Industrial Control Systems, Networks, and Cybersecurity: 2015 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure
It looks like I am going to have a lot of prepwork to get through:
Reading List -
Basic Linux (the hands-on exercises are done in a Linux environment):
- http://www.linux-tutorial.info/
- http://www.ee.surrey.ac.uk/Teaching/Unix/
- Metasploit users’ guide: https://community.rapid7.com/docs/DOC-1751
- Mastering the Framework: http://www.offensive-security.com/metasploit-unleashed/
- Additional information: http://framework.metasploit.com/about/
SCADA -An introduction/overview of common SCADA communications, e.g.:
- http://www.dcbnet.com/notes/0108worldofwaterpaper.html
- http://www.dnp.org/pages/aboutdefault.aspx
- http://www.isa.org/journals/intech/TP04ISA048.pdf
Intrusion Detection:
- http://www.securityfocus.com/infocus/1577
- http://www.securityfocus.com/infocus/1852
- http://www.oracle.com/technetwork/systems/articles/snort-base-jsp-138895.html
- http://www.oracle.com/technetwork/systems/articles/intrusion-detection-jsp-140939.html
SQL Injection: An explanation of SQL injection methods, e.g.:
- http://www.unixwiz.net/techtips/sql-injection.html
- http://www.securiteam.com/securityreviews/5DP0N1P76E.html
HACKING: Art of Exploitation by Jon Erickson
Secure Coding in C and C++ by Robert Seacord
DHS Catalog of Control System Security: Recommendations for Standards Developers:
NIST Special Publication SP 800-82 Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security
SANS ICS Security Summit interview (video)
ICS Basics: For those with little or no ICS experience, these Wikipedia articles provide a brief introduction to the concepts and history of control systems that will be helpful to know for class.
- http://en.wikipedia.org/wiki/ICS
- http://en.wikipedia.org/wiki/SCADA
- http://en.wikipedia.org/wiki/Smart_grid
- http://nostarch.com/xboxfree- While this has nothing to do with control systems, it provides a great introduction to the concepts and techniques taught in this class to pen test embedded electronic hardware in ICS field/floor devices.
- http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol3.pdf - Chapter 7 of the NIST Interagency Report 7628, titled Bottom-up Security Analysis of the Smart Grid, provides an overview of the challenges faced in Smart Grid and energy sector systems.
MISC:
The OWASP Cheat Sheet Series
Center for Internet Security
SANS
The OWASP Cheat Sheet Series
Center for Internet Security
SANS
- http://www.sans.org
- “Twenty Critical Controls for Effective Cyber Defense” http://www.sans.org/critical-securitycontrols/cag4-1.pdf
- “Top Cyber Security Risks” http://sans.org/top-cyber-security-risks/
Australian Defense Signals Directorate (http://www.asd.gov.au/)
- “Top 35 Mitigation Strategies” http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
- "Mandatory Top 4 Strategies to Mitigate Targeted Cyber Intrusions" http://www.dsd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm
Network System Monitoring: For more information on Snorby, Snort, and other Network System Monitoring (NSM) tools,
- Practice of Network Security Monitoring: Understanding Incident Detection and Response, Understanding Incident Detection and Response” by Richard Bejtlich July 2013, 376 pp. ISBN: 978-1-59327-509-9 http://www.amazon.com/Practice-Network-Security-Monitoring-understanding/dp/1593275099/ref=sr_1_1?ie=UTF8&qid=1443289006&sr=8-1&keywords=9781593275099
No comments:
Post a Comment