Professional Documents
Culture Documents
Defence in Depth
Defence in Depth
UFCF7P-15-M CRITICAL
SYSTEMS SECURITY
Defence-in-depth
1
UFCF7P-15-M Critical Systems Security
RECAP
2
UFCF7P-15-M Critical Systems Security
• Objectives:
– Identify phases of intrusion.
– Map adversary kill chain indicators to defender courses of action.
– Identify patterns that link individual intrusions into broader campaigns.
– Understand the iterative nature of intelligence.
3
UFCF7P-15-M Critical Systems Security
4
UFCF7P-15-M Critical Systems Security
Atomic indicators
• Atomic indicators are those which cannot be broken down into
smaller parts and retain their meaning in the context of an intrusion.
• Typical examples here are IP addresses, email addresses and
vulnerability identifiers.
companyname@company.com
8.1 .5
192.16 CVE-1999-0067
5
UFCF7P-15-M Critical Systems Security
Computed indicators
• Computed indicators are those which are derived from data involved
in an incident.
6
UFCF7P-15-M Critical Systems Security
Behavioural indicators
• Behavioural indicators are collections of computed and atomic
indicators, often subject to qualification by quantity and possibly
combinatorial logic.
•Example:
7
UFCF7P-15-M Critical Systems Security
8
UFCF7P-15-M Critical Systems Security
9
UFCF7P-15-M Critical Systems Security
This week
10
UFCF7P-15-M Critical Systems Security
11
UFCF7P-15-M Critical Systems Security
12
UFCF7P-15-M Critical Systems Security
corporate LANs
control LANs
Internet
operational LANs
operational DMZs
13
UFCF7P-15-M Critical Systems Security
14
UFCF7P-15-M Critical Systems Security
Defence in depth
15
UFCF7P-15-M Critical Systems Security
16
UFCF7P-15-M Critical Systems Security
17
UFCF7P-15-M Critical Systems Security
18
UFCF7P-15-M Critical Systems Security
19
UFCF7P-15-M Critical Systems Security
20
UFCF7P-15-M Critical Systems Security
21
UFCF7P-15-M Critical Systems Security
Firewalls
Types of Firewalls:
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Application-Proxy Gateway Firewalls
22
UFCF7P-15-M Critical Systems Security
Firewalls
Types of Firewalls:
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Application-Proxy Gateway Firewalls
23
UFCF7P-15-M Critical Systems Security
Firewalls
Types of Firewalls:
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Application-Proxy Gateway Firewalls
24
UFCF7P-15-M Critical Systems Security
Firewalls
Types of Firewalls:
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Application-Proxy Gateway Firewalls
25
UFCF7P-15-M Critical Systems Security
Network segregation
26
UFCF7P-15-M Critical Systems Security
Network segregation
27
UFCF7P-15-M Critical Systems Security
Defence-in-depth
28
UFCF7P-15-M Critical Systems Security
Defence-in-depth
29
UFCF7P-15-M Critical Systems Security
ISA/IEC 62443
• ISA and IEC have developed the IEC 62443 series of standards to
address the need to design cybersecurity robustness and resilience
into industrial automation control systems (IACS)
• https://www.isa.org/training-and-certifications/isa-certification/
isa99iec-62443/isa99iec-62443-cybersecurity-certificate-programs/?
utm_medium=social&utm_campaign=smm-training-ISA-IEC-62443-
Cybersecurity-Certificate-Programs&utm_source=twitter
30
UFCF7P-15-M Critical Systems Security
ISA/IEC 62443
31
UFCF7P-15-M Critical Systems Security
• You can find it in the reading list. alternatively you can download it
from UWE’s Library online webpage.
32
UFCF7P-15-M Critical Systems Security
In the tutorial…
33
UFCF7P-15-M Critical Systems Security
References
IEC/ISA 62443-3-2
34