552 research outputs found

    Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

    Full text link
    Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

    Cyber-security of Cyber-Physical Systems (CPS)

    Get PDF
    This master's thesis reports on security of a Cyber-Physical System (CPS) in the department of industrial engineering at UiT campus Narvik. The CPS targets connecting distinctive robots in the laboratory in the department of industrial engineering. The ultimate objective of the department is to propose such a system for the industry. The thesis focuses on the network architecture of the CPS and the availability principle of security. This report states three research questions that are aimed to be answered. The questions are: what a secure CPS architecture for the purpose of the existing system is, how far the current state of system is from the defined secure architecture, and how to reach the proposed architecture. Among the three question, the first questions has absorbed the most attention of this project. The reason is that a secure and robust architecture would provide a touchstone that makes answering the second and third questions easier. In order to answer the questions, Cisco SAFE for IoT threat defense for manufacturing approach is chosen. The architectural approach of Cisco SAFE for IoT, with similarities to the Cisco SAFE for secure campus networks, provides a secure network architecture based on business flows/use cases and defining related security capabilities. This approach supplies examples of scenarios, business flows, and security capabilities that encouraged selecting it. It should be noted that Cisco suggests its proprietary technologies for security capabilities. According to the need of the project owners and the fact that allocating funds are not favorable for them, all the suggested security capabilities are intended to be open-source, replacing the costly Cisco-proprietary suggestions. Utilizing the approach and the computer networking fundamentals resulted in the proposed secure network architecture. The proposed architecture is used as a touchstone to evaluate the existing state of the CPS in the department of industrial engineering. Following that, the required security measures are presented to approach the system to the proposed architecture. Attempting to apply the method of Cisco SAFE, the identities using the system and their specific activities are presented as the business flow. Based on the defined business flow, the required security capabilities are selected. Finally, utilizing the provided examples of Cisco SAFE documentations, a complete network architecture is generated. The architecture consists of five zones that include the main components, security capabilities, and networking devices (such as switches and access points). Investigating the current state of the CPS and evaluating it by the proposed architecture and the computer networking fundamentals, helped identifying six important shortcomings. Developing on the noted shortcomings, and identification of open-source alternatives for the Cisco-proprietary technologies, nine security measures are proposed. The goal is to perform all the security measures. Thus, the implementations and solutions for each security measure is noted at the end of the presented results. The security measures that require purchasing a device were not considered in this project. The reasons for this decision are the time-consuming process of selecting an option among different alternatives, and the prior need for grasping the features of the network with the proposed security capabilities; features such as amount and type of traffic inside the network, and possible incidents detected using an Intrusion Detection Prevention System. The attempts to construct a secure cyber-physical system is an everlasting procedure. New threats, best practices, guidelines, and standards are introduced on a daily basis. Moreover, business needs could vary from time to time. Therefore, the selected security life-cycle is required and encouraged to be used in order to supply a robust lasting cyber-physical system

    Defense in Depth Network Perimeter Security

    Get PDF
    Defense in depth network perimeter security has always be a topic of discussion for a long time as an efficient way of mitigating cyber-attacks. While there are no 100% mitigating method against cyber-attacks, a layered defense in depth network perimeter security can be used to mitigate against cyber-attacks. Research have shown a massive growth in cyber-crimes and there are limited number of cyber security expert to counter this attacks. EIU as an institution is taking up the responsibility of producing cyber security graduates with the new Master of Science in Cyber Security program that started in Fall 2017. This research is aim at designing and developing a defense in depth network perimeter security that will be used for laboratory practices to learn and simulate cyber security activity and its mitigation. The research is complemented with the design of ten laboratory practices to give expertise to the students in the equipment used in the design. The designed topology comprises of two sites, connected via IPSec site to site VPN over an unsecure internet connection. A public testing webserver is placed at the DMZ which is to be used to invite hackers to attack the design system for the purpose of detecting, preventing and learning cyber-attack mechanisms

    Design of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) for the EIU Cybersecurity Laboratory

    Get PDF
    Cyber Security will always be a subject of discussion for a long time to come. Research has shown that there is massive growth of cyber-crime and the currently available number of Cyber Security experts to counter this is limited. Although there are multiple resources discussing Cyber Security, but access to training in practical applications is limited. As an institution, Eastern Illinois University (EIU) is set to start Masters of Science in Cyber Security in Fall 2017. Then the challenge is how EIU will expose students to the practical reality of Cyber Security where they can learn different detection, prevention and incidence analysis techniques of cyber-attacks. In addition, students should have the opportunity to learn cyber-attacks legally. This research proposes a solution for these needs by focusing on the design of firewall architecture with an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for the EIU Cyber Security Laboratory. This thesis explores different up to date techniques and methods for detection and prevention of cyber-attacks. The overall outcome of this research is to design a public testing site that invites hackers to attack for the purpose of detection, prevention and security incidence analysis. This public firewall might empower students and instructors with practical cyber-attacks, detection techniques, prevention techniques, and forensics analysis tools. It may also provide the knowledge required for further research in the field of Cyber Security

    Development of a Cyber Range with description language for network topology definition

    Get PDF
    Cyber Ranges are an essential tool for cybersecurity trainings and experiments because they enable to setup virtual, isolated and reproducible environments that can be safely used to execute different types of tests and scenarios. The preparation of scenarios is the most time-consuming phase, which includes the configuration of the virtual machines and the definition of the network topology, so it is important for a Cyber Range to include tools that simplify this operation. This work focuses on how to implement and setup a Cyber Range that includes the necessary features and tools to simplify the setup phase, in particular for large topologies. The literature review provides an analysis of the selected open-source and research solutions currently available for Cyber Ranges and their configuration for use in different scenarios. This work presents the development of a Cyber Range based on the open-source framework OpenStack and the entire design process of a new Description Language, starting from the analysis of the requirements for the defined use-cases, defining and designing the required features, the implementation of all the required components, and the testing of the correctness and effectiveness of the whole system. A comparison of the implemented solution against the selected solutions in the literature study is provided, summarising the unique features offered by this approach. The validation of the Description Language implementation with the defined use cases demonstrated that it can reduce the complexity and length of the required template, which can help to make the setup of scenarios faster

    Infrastructure as Code for Cybersecurity Training

    Get PDF
    An organization\u27s infrastructure rests upon the premise that cybersecurity professionals have specific knowledge in administrating and protecting it against outside threats. Without this expertise, sensitive information could be leaked to malicious actors and cause damage to critical systems. These attacks tend to become increasingly specialized, meaning cybersecurity professionals must ensure proficiency in specific areas. Naturally, recommendations include creating advanced practical training scenarios considering realistic situations to help trainees gain detailed knowledge. However, the caveats of high-cost infrastructure and difficulties in the deployment process of this kind of system, primarily due to the manual process of pre-configuring software needed for the training and relying on a set of static Virtual Machines, may take much work to circumvent. In order to facilitate this process, our work addresses the use of Infrastructure as Code (IaC) and DevOps to automate the deployment of cyber ranges. An approach closely related to virtualization and containerization as the code\u27s underlying infrastructure helps lay down this burden. Notably, placing emphasis on using IaC tools like Ansible eases the process of configuration management and provisioning of a network. Therefore, we start by focusing on understanding what the State of the Art perspectives lack and showcasing the benefits of this new working outlook. Lastly, we explore several up-to-date vulnerabilities that are constantly messing with the lives of individuals and organizations, most related to Privilege Escalation, Remote Code Execution attacks, and Incident Forensics, allowing the improvement of skills concerning Red team and Blue team scenarios. The analysis of the attacks and exploitation of such vulnerabilities are carried out safely due to a sandbox environment. The expected results revolve around using IaC to deploy a set of purposely-designed cyber ranges with specific challenges. The main objective is to guarantee a complexity of scenarios similar to what we can observe in enterprise-level networks. Thus, this entails having a set of playbooks that can be run in a machine or laboratory, assuring the final state of the network is consistent. We expect this deployment strategy to be cost-effective, allowing the trainee to get deep insight into a wide range of situations. Nowadays, DevOps solutions work as a silver bullet against the issues derived from old-case-driven approaches for setting up scenarios. In short, one of the key takeaways of this work is contributing to better prepare specialists in ensuring that the principles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework hold, namely: prevent, detect, mitigate, and recover

    Modernization of Manufacturing with Cybersecurity at the Forefront

    Full text link
    With the proliferation of Industrial Control Systems (ICSs), manufacturing processes have improved over the last 30 years, however, the organizational focus to securely exchange and process information to/from integrated systems has been consistently lacking. These environments continue to be susceptible to security vulnerabilities, despite history [15] showing that cybersecurity exposures in manufacturing have largely gone unaddressed and continue to rise [52]. This study evaluates cybersecurity challenges in the industry and proposes recommendations for practical and fiscally responsible defense-in-depth cybersecurity protections for manufacturing environments. The business operating model, how ICSs became pervasive, as well as the major components that enable the operational technology (OT) were evaluated. With an understanding of the traditional network architecture for the industry [37], the rapidly evolving challenges facing the industry were examined. These challenges are impactful to the traditional and slow to change manufacturing operating model that has not focused on the necessary cyber protections for their OT environments. In addition, the industry is now facing game-changing technological concepts such as advanced manufacturing and Industry 4.0 that bring new complex challenges and cyber threats, unfamiliar to most in the industry. This is all underpinned by an organizational divide where the personnel most knowledgeable with the modern technology and cyber risks, in the majority of cases, are not responsible for the OT architecture and security. These headwinds impact an industry which spends the least on IT and cyber security than any other industry, globally [22]. The cyber risks and challenges in the industry are diverse, spanning technological and organizational competencies, stemming from purpose built components which operate in an ecosystem where cybersecurity is an afterthought. As a means to close the gap, practical and reasonable recommendations to address these problems are discussed; some specific and unique to the manufacturing industry while others are fundamental applications discussed with a manufacturing industry lens, which are commonly ignored due to perceived complexity, cost or simply lack of awareness. Lastly, a number of these recommendations were selected for further evaluation and implementation; challenges, approach, benefits and outcomes are shared showing measureable improvements to the cybersecurity posture of the organization.Master of ScienceComputer and Information Science, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/147433/1/49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdfDescription of 49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdf : Thesi

    Use of Service Oriented Architecture for Scada Networks

    Get PDF
    Supervisory Control and Data Acquisition (SCADA) systems involve the use of distributed processing to operate geographically dispersed endpoint hardware components. They manage the control networks used to monitor and direct large-scale operations such as utilities and transit systems that are essential to national infrastructure. SCADA industrial control networks (ICNs) have long operated in obscurity and been kept isolated largely through strong physical security. Today, Internet technologies are increasingly being utilized to access control networks, giving rise to a growing concern that they are becoming more vulnerable to attack. Like SCADA, distributed processing is also central to cloud computing or, more formally, the Service Oriented Architecture (SOA) computing model. Certain distinctive properties differentiate ICNs from the enterprise networks that cloud computing developments have focused on. The objective of this project is to determine if modern cloud computing technologies can be also applied to improving dated SCADA distributed processing systems. Extensive research was performed regarding control network requirements as compared to those of general enterprise networks. Research was also conducted into the benefits, implementation, and performance of SOA to determine its merits for application to control networks. The conclusion developed is that some aspects of cloud computing might be usefully applied to SCADA systems but that SOA fails to meet ICN requirements in a certain essential areas. The lack of current standards for SOA security presents an unacceptable risk to SCADA systems that manage dangerous equipment or essential services. SOA network performance is also not sufficiently deterministic to suit many real-time hardware control applications. Finally, SOA environments cannot as yet address the regulatory compliance assurance requirements of critical infrastructure SCADA systems
    • …
    corecore