How To Install Scada Ics

• In Person (6 days)
• Online

36 CPEs

ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to go along the operational environment safe, secure, and resilient against electric current and emerging cyber threats.

SANS has joined forces with industry leaders to equip security professionals and control system engineers with the cybersecurity skills they need to defend national critical infrastructure. ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and noesis for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

The grade will provide y'all with:

• An understanding of industrial command system components, purposes, deployments, significant drivers, and constraints.
• Hands-on lab learning experiences to control arrangement attack surfaces, methods, and tools
• Control arrangement approaches to system and network defence architectures and techniques
• Incident-response skills in a control system environment
• Governance models and resource for industrial cybersecurity professionals.

When examining the greatest risks and needs in critical infrastructure sectors, the course authors looked carefully at the cadre security principles necessary for the range of tasks involved in supporting control systems on a daily footing. While other courses are available for higher-level security practitioners who need to develop specific skills such equally industrial control system penetration testing, vulnerability analysis, malware analysis, forensics, secure coding, and reddish squad grooming, well-nigh of these courses exercise not focus on the people who operate, manage, design, implement, monitor, and integrate critical infrastructure production command systems.

With the dynamic nature of industrial control systems, many engineers do non fully sympathise the features and risks of many devices. In addition, Information technology support personnel who provide the communications paths and network defenses practise not ever grasp the systems' operational drivers and constraints. This course is designed to help traditional It personnel fully understand the blueprint principles underlying control systems and how to back up those systems in a manner that ensures availability and integrity. In parallel, the class addresses the demand for control organization engineers and operators to better understand the important office they play in cybersecurity. This starts by ensuring that a control arrangement is designed and engineered with cybersecurity built into information technology, and that cybersecurity has the same level of focus as system reliability throughout the system lifecycle.

When these different groups of professionals complete this class, they volition accept developed an appreciation, understanding, and common language that will enable them to work together to secure their industrial control system environments. The course will help develop cyber-secure-aware engineering practices and real-time command system IT /OT back up carried out past professionals who sympathise the concrete effects of actions in the cyber world.

You Will Exist Able To

• Better understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications
• Work with command network infrastructure pattern (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model.
• Run Windows command line tools to analyze the system looking for high-run a risk items
• Run Linux command line tools (ps, ls, netstat, ect) and basic scripting to automate the running of programs to perform continuous monitoring of diverse tools
• Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems)
• Better understand the systems' security lifecycle
• Meliorate empathize information balls principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation)
• Use your skills in figurer network defense (detecting host and network-based intrusions via intrusion detection technologies)
• Implement incident response and handling methodologies
• Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5

Hands-On Preparation

• Programming a PLC
• Programming an HMI
• Architecting a Secure DCS
• Finding Passwords in Embedded Devices
• Exploring Fieldbus Protocols
• Network Capture Analysis
• Enumerating Modbus TCP
• Network Forensics of an Attack
• Bypassing Auth with SQL Injection
• Password Fuzzing
• Baselining with PowerShell
• Configuring Host-Based Firewalls
• Windows Result Logs
• Finding Remote Access
• Incident Response Tabletop Exercise

What You Will Receive

• Electronic Download Packet contining ICS cybersecurity related posters, whitepapers, utilize cases, and cheat sheets
• A virtual machine of the Control Things Platform, an opensourced, linux-based distribution designed for performing security assessments on ICS systems
• A virtual car of Windows ten for course exercises
• MP3 audio files of the consummate class lecture
• A hardware PLC for students to use in class and accept home with them

SANS Video

• Overview

  Takeaway: Students will develop and reinforce a common language and understanding of Industrial Control Arrangement (ICS) cybersecurity equally well as the important considerations that come with cyber-to-physical operations within these environments. Each pupil will receive a programmable logic controller (PLC) device to go on. The PLC contains concrete inputs and outputs that will exist programmed in class and mapped to an operator interface, or HMI, too created in grade. This improved hardware-enabled approach provides the necessary cyber-to-concrete cognition that allows students to improve understand important ICS operational drivers and constraints that require specific prophylactic protection, communications needs, organisation management approaches, and cybersecurity implementations. Essential terms, architectures, methodologies, and devices are all covered to build a common language for students from a diverseness of dissimilar roles.

  Topics

  Day 1 ICS Overview

  • Global Industrial Cybersecurity Professional (GICSP) Overview
  • Overview of ICS
  • Processes & Roles
  • Industries
  • Do: Learning from Peers
  • Purdue Levels 0 and 1
  • Controllers and Field Devices
  • Programming Controllers
  • Practice: Programming a PLC
  • Purdue Levels 2 and 3
  • HMIs, Historians, Alarm Servers
  • Specialized Applications and Master Servers
  • Command Rooms and Plants
  • SCADA
  • Practise: Programming an HMI

  • IT & ICS Differences

    • ICS Life Wheel Challenges
  • Physical and Cyber Security

• Overview

  Takeaway: If yous know the antagonist'south approaches to attacking an ICS environment, you will be better prepared to defend that environment. Numerous assail vectors exist inside an ICS environment. Some are similar to traditional IT systems, while others are more specific to ICS. During Day 2, students will develop a better understanding of where these specific attack vectors exist and more defensible architectures for OT/ICS. Students will await at different technologies and communications used in Perdue Levels 0 and 1, the levels that are the most different from an It network. Students will capture fieldbus traffic from the PLCs they programmed in day 1 and look at what other fieldbus protocols used in the industry.

  Topics

  Solar day 2: Field Devices and Controllers

  • ICS Attack Surface
  • Threat Actors and Reasons for Attack
  • Attack Surface and Inputs
  • Vulnerabilities
  • Threat/Attack Models
  • Information Leakage
  • Exercise: Identifying External Attack Surfaces
  • Secure ICS Network Architectures
  • ICS410 Reference Model
  • Larger ICS Sites
  • Remote Admission
  • Regional SCADA
  • Practise: Architecting a Secure ICS Site
  • Purdue Level 0 and 1
  • Purdue Level 0 and ane Attacks
  • Control Things Platform
  • Exercise: Passwords in EEPROM Dumps
  • Purdue Level 0 and ane Technologies
  • Fieldbus Protocol Families
  • Do: Exploring Fieldbus Protocols
  • Purdue Level 0 and i Defenses
  • Safety Instrumented Systems (SIS)

• Overview

  Takeaway: Mean solar day 3 will have students through the communication protocols oft plant throughout control networks. Students will analyze network captures containing other command protocols that traverse Ethernet-only networks and TCP/IP networks, gear up a faux controller, and interact with it through a control protocol. Students volition learn about dissimilar methods to segment and control the flow of traffic through the command network. Students volition explore cryptographic concepts and how they tin can be applied to communications protocols and on devices that store sensitive data. Students volition acquire about the risks of using wireless communications in command networks, which wireless technologies are commonly used, and available defenses for each.

  Topics

  Day 3: Supervisory Systems

  • Ethernet and TCP/IP
  • Ethernet Concepts
  • TCP/IP Concepts
  • Exercise: Network Capture Analysis
  • ICS Protocols over TCP/IP
  • Wireshark and ICS Protocols
  • Attacks on Networks
  • Exercise: Enumerating Modbus TCP
  • Enforcement Zone Devices
  • Firewalls and NextGen Firewalls
  • Mod Information Diodes
  • NIDS/NIPS and Netflow
  • USB Scanning and Honeypots
  • Understanding Basic Cryptography
  • Crypto Keys
  • Encryption, Hashing, and Signatures
  • Exercise: Manual Cryptography
  • Wireless Technologies
  • Satellite and Cellular
  • Mesh Networks and Microwave
  • Bluetooth and Wi-Fi

  • Wireless Attacks and Defenses

    • 3 Eternal Risks of Wireless
    • Sniffing, DoS, Masquerading, Rogue AP

• Overview

  Takeaway: Students will learn essential ICS-related server and workstation operating system capabilities, implementation approaches, and system management practices. After a hand-on network forensics practise where students follow an assailant from phishing campaign to HMI breach, students will look at HMI, historian, and user interface technologies used in the eye to upper levels of the control network, namely Perdue Levels two and three, while performing attacks on HMI web technologies and interfaces susceptible to countersign brute strength attacks. In the afternoon, Students volition acquire almost how to create baselines and secure Windows-based workstation and servers.

  Topics

  Day 4: Workstations and Servers

  • Supervisory Servers
  • Supervisory Attacks
  • Historians and Databases
  • Do: Bypassing Auth with SQL Injection
  • User Interfaces
  • HMI and UI Attacks
  • Web-based Attacks
  • Password Defenses
  • Practice: Password Fuzzing
  • Defending Microsoft Windows
  • Windows Services
  • Windows Security Policies and GPOs
  • Host Firewalls
  • Practice: Baselining with PowerShell
  • Patching ICS Systems
  • Patch Decision Tree
  • Vendors, CERTS, and Security Bulletins

• Overview

  Takeaway: Mean solar day 5 will farther explore baselines and hardening, but his time on Linux-based workstations and servers. Students volition examine concepts that benefit ICS systems such equally organisation hardening, log management, monitoring, alerting, and audit approaches, then look at some of the more common applications and databases used in ICS environments across multiple industries. Finally, students will learn near the diverse models, methodologies, and industry-specific regulations that are used to govern what must be done to protect critical ICS systems. Primal business processes that consider risk assessments, disaster recovery, business impact assay, and contingency planning will exist examined from the perspective of ICS environments.

  Topics

  Day five: ICS Security Governance

  • Defending Unix and Linux
  • Differences with Windows
  • Daemons, SystemV, and SystemD
  • Lynis and Guardhouse
  • Exercise: Hardening Linux
  • Endpoint Protection and SIEMS
  • Awarding Runtime and Execution Control
  • Configuration Integrity and Containers
  • Logs in Windows and Linux
  • Exercise: Windows Event Logs
  • Building an ICS Cyber Security Program
  • Starting the Process
  • Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
  • Using the NIST CSF
  • Creating ICS Cyber Security Policy
  • Policies, Standards, Guidance, and Procedures
  • Culture and Enforcement
  • Examples and Sources
  • Exercise: ICS Security Policy Review
  • Measuring Cyber Security Chance
  • Risk Approaches and Calculations
  • DR and BC Planning
  • Incident Response
  • Six Step Process
  • Table Elevation Exercises
  • Final Thoughts and Adjacent Steps

• Overview

  Takeaway: Students will work through a group-based, table-top practice (TTX) that includes easily-on components. Students must employ the knowledge they gained throughout the week to identify indicators of compromise (IoCs), determine deportment that should be taken to limit the attacker's ability to compromise additional avails, and react to changes in the attacker'south tactics, techniques, and procedures (TTPs) as they progress deeper into the OT/OCS network. Students will leave with a variety of resources for multiple industries and will be well prepared to pursue the GICSP, an of import ICS-focused professional certification

The GICSP bridges together It, applied science and cyber security to achieve security for industrial control systems from design through retirement. This unique vendor-neutral, practitioner focused industrial control organisation certification is a collaborative effort between GIAC and representatives from a global manufacture consortium involving organizations that design, deploy, operate and/or maintain industrial automation and control organisation infrastructure. GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or back up control systems and share responsibleness for the security of these environments.

• Industrial command system components, purposes, deployments, significant drivers, and constraints
• Command organisation assault surfaces, methods, and tools
• Control arrangement approaches to system and network defence architectures and techniques
• Incident-response skills in a control system environment
• Governance models and resources for industrial cybersecurity professionals

More Certification Details

Course participants need to accept a basic understanding of networking and system assistants, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies. ICS410 covers many of the core areas of security and assumes a bones agreement of engineering science, networks, and security. For those who are make new to the field and take no background noesis, SEC301: Intro to Information Security would exist the recommended starting betoken. While SEC301 is not a prerequisite, information technology provides introductory noesis that will help maximize a student's feel with ICS410.

Important! Bring your ain system configured co-ordinate to these instructions!

A properly configured system is required to fully participate in this course. If you do not advisedly read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in easily-on exercises that are essential to this course. Therefore, we strongly urge you to get in with a organization meeting all the requirements specified for the course.

The ICS410 Industrial Control Organisation Security Essentials class consists of didactics and hands-on exercises. The exercises are designed to allow students to put knowledge gained throughout the course into do in an instructor-led environment. Students will have the opportunity to install, configure, and use the tools and techniques that they accept learned.

Note: Do not bring a regular production laptop for this class! When installing software, there is always a run a risk of breaking something else on the system. Students should assume that all data could be lost.

NOTE: Information technology is disquisitional that students have administrator admission to the operating organisation and the power to disable all security software installed. Changes may need to be made to personal firewalls and other host-based software in lodge for the labs to piece of work.

Laptop requirements include the post-obit:

• 64-bit processor with 64-flake operating system
• VT or other 64-bit virtualization settings enabled in your BIOS to run 64-fleck VMs
• At least eight (8) GB of RAM
• At least seventy (seventy) GB of free hard bulldoze infinite
• At to the lowest degree 1 USB port
• VMware Workstation Pro fifteen.five.X+, VMware Player 15.5.Ten+ or Fusion 11.5+
• Access to an business relationship with administrative permissions and the ability to disable all security software on their laptop such as Antivirus and/or firewalls if needed for the class

Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this class.

Your course media will now be delivered via download. The media files for class can be big, some in the twoscore - l GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary profoundly and are dependent on many different factors. Therefore, it is non possible to give an estimate of the length of fourth dimension it will take to download your materials. Please start your grade media downloads as you lot get the link. You will need your course media immediately on the commencement day of form. Waiting until the night before the class starts to begin your download has a high probability of failure.

SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in improver to the PDFs. The number of classes using eWorkbooks volition grow quickly. In this new environment, we take found that a 2nd monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you lot are working on lab exercises.

"This grade provides students with the essentials for conducting cybersecurity work in industrial control organisation environments. After spending years working with industry, nosotros believe in that location is a gap in the skill sets of industrial control system personnel, whether it be cybersecurity skills for engineers or engineering principles for cybersecurity experts. In addition, both information technology and operational engineering science roles have converged in today's industrial command system environments, so there is a greater need than e'er for a common understanding betwixt the various groups who support or rely on these systems. Students in ICS410 will acquire the linguistic communication, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of manufacture sectors and applications." - Justin Searle

"Conceptualizing safety within ICS/SCADA is easier to understand with the numerous examples Justin provides. His power to visually show where the gotchas will appear gave me techniques to repair our SCADA network." - Attilio Pramarini, RTD

Source: https://www.sans.org/cyber-security-courses/ics-scada-cyber-security-essentials

Posted by: rowletttolea1944.blogspot.com

Share this post