ICS Cyber Resilience, Active Defense & Safety - Part 4

https://www.youtube.com/watch?v=cWdh0aBLfyY

https://www.sans.org/webcasts/ics-cyber-resilience-active-defense-safety-part-4/

webcast-120920-compressed.pdf

• Network Security Monitoring
  • Human-driven
  • Collect → Detect → Analyse
  • Collect
    • SPAN vs TAP
    • Full packet > 5-tuple, but 5-tuple still good
  • Detect
    • IDS NOT IPS for ICS
  • Analyse
    • Less internet, encrypted traffic
  • Tools
    • tshark
    • Zeek
    • Snort
    • And lots more
• Log4j demonstration