Академический Документы
Профессиональный Документы
Культура Документы
Обеспечение информационной безопасности в промышленности и ТЭК
Обеспечение информационной безопасности в промышленности и ТЭК
26-27 , 20 0 7
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
a g r e c h in @
c i s c o .c o m
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
( )
- ,
.
-
,
.
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
( )
M A S T E R
(P L C )
PLC1
MASTER
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
PLC2
, , , ,
..
, 1 2 0 0
: 1 5 2 0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
In te r n e t
Workplaces
Firewall
IP
t erpri se
E n
O pt i m i z at i on
S u ite
Third Party
A p p l ic atio n
S e rv e r
C o n n e c tiv ity
S e rv e r
H is to rian
S e rv e r
A p p l ic atio n
S e rv e r
M o b il e
O p e rato r
E n g in e e rin g
W o rk p l ac e
S e rial , O PC
o r F ie l db u s
Third Party
C o n tro l l e rs ,
S e rv e rs , e tc .
R e du n dan t
Serial
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
R S4 8 5
6
W i n d o w s , W i n C E , L i n u x ,
, w e b - , w e b - ..
H T T P , R P C , F T P , D C O M , X M L , S N M P ..
I P E t h e r n e t
T C P U D P
E t h e r n e t
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
I P
O D V A (R o c k w e l l )
H o n e y w e ll E x p e r io n
F o u n d a tio n F ie ld b u s H S E
Y o k o g a w a V N E T /I P
P r o fin e t
T e lv e n t
A B B 8 0 0 x A
E m e r s o n D e lta V
In v e n s y s In fu s io n
..
I P
.
I P
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
+ I P +
,
W o r m s a n d V ir u s e s
L e g a c y O S e s a n d a p p lic a tio n s
D O S a n d D D O S im p a ir in g a v a ila b ilit y
In a b ilit y to lim it a c c e s s
U n k n o w n a c c e s s
U n e x a m in e d s y s te m
L i t t l e o r n o u s e o f a n t i -v i r u s
Im p r o p e r ly s e c u r e d d e v ic e s
U n a u th o r iz e d a c c e s s
In a b ilit y to r e v o k e a c c e s s
U n p a tc h e d s y s te m s
lo g s
A c c id e n ta l m is c o n f ig u r a tio n
L i m i t e d u s e o f h o s t -b a s e d f i r e w a l l s
Im p r o p e r ly s e c u r e d w ir e le s s
U n a u th o r iz e d a p p lic a tio n s
D is g r u n tle d in s id e r s
Im p r o p e r u s e o f IC S w o r k s ta tio n s
U n e n c r y p te d lin k s to r e m o te s ite s
U n n e c e s s a r y a p p lic a tio n s
O p e n F T P , T e ln e t, S N M P , H T M L p o r ts
F r a g ile IP s ta c k s in c o n tr o l d e v ic e s
N e tw o rk s c a n s b y IT s ta ff
O r g a n iz e d c r im e
T e r r o r is ts
H a c k tiv is ts
E c o -t e r r o r i s t s
P a s s w o r d s s e n t in c le a r te x t
N a tio n s ta te s
D e f a u lt p a s s w o r d s
B le n d e d a tta c k s
D e f a u lt O S s e c u r it y c o n f ig u r a tio n s
E x to r tio n
P a s s w o r d m a n a g e m e n t p r o b le m s
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C o m p e titiv e e s p io n a g e
C is c o P u b lic
, 1 9 8 2
, 2 0 0 0
B e l l i n g h a m
$$$.$$
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
, 1 9 9 9
D a v is B e s s e , 2 0 0 3
B ro w n s F e rry , 2 0 0 6
, 2 0 0 3
C is c o P u b lic
10
C is c o ?
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
11
, IP S , V P N , D M Z
, ID S , V P N , N A C ,
C S A ,
,
M A R S , C S M , L M S
IP S
C S A
N AC
L MS
L AN
D MZ
V P N
D e m ilitariz e d Z one
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
C S M
MAR S
Manage m e nt S yste m
Si
In te r n e t/
In tr a n e t/
/W A N
Si
D M Z
L A N /W A N
1
0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
13
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
14
(), ()
()
6
!
DO S, ,
, Q o S, ,
(M T B F )
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
15
D o S D D o S
/
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
16
: 2 0 0 3 2 0 0 6 E r i c B y r e s , B C I T
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
17
I d a h o N a t i o n a l L a b s , S a n d i a N a t i o n a l L a b s ,
, ,
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
18
B C IT 30 ,
C E R T
-
?
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
19
-
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
20
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
21
DM Z + + + +
O SISo f t , R o c k w e l l , Y o k o g a w a
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
22
C IS C O
, :
Se c u
V e rs
G u id
N IST
r in g Y o
i o n 1 .0 ,
e t o SC
SP 80 0
u r SC A DA a n d In d u s t r i a l C o n t r o l Sy s t e m s ,
DH S, ISB N 0 -1 6 -0 7 5 1 1 5 -8
A DA a n d In d u s t r i a l C o n t r o l Sy s t e m Se c u r i t y ,
-82
: S e c u r i t y A r c h i t e c t u r e f o r t h e E n t e r p r i s e , G a r t n e r R e s e a r c h , 2 0 0 6
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
23
: ,
/ , -
: / ,
, :
, /
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
24
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
25
5
4
E m a il, In tr a n e t, e tc .
S ite B u s in e s s P la n n in g a n d L o g is tic s N e tw o r k
T e r m in a l
S e r v ic e s
P a tc h
M g m t
H is to r ia n
( M ir r o r )
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
S u p e r v is o r y
C o n tro l
HMI
B a tc h
C o n tro l
H is to r ia n
D is c r e te
C o n tro l
IDS
C is c o P u b lic
S ite O p e r a tio n s
a n d C o n tro l
E n g in e e r in g
S ta tio n
C o n tin u o u s
C o n tro l
D M Z
A p p lic a t io n
S e rv e r
S u p e r v is o r y
C o n tro l
0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
A V
S e rv e r
W e b S e r v ic e s
O p e r a tio n s
E n te r p r is e N e t w o r k
HMI
H y b r id
C o n tro l
A re a
S u p e r v is o r y
C o n tro l
IP S
B a s ic
C o n tro l
P ro c e s s
26
, , , ..
DM Z
( ) IP S
-
:
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
IDS
C is c o P u b lic
27
D M Z
T e r m in a l
S e r v ic e s
H is to r ia n
( M ir r o r )
P a tc h
M g m t
A V
S e rv e r
W e b S e r v ic e s
O p e r a tio n s
D M Z
A p p lic a t io n
S e rv e r
WAN/LAN
E n g in e e
P r o d u c tio n
O p tim iz in g
H is to r ia n
S t a E t i on
C o n P t r ro o l d u c t i o n
C o n O t r op lt i m i z i n g
H is to r ia n
C o n P t rroo ld u c t i o n
C o n O t r po tl i m i z i n g
H is to r ia n
C o n tro l
C o n tro l
S u p e r v is o r y
HMI
C o n S t ur o p l e r v i s o r y
HMI
C o nS t ur o p l e r v i s o r y
HMI
C o n tro l
B a tc h
D is c r e te
C o n tr o Bl a tc h
C o n t r D o il s c r e t e
C o n troBl a tc h
C o n t rD o i l s c r e t e
C o n tro l
C o n tro l
S ite O p e r a tio n s
r in g
a n S d i t e C o O n p t re o r la t i o n s
ng i n e e r i n g
a n S d i t e C Oo n p t e r o r a l t i o n s
S t a E t i no gn i n e e r i n g
a n d C o n tro l
S ta tio n
S u p e r v is o r
C o n S t ur o p l e
C o
A re a
S u p e r v is o r y A r e a
r v is o r y
HMI
C S o u n p t re o r lv i s o r y
nS t ur o p l e r v i s o r y
A re a
HMI
C S o u n p t er o r vl i s o r y
C o n tro l
C o n tro l
y
C o n tin u o u s
C o n C t roo nl t i n u o u s
C o n C t ro o n l t i n
C o n
HMI
H y b r id
C o n t r oH l y b r id
u o u s C o n t r oH
tro l
C
B a s ic
C o n tr o lB a s ic
l y b r i d C o n t r o lB a s i c
C o n tro l
o n tro l
P ro c e s s
P ro c e s s
P ro c e s s
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
28
DMZ
DMZ
H is t o r ia n
M ir r o r
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
Web
S er v i c es
O p er a t i o n s
C is c o P u b lic
29
D M Z
D M Z -
-
D M Z
D M Z
DM Z
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
30
D M Z
IO S F ir e w a ll
D M Z V L A N 2
C is c o
C a ta ly s t
2 9 6 0
N A T
d o t1 q
tru n k
D M Z V L A N 3
D M Z V L A N 4
A d a
S e c
A p p
(A S
IP
L 2
p tiv e
u r ity
lia n c e
A 5 5 2 0 )
S
V L A N
F W A C L
IP S
C is c o S e c u r ity A g e n t
(C S A )
WAN/LAN
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
31
D M Z
C i s c o A SA A d v a n c e d In s p e c t i o n M o d u l e (IP S)
DN P 3 , M o d b u s , IC C P
-
V L A N
- A SA
A C L
DM Z V L A N , ,
C i s c o Se c u r i t y A g e n t (C SA ) DM Z
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
32
C is c o S e c u r ity A g e n t
, , , ..
( ,
)
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
33
DMZ
V L A N
V P N
WAN/LAN
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
34
A S A V P N V P N V L A N
V P N
:
(A C S), L DA P , A c t i v e Di r e c t o r y , ..
R e m o t e
D e s k t o p
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
35
WAN/LAN
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
S u p e r v is o r y
C o n tro l
HMI
B a tc h
C o n tro l
D is c r e te
C o n tro l
C o n tin u o u s
C o n tro l
IDS
C is c o P u b lic
E n g in e e r in g
S ta tio n
S u p e r v is o r y
C o n tro l
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
H is to r ia n
P o r t Se
Q o
ite O p e r a tio n s
a n d C o n t r o l Sm
a rt
N A
HMI
H y b r id
C o n tro l
A re a
S u p e r v is o r y
C o n tro l
c u r ity
S
P o rts
C
B a s ic
C o n tro l
P ro c e s s
36
D M Z
- D M Z
-
P o r t s e c u r ity
Q o S, t r a f f i c s h a p i n g , t r a f f i c p o l i c i n g
Sm a r t P o r t s
IDS, -
C is c o C le a n A c c e s s
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
37
V L A N
L 3
A C L
(F W , IDS )
WAN/LAN
C is c o
C a ta ly s t
L 3
37 50
S ta c k
G ig a b it
C is c o
C a ta ly s t
29 55
L 2
1 0 /1 0 0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
d o t1 q T ru n k s
V L A N
C is c o P u b lic
R o u te d
In te rfa c e
L 3
L 2
V L A N
A C L
Q o
P o
P o
S m
S , S h a p in g ,
lic in g
r t S e c u r it y
a rt P o rts
38
-
V L A N
3- 37 5 0
A C L
V L A N
R a p i d P V ST +
In d u s t r i a l E t h e r n e t C a t a l y s t 2 9 5 5
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
39
,
, IDS V L A N
3
C is c o C a ta ly s t
6 500 F i r e w a l l
M o d u le
ID S M o d u le
L 2
WAN/LAN
V L A N
A C L
ID S
L 2
T ru n k s
C is c o
C a ta ly s t
37 50
T ru n k s
C is c o L 2
C a ta ly s t
29 55
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
V L A N
V L A N
C is c o P u b lic
Q o
S h
P o
P o
S m
S ,
a p in g ,
lic in g
r t S e c u r it y
a rt P o rts
L 2
40
-
V L A N
V L A N
IDS
IDS (
)
6 5 0 0
37 5 0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
41
, IDS
V L A N
A SA
WAN/LAN
AS A
F a ilo v e r
d o t1 q T ru n k
S ta c k
C is c o
L 2
C a ta ly s t
37 50
L 2
d o t1 q T ru n k s
L 2
L 2
Q o
P o
P o
S m
S
lic
rt
a
, S h a p in g ,
in g
S e c u r it y
rt P o rts
V L A N
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
V L A N
A C L
ID S
C is c o P u b lic
42
A S A I D S D M Z ,
-
-
-
A SA
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
43
R o u te r
E m a il, In tr a n e t, e tc .
T e r m in a l
S e r v ic e s
E n te r p r is e N e t w o r k
S ite B u s in e s s P la n n in g a n d L o g is tic s N e tw o r k
P a tc h
M g m t
H is to r ia n
( M ir r o r )
W e b S e r v ic e s
O p e r a tio n s
A V
S e rv e r
A A A
A p p lic a t io n
S e rv e r
W A N /L A N
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
S u p e r v is o r y
C o n tro l
HMI
B a tc h
C o n tro l
H is to r ia n
E n g in e e r in g
S ta tio n
S u p e r v is o r y
C o n tro l
D is c r e te
C o n tro l
C o n tin u o u s
C o n tro l
D o m a in
C o n tr o lle r
+D N S
N e tw o rk
+
S e c u r it y
M g m t
S e c o n d
D o m a
C o n tro
+D N
S
a ry
in
lle r
T e r m in a l
S e r v ic e s
M A R S
T e r m in a l
S e r v ic e s
HMI
H y b r id
C o n tro l
P ro c e s s
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
44
(o u t -o f b a n d )D M Z
, A A A ,
(i n -b a n d )
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
45
C is c o M A R S
M A R S M o n i t o r i n g , A n a l y s i s , a n d R e s p o n s e S y s t e m
, ,
SN M P
- ,
D M Z
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
46
C is c o C le a n A c c e s s
N e t w o r k A d m i s s i o n C o n t r o l ,
80 2 .1 x
,
,
DM Z
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
47
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
48
Si
In te r n e t/
In tr a n e t/
/W A N
Si
D M Z
L A N /W A N
1
0
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
49
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C i s c o C C i os c n o f i d P e u n b t i l a i c l
50
Effects of Ethernet-b a sed , N on-sa fety R el a ted C ontrol s on
the S a fe a nd C onti nu ed O p era ti on of N u cl ea r P ow er
S ta ti ons, N R C I nform a ti on N oti ce: 2 0 0 7 -1 5 ( B row ns
F erry i nci d ent)
S ecu ri ng Y ou r S C A D A a nd I nd u stri a l C ontrol S y stem s,
V ersi on 1 . 0 , D H S , I S B N 0 -1 6 -0 7 5 1 1 5 -8
G u i d e to S C A D A a nd I nd u stri a l C ontrol S y stem
N I S T S P 80 0 -82
S ecu ri ty ,
C is c o P u b lic
51
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
52
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic
53