uCertify

Industrial Control System (ICS) Security

(WU-SEC6080.AJ1)
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

ICS Cybersecurity Fundamentals

  • Industrial Cybersecurity – second edition
  • Recap of the first edition
  • What is an ICS?
  • Why proper architecture matters
  • Industrial control system architecture overview
  • The IDMZ
  • What makes up an IDMZ design?
  • Example IDMZ broker-service solutions
  • Typical industrial network architecture designs
  • Designing for security
  • Security monitoring
2

Industrial Cybersecurity – Security Monitoring

  • Security incidents
  • Passive security monitoring
  • Active security monitoring
  • Threat-hunting exercises
  • Security monitoring data collection methods
  • Putting it all together – introducing SIEM systems
  • Passive security monitoring explained
  • Security Information and Event Management – SIEM
  • Common passive security monitoring tools
  • Setting up and configuring Security Onion
  • Exercise 1 – Setting up and configuring Security Onion
  • Exercise 2 – Setting up and configuring a pfSense firewall
  • Exercise 3 – Setting up, configuring, and ...9;s eyeInsight (formerly known as SilentDefense)
  • Understanding active security monitoring
  • Exercise 1 – Scanning network-connected devices
  • Exercise 2 – Manually inspecting an industrial computer
  • Threat intelligence explained
  • Using threat information in industrial environments
  • Acquiring threat information
  • Creating threat intelligence data out of threat information
  • Exercise – Adding an AlienVault OTX threat feed to Security Onion
  • Holistic cybersecurity monitoring
  • Exercise 1 – Using Wazuh to add Sysmon logging
  • Exercise 2 – Using Wazuh to add PowerShell Script Block Logging
  • Exercise 3 – Adding a Snort IDS to pfSense
  • Exercise 4 – Sending SilentDefense alerts to Security Onion syslog
  • Exercise 5 – Creating a pfSense firewall event dashboard in Kibana
  • Exercise 6 – Creating a breach detection dashboard in Kibana
3

Industrial Cybersecurity – Threat Hunting

  • What is threat hunting?
  • Threat hunting in ICS environments
  • What is needed to perform threat hunting exercises?
  • Threat hunting is about uncovering threats
  • Correlating events and alerts for threat hunting purposes
  • Forming the malware beaconing threat hunting hypothesis
  • Detection of beaconing behavior in the ICS environment
  • Investigating/forensics of suspicious endpoints
  • Using indicators of compromise to uncover additional suspect systems
  • Forming the malicious or unwanted applications threat hunting hypothesis
  • Detection of malicious or unwanted applications in the ICS environment
  • Investigation and forensics of suspicious endpoints
  • Using discovered indicators of compromise to search the environment for additional suspect systems
  • Forming the suspicious external connections threat hunting hypothesis
  • Ingress network connections
4

Industrial Cybersecurity – Security Assessments and Intel

  • Understanding the types of cybersecurity assessments
  • Risk assessments
  • Red team exercises
  • Blue team exercises
  • Penetration testing
  • How do ICS/OT security assessments differ from IT?
  • Understanding the attack stages and ultimate objectives of ICS cyber attacks
  • Risk assessments
  • Red Team versus Blue Team versus pentesting
  • Red Team/Blue Team example exercise, attacking Company Z
  • Practical view of penetration testing
  • Why are ICS environments easy targets for attackers?
  • Typical risks to an ICS environment
  • Modeling pentests around the ICS Kill Chain
  • Pentesting results allow us to prioritize cybersecurity efforts
  • Pentesting industrial environments requires caution
  • Exercise – performing an ICS-centric penetration test
5

Industrial Cybersecurity Incident Response for the ICS Environment

  • What is an incident?
  • What is incident response?
  • Incident response processes
  • Incident response procedures
  • Example incident report form

1

ICS Cybersecurity Fundamentals

  • Designing a Segmented ICS Network Using VLANs
  • Simulating PLC and HMI Communication
  • Configuring an IDMZ and Simulating a Patch Server
  • Simulating a Segmented Industrial Network
2

Industrial Cybersecurity – Security Monitoring

  • Capturing Packets Using Wireshark
  • Running Snort in IDS Mode
  • Fingerprinting Using Nmap
  • Profiling a Targeted System
  • Scanning for Vulnerabilities Using Nikto
  • Conducting Vulnerability Scanning Using Nessus
  • Performing File Share Enumeration
  • Using modbus-cli
  • Getting EtherNet/IP Information
  • Using Wazuh to Add Sysmon Logging
  • Configuring Firewall Rules and Monitoring Network Logs Using pfsense
3

Industrial Cybersecurity – Threat Hunting

  • Performing Intrusion Detection Using Zeek
  • Scanning Files for Malicious Patterns with YARA
  • Viewing Linux Event Logs
4

Industrial Cybersecurity – Security Assessments and Intel

  • Gathering Basic OSINT from a Website
  • Setting Up a Honeypot
  • Exploiting Vulnerable SMB Services (EternalBlue Exploit)
  • Cracking Linux Passwords Using John the Ripper
  • Using Nessus Scan Data in Metasploit
5

Industrial Cybersecurity Incident Response for the ICS Environment

  • Preparing and Performing Post-Incident Activities
  • Performing Incident Response Activities

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More