Muutke küpsiste eelistusi

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions [Pehme köide]

4.07/5 (49 hinnangut Goodreads-ist)
, , , ,
  • Formaat: Paperback / softback, 416 pages, kõrgus x laius x paksus: 231x216x20 mm, kaal: 626 g, 90 Illustrations
  • Ilmumisaeg: 16-Sep-2016
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1259589714
  • ISBN-13: 9781259589713
Teised raamatud teemal:
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & SolutionsSuurem pilt
  • Formaat: Paperback / softback, 416 pages, kõrgus x laius x paksus: 231x216x20 mm, kaal: 626 g, 90 Illustrations
  • Ilmumisaeg: 16-Sep-2016
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1259589714
  • ISBN-13: 9781259589713
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781259589713.html
Märksõnad:
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.







Secure your ICS and SCADA systems the battle-tested Hacking Exposed way

This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitatingand potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using ICS safe methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.

Learn how to:  Assess your exposure and develop an effective risk management plan  Adopt the latest ICS-focused threat intelligence techniques  Use threat modeling to create realistic risk scenarios  Implement a customized, low-impact ICS penetration-testing strategy  See how attackers exploit industrial protocols  Analyze and fortify ICS and SCADA devices and applications  Discover and eliminate undisclosed zero-day vulnerabilities  Detect, block, and analyze malware of all varieties
Acknowledgments xvii
Introduction xix
Part I Setting the Stage: Putting ICS Penetration Testing in Context
Case Study, Part 1: Recipe for Disaster
2(3)
1 Introduction to Industrial Control Systems [ In]Security
5(22)
Cyberphysical Systems: The Rise of the Machines
7(7)
New Vectors to Old Threats
9(1)
The Consequences: What Could Happen?
10(1)
Understanding Realistic Threats and Risks to ICS
10(4)
Overview of Industrial Control Systems
14(12)
View
14(1)
Monitor
15(1)
Control
15(1)
Purdue Reference Model for ICS
15(3)
Types of Common Control Systems, Devices, and Components
18(8)
Summary
26(1)
References for Further Reading
26(1)
2 ICS Risk Assessment
27(40)
ICS Risk Assessment Primer
28(7)
The Elusive ICS "Risk Metric"
28(1)
Risk Assessment Standards
29(1)
What Should an ICS Risk Assessment Evaluate and Measure?
30(3)
ICS Risk Assessment Process Overview
33(2)
ICS Risk Assessment Process Steps
35(30)
Stage 1: System Identification & Characterization
36(8)
Stage 2: Vulnerability Identification & Threat Modeling
44(20)
Next Steps
64(1)
Summary
65(1)
References for Further Reading
65(2)
3 Actionable ICS Threat Intelligence through Threat Modeling
67(33)
Threat Information vs. Threat Intelligence
69(1)
Threat Modeling: Turning ICS Threat Information into "Actionable" Threat Intelligence
70(29)
The ICS Kill Chain
71(2)
The ICS Threat Modeling Process
73(3)
Information Collection
76(23)
Summary
99(1)
References for Further Reading
99(1)
Case Study, Part 2: The Emergence of a Threat
100(4)
Part II Hacking Industrial Control Systems
Case Study, Part 3: A Way In
104(3)
4 ICS Hacking (Penetration Testing) Strategies
107(32)
The Purpose of a Penetration Test
109(2)
Black Box, White Box, Gray Box
111(1)
Special Considerations: ICS Penetration Testing Is Not IT Penetration Testing
112(2)
Setting Up a Lab
114(10)
Sampling "Like" Configured Systems
114(1)
Virtualization
115(6)
Equipment
121(3)
Rules of Engagement
124(1)
Using Risk Scenarios
125(1)
ICS Penetration-Testing Strategies
125(11)
Reconnaissance ("Footprinting")
126(1)
External Testing
127(2)
Pivoting
129(2)
Thinking Outside of the Network: Asymmetric and Alternative Attack Vectors
131(2)
Internal Testing: On the ICS Network
133(3)
Summary
136(1)
Resources for Further Reading
137(2)
5 Hacking ICS Protocols
139(48)
Modbus
140(9)
EtherNet/IP
149(5)
DNP3
154(8)
Siemens S7comms
162(14)
BACnet
176(5)
Other Protocols
181(2)
Protocol Hacking Countermeasures
183(2)
Summary
185(1)
References for Further Reading
185(2)
6 Hacking ICS Devices and Applications
187(42)
Exploiting Vulnerabilities in Software
189(38)
Some Basic Principles
189(1)
Buffer Overflows
190(5)
Integer Bugs: Overflows, Underflows, Trunction, and Sign Mismatches
195(4)
Pointer Manipulation
199(5)
Exploiting Format Strings
204(4)
Directory Traversal
208(3)
DLL Hijacking
211(8)
Cross-Site Scripting
219(1)
Cross-Site Request Forgery (CSRF)
219(5)
Exploiting Hard-Coded Values
224(1)
Brute-Force
225(2)
All Software Has Bugs
227(1)
Summary
227(1)
References for Further Reading
228(1)
7 ICS "Zero-Day" Vulnerability Research
229(32)
Thinking Like a Hacker
230(1)
Step 1: Select Target
231(1)
Step 2: Study the Documentation
231(1)
Step 3: List and Prioritize Accessible Interfaces
232(1)
Step 4: Analyze/Test Each Interface
232(17)
Fuzzing
233(5)
Static Binary Analysis
238(8)
Dynamic Binary Analysis
246(3)
Step 5: Exploit Vulnerabilities
249(2)
Putting It All Together: MicroLogix Case Study
251(8)
Research Preparation
251(1)
Before Diving In
252(1)
Creating a Custom Firmware
253(6)
Summary
259(1)
References for Further Reading
260(1)
Tools
260(1)
General References
260(1)
8 ICS Malware
261(25)
ICS Malware Primer
262(10)
Dropper
263(1)
Rootkits
264(1)
Viruses
265(1)
Adware and Spyware
265(1)
Worms
266(1)
Trojan Horses
266(2)
Ransomware
268(1)
Infection Vectors
269(3)
Analyzing ICS Malware
272(12)
Lab Environment
272(12)
Summary
284(1)
References for Further Reading
284(2)
Case Study, Part 4: Foothold
286(4)
Part III Putting It All Together: Risk Mitigation
Case Study, Part 5: How Will It End?
290(3)
9 ICS Security Standards Primer
293(14)
Compliance vs. Security
295(1)
Common ICS Cybersecurity Standards
295(7)
NIST SP 800-82
296(1)
ISA/IEC 62443 (formerly ISA-99)
296(1)
NERC CIP
297(1)
API 1164
298(1)
CFATS
299(1)
NRC Regulations 5.71
300(2)
General Cybersecurity Standards
302(4)
NIST Cybersecurity Framework
302(2)
ISO/IEC 27002:2013
304(2)
Summary
306(1)
References for Further Reading
306(1)
10 ICS Risk Mitigation Strategies
307(34)
Addressing Risk
308(1)
Special ICS Risk Factors
309(2)
Confidentiality, Integrity, and Availability (CIA)
309(1)
Defense-in-Depth
310(1)
Safety
310(1)
General ICS Risk Mitigation Considerations
311(2)
ICS Network Considerations
311(1)
ICS Host-Based Considerations
312(1)
ICS Physical Access Considerations
313(1)
Exploits, Threats, and Vulnerabilities
313(15)
Eliminating Exploits
314(1)
Eliminating Threats
314(1)
Eliminating Vulnerabilities
314(14)
Additional ICS Risk Mitigation Considerations
328(3)
System Integration Issues
328(1)
Compliance vs. Security
329(1)
Insurance
329(1)
Honeypots
330(1)
The Risk Mitigation Process
331(5)
Integrating the Risk Assessment Steps
331(1)
Integrating the Risk Scenarios
331(2)
Performing a Cost-Benefit Analysis
333(2)
Establishing the Risk Mitigation Strategy
335(1)
Summary
336(1)
References for Further Reading
337
Part IV Appendixes
A Glossary of Acronyms and Abbreviations
341(6)
B Glossary of Terminology
347(20)
C ICS Risk Assessment and Penetration Testing Methodology Flowcharts
367(4)
Index 371
Clint Bodungen is a professional security researcher and penetration tester with more than 20 years in the cyber security industry, and has been focusing exclusively on Industrial Control Systems (ICS) security since 2003. He began learning to program and hack computers around the age of 11, and has been developing applications and tools for the UNIX and Linux operating systems since the early 1990s. His professional cyber security career, however, began in 1995 when he was appointed the Computer Systems Security Officer (CSSO) and OPSEC Manager of his unit in the United States Air Force. After an honorable discharge from the Air Force, he worked for a small IT consulting firm as the network security specialist until he was independently contracted by a major antivirus product company to test their Intrusion Detection System (IDS) applications. This ultimately influenced his deep dive into security research and penetration testing. In 2003, he was introduced to ICS/SCADA when he was hired by an industrial automation consulting firm to help a major oil & gas company secure their SCADA system. Since then, Clint has lead ICS/SCADA security risk assessments (including vulnerability assessments and penetration testing) for many of the countrys top energy organizations, and he has developed dozens of ICS/SCADA security training courses. He continues his efforts in vulnerability research in collaboration with ICS vendors, and is frequently invited to speak at ICS/SCADA security conferences yearly.





Bryan L. Singer, CISSP, CAP, (Montevallo, AL) is an industry-recognized industrial security expert currently in the position of Principal Investigator with Kenexis Security Corporation, specializing primarily in industrial control systems and SCADA security. Bryan began his professional career with the U.S. Army as a paratrooper and intelligence analyst. Since fulfillment of his military service, Bryan has designed, developed, and implemented large scale industrial networks, cybersecurity architectures, and conducted penetration tests and cybersecurity assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations.  In 2002, Bryan became the founding chairman of the ISA-99/62443 standard, which he led up until 2012.  His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and cybersecurity vulnerability assessments.  He is a published author as well as frequent speaker and contributor to the ICS security field.

Aaron Shbeeb (Houston, TX) became interested in programming and computer security in his early teenage years.  He graduated from Ohio State University with a Bachelor's of Science degree in computer science engineering.  He has worked for more than a decade in a variety of programming and security positions and has focused on secure programming practices.  Since 2008, he has worked as a penetration tester and security researcher focusing on ICS/SCADA systems, both professionally and personally.





Kyle Wilhoit (Festus, MO) "Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead incident handler and malware guy at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn't be."





Stephen Hilt (Chattanooga, TN) Stephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for around 10 years. With a Bachelors Degree from Southern Illinois University, he started working for a large power utility in the South East of the United States. There Stephen gained an extensive background in Security Network Engineering, Incident Response, Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS protocols via native commands. Over the past 10 years, Stephen has learned how to build, defend and attack ICS networks.