Many industrial networks use Ethernet and the protocols of the TCP/IP stack. However, these protocols were designed long before security was a main goal for the development of networking protocols. Hence, these networks are inherently insecure and require additional protocols and extra care to be run securely. This presentation provides an overview of some of the lesser known security features that can help to significantly harden your network against network-level attacks.
Starting with an overview of good network design practices, attendees will learn about spoofing attacks in Ethernet. ARP spoofing, DNS spoofing, rogue DHCP and tampering with wireless management frames pose a severe threat to any Ethernet network. However, simple and effective countermeasures such as Port Security, Dynamic Arp Inspection, DHCP snooping and IP Source Guard are rarely used in industrial environments. This presentation explains these mechanisms and shows how to apply them to industrial networks. We will briefly discuss attacks against the management frames of wireless networks. In addition, different network architectures as well as monitoring mechanisms are discussed and explained.
Finally, the audience will get a brief overview how network management software can simplify the task of adding firewalls to existing networks and how networks with many firewalls can be managed with adequate effort. A short overview of security monitoring mechanisms concludes the presentation.
- Learn the fundamentals of security in Ethernet and TCP/IP networks
- Understand the importance of network design patterns like defense-in-depth and zones and conduits
- Understand the strengths and limitations of network design patterns like the screened host and screened subnet design pattern
- Learn how to efficiently manage networks with many firewall systems
- Find out about the importance of network monitoring to react to breaches in a timely manner
Tobias Heer has been with Belden since 2012 and has
specialized in topics that revolve around security and wireless in industrial
control systems. He is a professor for Networking and IT Security at the
University of Applied Science in Albstadt-Sigmaringen
Lars Geiger joined Belden in 2012 and is the product owner of the firewall product lines. Besides his responsibilities for the software and hardware development of firewall products, his main interests are network protocol design and network security in general. He received his doctoral degree from the University of Stuttgart, where he worked in the research area of distributed computer networks.