Обеспечение информационной безопасности в промышленности и ТЭК

Security Cisco Academy
26-27 , 20 0 7
2 0 0 7 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o P u b lic

a g r e c h in @
c i s c o .c o m
C is c o P u b lic

( )

- ,

.
-
,

.
C is c o P u b lic

( )
M A S T E R

(P L C )
PLC1

MASTER
C is c o P u b lic
PLC2

, , , ,
..

, 1 2 0 0
: 1 5 2 0

C is c o P u b lic
In te r n e t

Workplaces
Firewall
IP

t erpri se
E n
O pt i m i z at i on
S u ite
Third Party
A p p l ic atio n
S e rv e r
C o n n e c tiv ity
S e rv e r
H is to rian
S e rv e r
A p p l ic atio n
S e rv e r
M o b il e
O p e rato r
E n g in e e rin g
W o rk p l ac e
S e rial , O PC
o r F ie l db u s
Third Party
C o n tro l l e rs ,
S e rv e rs , e tc .
R e du n dan t
Serial
C is c o P u b lic
R S4 8 5
6

W i n d o w s , W i n C E , L i n u x ,

, w e b - , w e b - ..
H T T P , R P C , F T P , D C O M , X M L , S N M P ..
I P E t h e r n e t
T C P U D P

E t h e r n e t
C is c o P u b lic

I P
O D V A (R o c k w e l l )
H o n e y w e ll E x p e r io n
F o u n d a tio n F ie ld b u s H S E
Y o k o g a w a V N E T /I P
P r o fin e t
T e lv e n t
A B B 8 0 0 x A
E m e r s o n D e lta V
In v e n s y s In fu s io n
..
I P
.
I P
C is c o P u b lic

+ I P +

,

W o r m s a n d V ir u s e s
L e g a c y O S e s a n d a p p lic a tio n s
D O S a n d D D O S im p a ir in g a v a ila b ilit y
In a b ilit y to lim it a c c e s s
U n k n o w n a c c e s s
U n e x a m in e d s y s te m
L i t t l e o r n o u s e o f a n t i -v i r u s
Im p r o p e r ly s e c u r e d d e v ic e s
U n a u th o r iz e d a c c e s s
In a b ilit y to r e v o k e a c c e s s
U n p a tc h e d s y s te m s
lo g s
A c c id e n ta l m is c o n f ig u r a tio n
L i m i t e d u s e o f h o s t -b a s e d f i r e w a l l s
Im p r o p e r ly s e c u r e d w ir e le s s
U n a u th o r iz e d a p p lic a tio n s
D is g r u n tle d in s id e r s
Im p r o p e r u s e o f IC S w o r k s ta tio n s
U n e n c r y p te d lin k s to r e m o te s ite s
U n n e c e s s a r y a p p lic a tio n s
O p e n F T P , T e ln e t, S N M P , H T M L p o r ts
F r a g ile IP s ta c k s in c o n tr o l d e v ic e s
N e tw o rk s c a n s b y IT s ta ff
O r g a n iz e d c r im e
T e r r o r is ts
H a c k tiv is ts
E c o -t e r r o r i s t s
P a s s w o r d s s e n t in c le a r te x t
N a tio n s ta te s
D e f a u lt p a s s w o r d s
B le n d e d a tta c k s
D e f a u lt O S s e c u r it y c o n f ig u r a tio n s
E x to r tio n
P a s s w o r d m a n a g e m e n t p r o b le m s
C o m p e titiv e e s p io n a g e
C is c o P u b lic

, 1 9 8 2
, 2 0 0 0
B e l l i n g h a m
$$$.$$
, 1 9 9 9
D a v is B e s s e , 2 0 0 3
B ro w n s F e rry , 2 0 0 6
, 2 0 0 3
C is c o P u b lic
10

C is c o ?
C is c o P u b lic
11

, IP S , V P N , D M Z

, ID S , V P N , N A C ,
C S A ,
,

M A R S , C S M , L M S
IP S
I ntru sion P re v e ntion S yste m
C S A
C isc o S e c u rity Age nt
N AC
N e tw ork Adm ission C ontrol
L MS
L AN
D MZ
V P N
D e m ilitariz e d Z one
V irtu al P riv ate N e tw ork
C is c o P u b lic
C S M
MAR S
C isc o S e c u rity Manage r
Manage m e nt S yste m
Monitoring Analysis and

R e sp onse S yste m
12
Si
In te r n e t/
In tr a n e t/
/W A N
Si
D M Z
L A N /W A N
1
0
C is c o P u b lic
13
C is c o P u b lic
14
(), ()
()

6
!
DO S, ,
, Q o S, ,
(M T B F )
C is c o P u b lic
15
D o S D D o S

/

C is c o P u b lic
16
: 2 0 0 3 2 0 0 6 E r i c B y r e s , B C I T
C is c o P u b lic
17
I d a h o N a t i o n a l L a b s , S a n d i a N a t i o n a l L a b s ,

, ,

C is c o P u b lic
18
B C IT 30 ,
C E R T

-

?
C is c o P u b lic
19

-
C is c o P u b lic
20
C is c o P u b lic
21
DM Z + + + +

O SISo f t , R o c k w e l l , Y o k o g a w a
C is c o P u b lic
22

C IS C O

, :
Se c u
V e rs
G u id
N IST
r in g Y o
i o n 1 .0 ,
e t o SC
SP 80 0
u r SC A DA a n d In d u s t r i a l C o n t r o l Sy s t e m s ,
DH S, ISB N 0 -1 6 -0 7 5 1 1 5 -8
A DA a n d In d u s t r i a l C o n t r o l Sy s t e m Se c u r i t y ,
-82
: S e c u r i t y A r c h i t e c t u r e f o r t h e E n t e r p r i s e , G a r t n e r R e s e a r c h , 2 0 0 6
C is c o P u b lic
23
: ,
/ , -
: / ,

, :

, /
C is c o P u b lic
24
C is c o P u b lic
25
5
4
E m a il, In tr a n e t, e tc .
S ite B u s in e s s P la n n in g a n d L o g is tic s N e tw o r k
T e r m in a l
S e r v ic e s
P a tc h
M g m t
H is to r ia n
( M ir r o r )
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
S u p e r v is o r y
C o n tro l
HMI
B a tc h
C o n tro l
H is to r ia n
D is c r e te
C o n tro l
IDS
C is c o P u b lic
S ite O p e r a tio n s
a n d C o n tro l
E n g in e e r in g
S ta tio n
C o n tin u o u s
C o n tro l
D M Z
A p p lic a t io n
S e rv e r
C o n tro l
0
A V
S e rv e r
W e b S e r v ic e s
O p e r a tio n s
E n te r p r is e N e t w o r k
HMI
H y b r id
C o n tro l
A re a
C o n tro l
IP S
B a s ic
C o n tro l
P ro c e s s
26

, , , ..
DM Z
( ) IP S

-
:
IDS
C is c o P u b lic
27
D M Z
T e r m in a l
S e r v ic e s
H is to r ia n
( M ir r o r )
P a tc h
M g m t
A V
S e rv e r
O p e r a tio n s

D M Z
A p p lic a t io n
S e rv e r
WAN/LAN
E n g in e e
P r o d u c tio n
O p tim iz in g
H is to r ia n
S t a E t i on
C o n P t r ro o l d u c t i o n
C o n O t r op lt i m i z i n g
H is to r ia n
C o n P t rroo ld u c t i o n
C o n O t r po tl i m i z i n g
H is to r ia n
C o n tro l
C o n tro l
HMI
C o n S t ur o p l e r v i s o r y
HMI
C o nS t ur o p l e r v i s o r y
HMI
C o n tro l
B a tc h
D is c r e te
C o n tr o Bl a tc h
C o n t r D o il s c r e t e
C o n troBl a tc h
C o n t rD o i l s c r e t e
C o n tro l
C o n tro l
S ite O p e r a tio n s
r in g
a n S d i t e C o O n p t re o r la t i o n s
ng i n e e r i n g
a n S d i t e C Oo n p t e r o r a l t i o n s
S t a E t i no gn i n e e r i n g
a n d C o n tro l
S ta tio n
S u p e r v is o r
C o n S t ur o p l e
C o
A re a
S u p e r v is o r y A r e a
r v is o r y
HMI
C S o u n p t re o r lv i s o r y
nS t ur o p l e r v i s o r y
A re a
HMI
C S o u n p t er o r vl i s o r y
C o n tro l
C o n tro l
y
C o n tin u o u s
C o n C t roo nl t i n u o u s
C o n C t ro o n l t i n
C o n
HMI
H y b r id
C o n t r oH l y b r id
u o u s C o n t r oH
tro l
C
B a s ic
C o n tr o lB a s ic
l y b r i d C o n t r o lB a s i c
C o n tro l
o n tro l
P ro c e s s
P ro c e s s
P ro c e s s
C is c o P u b lic
28
DMZ

DMZ
H is t o r ia n
M ir r o r
Web
S er v i c es
O p er a t i o n s
C is c o P u b lic

29
D M Z
D M Z -
-
D M Z

D M Z

DM Z
C is c o P u b lic
30
D M Z
IO S F ir e w a ll
D M Z V L A N 2
C is c o
C a ta ly s t
2 9 6 0
N A T
d o t1 q
tru n k
D M Z V L A N 3
D M Z V L A N 4
A d a
S e c
A p p
(A S
IP
L 2
p tiv e
u r ity
lia n c e
A 5 5 2 0 )
S
V L A N
F W A C L
IP S
C is c o S e c u r ity A g e n t
(C S A )
WAN/LAN
C is c o P u b lic
31
D M Z
C i s c o A SA A d v a n c e d In s p e c t i o n M o d u l e (IP S)
DN P 3 , M o d b u s , IC C P
-
V L A N
- A SA
A C L
DM Z V L A N , ,
C i s c o Se c u r i t y A g e n t (C SA ) DM Z

C is c o P u b lic
32
C is c o S e c u r ity A g e n t

, , , ..

( ,
)
C is c o P u b lic
33
DMZ
V L A N

V P N
WAN/LAN
C is c o P u b lic
34

A S A V P N V P N V L A N

V P N

:
(A C S), L DA P , A c t i v e Di r e c t o r y , ..
R e m o t e
D e s k t o p
C is c o P u b lic
35
WAN/LAN
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
C o n tro l
HMI
B a tc h
C o n tro l
D is c r e te
C o n tro l
C o n tin u o u s
C o n tro l
IDS
C is c o P u b lic
E n g in e e r in g
S ta tio n
C o n tro l
H is to r ia n
P o r t Se
Q o
ite O p e r a tio n s
a n d C o n t r o l Sm
a rt
N A
HMI
H y b r id
C o n tro l
A re a
C o n tro l
c u r ity
S
P o rts
C
B a s ic
C o n tro l
P ro c e s s
36
D M Z

- D M Z
-

P o r t s e c u r ity
Q o S, t r a f f i c s h a p i n g , t r a f f i c p o l i c i n g
Sm a r t P o r t s
IDS, -
C is c o C le a n A c c e s s
C is c o P u b lic
37

V L A N
L 3
A C L
(F W , IDS )
WAN/LAN

C is c o
C a ta ly s t
L 3
37 50
S ta c k
G ig a b it
C is c o
C a ta ly s t
29 55
L 2
1 0 /1 0 0
d o t1 q T ru n k s
V L A N
C is c o P u b lic
R o u te d
In te rfa c e
L 3
L 2
V L A N
A C L
Q o
P o
P o
S m
S , S h a p in g ,
lic in g
r t S e c u r it y
a rt P o rts
38

-
V L A N
3- 37 5 0
A C L
V L A N

R a p i d P V ST +

In d u s t r i a l E t h e r n e t C a t a l y s t 2 9 5 5

C is c o P u b lic
39

,

, IDS V L A N

3
C is c o C a ta ly s t
6 500 F i r e w a l l
M o d u le
ID S M o d u le
L 2
WAN/LAN
V L A N
A C L
ID S
L 2
T ru n k s
C is c o
C a ta ly s t
37 50
T ru n k s
C is c o L 2
C a ta ly s t
29 55

V L A N
V L A N
C is c o P u b lic
Q o
S h
P o
P o
S m
S ,
a p in g ,
lic in g
r t S e c u r it y
a rt P o rts
L 2
40

-
V L A N
V L A N
IDS
IDS (
)

6 5 0 0

37 5 0
C is c o P u b lic
41

, IDS
V L A N
A SA
WAN/LAN
AS A
F a ilo v e r
d o t1 q T ru n k
S ta c k
C is c o
L 2
C a ta ly s t
37 50
L 2
d o t1 q T ru n k s
L 2
L 2
Q o
P o
P o
S m
S
lic
rt
a
, S h a p in g ,
in g
S e c u r it y
rt P o rts
V L A N
V L A N
A C L
ID S
C is c o P u b lic
42

A S A I D S D M Z ,
-
-

-
A SA
C is c o P u b lic
43

R o u te r
E m a il, In tr a n e t, e tc .
T e r m in a l
S e r v ic e s
E n te r p r is e N e t w o r k
S ite B u s in e s s P la n n in g a n d L o g is tic s N e tw o r k
P a tc h
M g m t
H is to r ia n
( M ir r o r )
O p e r a tio n s
A V
S e rv e r
A A A
A p p lic a t io n
S e rv e r
W A N /L A N
P r o d u c tio n
C o n tro l
O p tim iz in g
C o n tro l
C o n tro l
HMI
B a tc h
C o n tro l
H is to r ia n
E n g in e e r in g
S ta tio n
C o n tro l
D is c r e te
C o n tro l
C o n tin u o u s
C o n tro l
D o m a in
C o n tr o lle r
+D N S
N e tw o rk
+
S e c u r it y
M g m t
S e c o n d
D o m a
C o n tro
+D N
S
a ry
in
lle r
T e r m in a l
S e r v ic e s
M A R S
T e r m in a l
S e r v ic e s
HMI
H y b r id
C o n tro l
P ro c e s s
C is c o P u b lic
44

(o u t -o f b a n d )D M Z
, A A A ,

(i n -b a n d )

C is c o P u b lic
45
C is c o M A R S
M A R S M o n i t o r i n g , A n a l y s i s , a n d R e s p o n s e S y s t e m
, ,
SN M P

- ,

D M Z
C is c o P u b lic
46
C is c o C le a n A c c e s s
N e t w o r k A d m i s s i o n C o n t r o l ,
80 2 .1 x

,

,
DM Z
C is c o P u b lic
47
C is c o P u b lic
48
Si
In te r n e t/
In tr a n e t/
/W A N
Si
D M Z
L A N /W A N
1
0
C is c o P u b lic
49
C i s c o C C i os c n o f i d P e u n b t i l a i c l
50

Effects of Ethernet-b a sed , N on-sa fety R el a ted C ontrol s on
the S a fe a nd C onti nu ed O p era ti on of N u cl ea r P ow er
S ta ti ons, N R C I nform a ti on N oti ce: 2 0 0 7 -1 5 ( B row ns
F erry i nci d ent)
S ecu ri ng Y ou r S C A D A a nd I nd u stri a l C ontrol S y stem s,
V ersi on 1 . 0 , D H S , I S B N 0 -1 6 -0 7 5 1 1 5 -8
G u i d e to S C A D A a nd I nd u stri a l C ontrol S y stem
N I S T S P 80 0 -82
S ecu ri ty ,
M a nu fa ctu ri ng a nd C ontrol S y stem s S ecu ri ty , I S A -S P 9 9 ,

w w w . i sa . org / M S T em p l a te. cfm ? M i crosi teI D = 9 88& C om m i tteeI
D = 6 82 1
A G A 1 2 / I EEE P 1 6 89 S C A D A Encry p ti on S ta nd a rd ,
w w w . g ti serv i ces. org / secu ri ty , sca d a sa fe. sf. net
C is c o P u b lic
51
C is c o P u b lic
52
C is c o P u b lic
53

Обеспечение информационной безопасности в промышленности и ТЭК

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Обеспечение информационной безопасности в промышленности и ТЭК

Загружено:

Авторское право:

Доступные форматы

Security Cisco Academy

I ntru sion P re v e ntion S yste m

C isc o S e c u rity Age nt

N e tw ork Adm ission C ontrol

V irtu al P riv ate N e tw ork

C isc o S e c u rity Manage r

Monitoring Analysis and

M a nu fa ctu ri ng a nd C ontrol S y stem s S ecu ri ty , I S A -S P 9 9 ,

Вам также может понравиться