Muutke küpsiste eelistusi

E-raamat: Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure

4.50/5 (3 hinnangut Goodreads-ist)
, , , , (Intellectual Property Transaction g), (Co-founder and President of TheTrainingCo.; Founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force), (President, and Chief Financial Officer, Security Horizon, Inc.), ,
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 23-Aug-2008
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780080569994
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 55,56 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical InfrastructureSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 23-Aug-2008
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780080569994
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Muu info

In-depth coverage of SCADA systems security and critical infrastructure protection from the leading experts in the field
Foreword xxiii
Physical Security:SCADA and the Critical Infrastraucture'S Biggest Vulnerability
1(60)
Introduction
2(40)
Key Control
3(1)
Check All Locks for Proper Operation
4(1)
A Little More about Locks and Lock Picking
5(7)
The Elephant Burial Ground
12(6)
Dumpster Diving Still Works
18(2)
Employee Badges
20(2)
Shredder Technology Has Changed
22(1)
Keep an Eye on Corporate or Agency Phonebooks
23(1)
Tailgating
24(1)
Building Operations---Cleaning Crew Awareness
25(3)
Spot-Checking Those Drop Ceilings
28(1)
Checking For Key Stroke Readers
28(3)
Checking Those Phone Closets
31(1)
Removing a Few Door Signs
32(1)
Motion-Sensing Lights
33(1)
Let's Go to Lunch
34(3)
Fun in Manholes
37(3)
Internal Auditors Are Your Friends
40(1)
Always Be Slightly Suspicious
40(1)
Getting Every Employee Involved
41(1)
Summary
42(1)
Solutions Fast Track
42(3)
Frequently Asked Questions (and Special Interviews)
45(16)
Supervisory Control and Data Acquisition
61(34)
Introduction
62(1)
Just What Is SCADA?
62(28)
SCADA Systems and Components
65(1)
Remote Terminal Units (RTUs)
65(1)
Programmable Logic Controllers (PLC)
65(1)
Discrete Control
65(1)
Continuous Control
65(1)
Human Machnie Interface (HMI)
66(1)
Distributed Control Systems (DCS)
66(1)
Hybrid Controllers
67(1)
Event Loggers
67(1)
Common SCADA Architectures
68(2)
SCADA Communications Protocols
70(1)
How Serious Are the Security Issues of SCADA?
71(4)
Determining the Risks in Your SCADA System
75(1)
Risk Mitigation for SCADA
76(3)
Firewall Considerations for SCADA
78
Negative and Positive Security Models in Firewalls
79(1)
Multi-Network Connectivity
79(1)
Reactive and Proactive Solutions
80(2)
Firewall Inspection Methods
82(1)
Static Packet Filter
82(1)
The Stateful Packet Filter
83(1)
The Circuit-Level Gateway
84(1)
Application-Level Gateway (Proxy)
85(2)
Intrusion Prevention Gateway
87(1)
Deep Packet Inspection
88(1)
Unified threat Management (UTM)
89(1)
Summary
90(1)
Solutions Fast Track
90(3)
Frequently Asked Questions
93(2)
SCADA Secutiry Asssment Methodology
95(42)
Introdcution
96(1)
Why Do Assessments on scada Systems?
96(1)
Assessments Are the Right Thing to DO
97(1)
Assessmentsa Are Required
97(1)
Information Protection Requirements
97(3)
National Institute of Standards and Technology (NIST) Guidance
98(1)
North Amirrican Electric Reliabillity Council (NERC) Critical Infrastructure Protection (CIP) Standards
99(1)
Water Infrastructure Security Enhancement (WISE)
99(1)
The Critical Infrastructure Information Act of 2002
99(1)
An Approach to SCADA Information Security Assessments
100(2)
Pre-Project Activities
102(4)
Vetting the Assessment Request
102(1)
Gaining Buy-In from Management and Technical Personnel
102(1)
Management Buy IN
103(1)
Technical Staff Buy-IN
103(1)
Researching the Organization
104(1)
Researching Regulatory and Policy Requirements
105(1)
Determining if this Is a Baseline Assessment or a Repeat Assessment
106(1)
Making a Go/No-Go Decision
106(1)
Pre-Assessment Activities
106(16)
Determining the Organization Mission
107(1)
Identifying Critical Inforamtion
107(1)
Example: Information Criticality
108(1)
Business Description
108(1)
Mission Statement
108(1)
Critical Information for OOPS
109(1)
Identifying Impacts
109(1)
Example Continued: OOPS Impact
110(1)
The Information Criticality Matrix
110(1)
Using the Impact Definitions
111(1)
Organizationl Criticality
111(1)
Example Continued: OOPS OICM
112(1)
Identifying Critical Systems/Networks
113(1)
OOPS Example Continued
113(3)
Defining Security Objectives
116(1)
Determing Logical and Physical Boundaries
117(1)
Physical Boundaries
117(1)
Logical Boundaries
117(1)
Determining the Rules of Engagement, Customer Concerns, and Customer Constraints
117(1)
The Rules of Engagement
118(1)
Levels of Invasiveness
118(1)
Testing Machine Addressing
118(1)
Time Frames for Scanning and Interviews
119(1)
Notification Procedures
119(1)
Scanning Tools and Exclusions
119(1)
Customer Concerns
119(1)
Customer Constraints
120(1)
Legal Authorization
120(1)
Writing the Assessment Plan
120(1)
Components of the Assessment Plan
120(2)
On-Site Assessment Activities
122(5)
Conducting the Organization Assessment
122(1)
Documentation Review
123(1)
Interviews
123(1)
System Demonstrations
124(1)
Observations
124(1)
Conducting the Technical Assessment
125(1)
Vulnerability Identification Activities
125(2)
Tools
127(1)
Communication
127(1)
Post Assessment Activities
127(2)
Conducting Analysis
127(1)
Final Report Creation
128(1)
Resources
129(1)
Summary
130(1)
Solutions Fast Track
131(3)
Frequently Asked Questions
134(3)
Developing an Effective Security Awareness Program
137(34)
Introduction
138(2)
Why an Information Security Awareness Program Is Important
140(3)
We Fail to Recruit Our Employees into the Company's Security Program
141(1)
We Need to Take the Issue Seriously
142(1)
How to Design an Effective Information Security Awareness Program
143(12)
Show me the Money!
148(2)
Two Important Keys to Implementing an Effective Progam
150(2)
To Print or Not to Print
152(2)
Your In-House Web Site
154(1)
How to Implement an information Security Awareness Program
155(7)
What We Have Here Is A Failure to Communicate
157(1)
Communicate, Communicate, Communicate!
157(1)
Other Touch Points
157(1)
Manager's Quick Reference Guide
158(1)
Let's Talk about Alliances
159(1)
Audit
159(1)
Legal
159(1)
Privacy
159(1)
Compliance
160(1)
Training and Communications
160(1)
Personnel
160(1)
Information Security Consultants
161(1)
How Do You Keep Your Program a Successful Component of Your Company's Mindset?
162(1)
How to Measure Your Program
163(4)
Summary
167(1)
Solutions Fast Track
167(4)
Working with Law Enforcement On SCADA Incidents
171(18)
Introduction
172(1)
SCADA System Overview
172(3)
Secure Network Management
175(6)
Securing Wide Area Network Perimeter
175(1)
Controlling Access
176(1)
Performing Network Backup and Recovery
176(1)
Transmittng LEGACY Non-Routable Protocol Securely
176(2)
Dial-Up Access to the Remote Terminal Units (RTU)
178(1)
Vendor Support : Dial -Up Modem/VPN Access
178(1)
IT Controlled Communication Gear
178(1)
Corporate VPNs
179(1)
Database Links
179(1)
Poorly Configured Firewalls
180(1)
Business Partner Links
180(1)
Managing Security Events
181(1)
Conduct Routine Assessments
182(1)
Examples of Common Attack Techniques
182(2)
Man-In-The-Middle Attacks (MITM)
182(1)
Key-Logger Softeware
183(1)
Summary
184(1)
Solutions Fast Track
185(2)
Frequently Asked Questions
187(2)
Locked but Not Secure: An Overview of Conventional and High Security Locks
189(42)
Introduction
191(1)
Conventional Pin Tumbler Locks
192(9)
The Origins of the Modern Pin Tumbler Lock
194(2)
A Review: The Essentials of Pin Tumbler Lock Design
196(1)
Security Enhancements for Conventional Locks
197(1)
Anti-Bumping Pins
0197(1)
Security Pins
198(1)
Keyways and Related Designs
199(1)
Bittng Design
199(1)
Design of the Key
200(1)
Standards for Conventional and high Security locks
201(10)
Transforming a Conventional Cylinder to High Security
202(2)
Deficiencies in the UL 437 Standard
204(1)
Failure to Specify Real World Testing
204(1)
Pick and Impressioning Resistance
205(1)
Complex Forms of Picking
206(1)
Forced Entry Resistance
206(1)
Issues Not Addressed by UL 437
206(1)
Bump Keys
207(1)
Decoding Attacks
208(1)
Key Control
208(1)
Mechanical Bypass of Locking Mechanisms
209(1)
BHMA/ANSI Standards: 156:50 and 156.30
210(1)
BHMA/ANSI 156.50
210(1)
High Security Locks and the BHMA/ANSI Standard
210(1)
The Concept of Security
211(4)
BHMA/ANSI 156.30 High Security Standard
212(1)
Key Control
213(1)
Destructive Testing
213(1)
Surreptitious Entry Resistance
214(1)
Deficienceis in the 156.30 Standard
214(1)
Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry
215(9)
Conventional Pin Tumbler Locks: Security Vulnerbilities and Their Compromise
216(2)
Lock Control Procedures
218(1)
Key Control and Key Security
218(1)
Key Security
218(1)
The Concept of Key Control As IT Applies to Security
219(1)
The Importance of Key Control and Key Security
219(2)
Replication, Duplication, and Simulation of Keys and Key Blanks
221(1)
Gathering Intellingence About a System from, Its Keys
221(1)
Covert Entry Techniqes: Manipulation of Internal Locking Components
222(1)
Bumping
223(1)
Picking
223(1)
Impressioning
223(1)
Extrapolaton of the TMK
223(1)
Mechanical Bypass
223(1)
High Security of High Insecurity: Real World Attacks
224(2)
Summary
226(1)
Solutions Fast Track
226(2)
Frequently Asked Questions
228(3)
Bomb Threat Planning: Things Have Changed
231(22)
Introduction
232(1)
The Day Our World Changed
233(1)
Insider Information: Where do These Guys Get This Stuff?
234(2)
The Terrorist Profile
236(1)
Potential Terror Targets
237(2)
Statement Targets
237(1)
Infrastructure Targets
238(1)
Commercial Targets
239(1)
Transportation Targets
239(1)
What Should I Be Looking For?
239(5)
The Container
240(1)
The Power Source
240(1)
Switches
240(1)
Initiators
241(3)
Main Charge
242
Searching: What Am I
Looking For And Where?
244(1)
Recommendations for Target Hardening
245(1)
Outside
245(1)
Employee Identification
246(1)
Cameras
246(1)
Deliveries
246(1)
Interior
246(1)
Mail rooms
247(2)
Evacuation Plans
249(2)
Summary
251(2)
Biometric Authentications For SCADA Security
253(26)
Introduction
254(1)
Understanding Biometric Systems and How They Are Best Used for SCADA Security
255(6)
Footprints to DNA Readings
255(1)
Human Mesurements Can Slow Machines
255(1)
Biometric System Imperfections Are at Odds with Perceptions
256(1)
What is Biomertric Authentication?
256(1)
Multiple Factor Authentication
257(1)
What Parts of You can Be Measured for Security Purposes?
257(1)
Common Measurements for Current Biometric Authentication
257(1)
How Does Biometric Comparison Work?
258(2)
Where are Biometrics Used in SCADA Systems?
260(1)
Choosing the Best Form of Measurement for Your System
261(5)
Biometric Measurements Trigger Recognition
261(1)
Biometric Measurements useful in SCADA Security processes
262(2)
Identify Your System Priorities Before Choosing a Biometric Application
264(2)
Where are Biometric Authentication Regimes Vulnerable?
266(6)
Tricking the Biometric Capture Device
266(2)
Electronic Manipulation of the Authentication Process
268(1)
Identity Theft with Biometric Files: Capturing Your Essence
269(1)
Presumptions of Accuracy
270(1)
How Can We Replace That Finger?
270(1)
Measuring Minutia Can Be Safer Than Storing a Whole Biometric Photograph
271(1)
Anticipating Legal and Policy Changes That Will Affect Biometrics
272(2)
Summary
274(1)
Solutions Fast Track
274(2)
Frequently Asked Questions
276(3)
Appendix 279(40)
Index 319
Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado. Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career. Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team. Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N.C. Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®. Paul is one of the worlds foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide. Lester J. "Chip" Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energybased holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management. Sean Lowther is the President and Founder of Stealth Awareness, Inc. (www.stealthawareness.com). Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007. Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated "world class" by industry peer groups. Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video "It's Not If, But When" for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical infrastructure protection and Homeland Security. Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide. James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97800805699946e.html
Märksõnad: