当前位置:首页 > 报告详情

OT网络的安全漏洞及其审计方法的概述和技术深度探讨.pdf

上传人: 学*** 编号:187759 2024-12-26 21页 1.52MB

1、OT is a Dirty WordAn overview and technical deep dive into the security flaws of OT networks and how to audit themAbout UsTyler KaphingstCyber Security and audit professional 8 years:Senior Cyber Assurance Specialist at GE HealthCareAdvocate Aurora Health Senior Network Security EngineerBaker Tilly

2、Senior Risk and Internal Audit ConsultantNew Dad,full time NerdAdeline GreeneCyber Security and audit professional 6 years:Cyber Assurance Specialist at GE HealthCareBoeing Cyber Security Incident Response SpecialistVirginial Commonwealth University Security AnalystDungeons&Dragons expertOverviewWha

3、t is OT?Fictional Factory auditInsecure by DesignHow Do We Audit This?Q&AWhat Is OT?Manufacturing vs OTThe Manufacturing Environment Internet of Things(IoT)Printing Machines Product Test systems Supervisors machines Metrics&Activity CollectorsFrom IBMs X-Force Threat Intelligence Index 2024Top 5 Lar

4、gest Manufacturing&Utility Breaches in 2023Credential Harvesting and Data Theft 36%Data Destruction and Extortion 16%From IBMs X-Force Threat Intelligence Index 20241.Comcast 35.9 Million Records2.VF Corporation 35.5 Million Records3.AT&T 9 Million Records4.PurFoods 1.2 Million Records5.Topgolf Call

5、away Brands 1.1 Million RecordsTotal#of breaches 302Total#of records affected 87,717,122Average#of records affected 398,714Total cost of breaches$14,473,325,130Attackers Goals:From the Department of Energys Securing Energy Infrastructure Executive Task Force Reference OT ArchitectureSeven Hills Tech

6、nology Small manufacturing company in Lynchburg,Virginia.Two factories and an office making smart robotics products.Approximately 300 employees.Recently adopted new cloud infrastructure but still relies on a legacy datacenter.The Different Networks Found at Seven Hills Technology IT OT IT/OT(non-seg

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要探讨了OT网络的安全漏洞及其审计方法。OT网络在设计上存在固有风险,如物联网设备、打印机和 Supervisors’ machines等,这些设备常常被忽视,却可能引入安全问题。文章通过七山科技案例,详细介绍了OT网络的结构,包括IT、OT、IT/OT、工程和访客Wi-Fi等不同网络。在审计OT网络时,应遵循NIST标准,进行资产清单编制、现场走访和网络图表/拓扑文档审查。此外,还应使用网络扫描工具,如Nozomi和Nessus,来发现潜在的安全隐患。文章指出,将OT网络连接到IT网络而没有适当的安全工具,就像打开了工厂的大门,使关键基础设施暴露在多种威胁之下。审计发现,许多OT机器运行的是老旧的操作系统,且组织内对OT设备的完整和准确清单维护存在不足。最后,文章提出了在维护业务需求的同时确保安全的问题,强调了在制造和业务连续性及灾难恢复(BCDR)方面可能产生的影响。
"OT网络存在哪些安全隐患?" "如何有效地审计OT网络?" "连接OT网络和IT网络是否安全?"
客服
商务合作
小程序
服务号
折叠