ICS Cyber Resilience, Active Defense & Safety - Part 4
https://www.youtube.com/watch?v=cWdh0aBLfyY
https://www.sans.org/webcasts/ics-cyber-resilience-active-defense-safety-part-4/
webcast-120920-compressed.pdf
- Network Security Monitoring
- Human-driven
- Collect → Detect → Analyse
- Collect
- SPAN vs TAP
- Full packet > 5-tuple, but 5-tuple still good
- Detect
- Analyse
- Less internet, encrypted traffic
- Tools
- tshark
- Zeek
- Snort
- And lots more
- Log4j demonstration