authentication

  • Confidentiality

  • Integrity

  • Wireless network security attacks

  • Operational countermeasures

  • Technical countermeasures

  • Secure wireless communication in Industrial networks

  • Summary

STEPS TO IMPROVE CYBER SECURITY OF SCADA NETWORKS

SUMMARY & OPEN FORUM

COMPLETE FEEDBACK SHEETS

CLOSING

REGISTRATION

INTRODUCTION TO INDUSTRIAL NETWORK SECURITY

  • Course outline

  • The evolution of networking

  • What is network security, Cyber Space and Cyber security?

  • Security Myths

  • Why has security assumed more importance in recent times?

  • Security in the context of Industrial automation systems

  • Information networks and industrial networks – the similarities and differences

  • Organizational issues

  • Network security solutions

  • Wireless networks

  • Security testing

  • Summary

NETWORK THREATS , VULNERABILITIES AND RISKS

  • Introduction

  • Security goal

  • Threats and underlying causes

  • Motivation for threats

  • Knowledge

  • Vulnerabilities

  • Network attacks

  • Security measures

  • Risks resulting from attacks

  • Attack scenarios in public utility systems

  • Common criteria based approach for analysis of threats and vulnerabilities

  • Summary

DEVELOP CYBER SECURITY MANAGEMENT SYSTEM (CSMS)

  • Initiate development of CSMS

  • High level risk assessment

  • Detailed risk assessment

  • Establish policy and procedures

  • Define and implement countermeasures

  • Maintain CSMS

PHYSICAL SECURITY

  • Physical and logical access to networked equipment

  • Network segmentation

AUTHENTICATION

  • Authentication basics

  • Client-side certificates

  • Passwords

  • Smart cards

  • Tokens

  • Biometrics

  • PAP

  • CHAP

  • RADIUS

  • TACACS/TACACS+

ENCRYPTION

  • Symmetrical encryption schemes (DES, RC4)

  • Public-key encryption schemes (RSA)

  • Certificate Authorities (CAs)

PROXIES/FIREWALLS

  • Basic firewall operation

  • Natural Address Translation (NAT)

  • Firewall types (IP filtering, stateful inspection, proxy, DMZ)

  • Implementing firewalls for industrial protocols

INTRUSION DETECTION SYSTEMS (IDSS)

  • Network-based Intrusion detection systems

  • Host based systems

  • Comparison of the two types of IDS

  • Choice of IDS system

  • Responding to an attack

  • Deployment

ROUTER SECURITY

  • Administrator access

  • Firmware upgrades

  • Logging

  • Access Control Lists (ACLs)

SWITCH SECURITY

  • Administrator access

  • Port based MAC address management

  • ACL filtering

  • Virtual LAN (VLAN) implementation

  • Industrial switch security

VPNS

  • Virtual Private Network (VPN) concept

  • Tunnelling

  • L2TP

  • IPSec

  • SOCKS 5

WIRELESS LANS

  • Encryption and authentication – current problems and developments

  • IEEE 802.1x

  • WEP

  • WZC

  • WPA

  • AES

  • LEAP

  • EAP-TLS

  • EAP-TTLS

  • Implementing security for industrial wireless networks

SECURITY TESTING

  • Introduction

  • The need for security testing

  • Security testing over the life cycle of the system

  • Who will be responsible for security testing?

  • Testing techniques

  • Documentation

  • Prioritizing

  • Summary

APPENDICES

STEPS TO IMPROVE CYBER SECURITY OF SCADA NETWORKS

  • NISCC Good Practice Guide on firewall deployment for SCADA and process control networks

  • Guidelines for securing Wireless Networks

SUMMARY & OPEN FORUM

COMPLETE FEEDBACK SHEETS

CLOSING

For more information and registration, Feel free to contact us on +201092007400 or email  training@roqqy.com