Network Security

Lewis R. Folkerth, P. E.

Consumers Energy

Energy Management Systems

lrfolkerth@cmsenergy.com

Overview

• Why Network Security?

• Types of Security

• Network Configurations

• Intrusion Detection

• Maintaining Security

Why Network Security?

• EMS as installed:– no outside connections

– no or limited dialup

– few threats

EM S

R TU

Why Network Security?

• EMS today– Network connections

• Company

• Internet

– Dialup

– More threats• “Hackers”

• Competitors

• Terrorists

EM SH ub

C orporate N etw orks D ia lup

In ternet

Types of Security

• Host Security– Passwords

– OS

– Vulnerability Analysis

– Intrusion Detection

• Network Security– Firewalls

– Packet Filtering

– Vulnerability Analysis

– Intrusion Detection

Common EMS Network

R oute r

F irew a ll

In te rne t

S C A D A N e tw ork

E M S P C N e tw ork

C orpo ra te N e tw orks

Add a Layer of Protection

S C A D A N e tw ork

E M S P C N e tw ork

C orpo ra te N e tw orks

R ou te r

F irew a ll

In te rne t

R ou te r

F irew a ll

Add Intrusion Detection

S C A D A N e tw ork

E M S P C N e tw ork

C orpo ra te N e tw orks

R ou te r

F irew a ll

In te rne t

R ou te r

F irew a ll

S

A

S

SS

S - SensorA - Ana lysis System

Isolate the Intrusion Detection

S C A D A N e tw ork

E M S P C N e tw ork

C orpo ra te N e tw orks

R ou te r

F irew a ll

In te rne t

R ou te r

F irew a ll

SA

SS

Firewalls

• Commercial product is probably best

• Consider location when choosing brand and type– Parallel implementations

• Use same type and brand as main Internet firewall

– Series implementations• Use different brand from main firewall

Packet Filtering

• Available in most routers

• Used where a firewall is overkill

• More difficult to maintain

Vulnerability Analysis

• Host based– COPS (UNIX)

– ASET (Solaris)

– SCE (NT)

– Commercial

• Network Based– SATAN

– nmap

– Commercial

Intrusion Detection

• Host Based– Tripwire (UNIX)– Commercial (Other)

• Network Based– SHADOW– Commercial

Building an Intrusion Detection System (IDS)

• Obtain Software• Obtain Hardware

– Sensor Requirements– Analysis Station

Requirements

• Install the sensor– OS– tcpdump, libpcap, ssh,

SHADOW– Configure

• Install the analysis system– OS

– tcpdump, libpcap, ssh, apache, browser, SHADOW

– Configure

Maintaining Security

• Keep up with the latest exploits

• Ongoing education

• Newsletters

• Incident Response Groups

• NIPC - Infragard