工具分享 技术分享

一种工控系统主动防御技术

6月30日,首届工业互联网安全精英邀请赛颁奖典礼在2018年第二十二届中国国际软件博览会“软件之夜”盛典上隆重举行,灯塔实验室凭借“一种工控系统主动防御技术”的攻防项目展示获得了本届精英邀请赛二等奖

此次工业互联网安全精英邀请赛是第二十二届软博会重要活动之一,由国家工业信息安全发展研究中心主办、工业信息安全产业发展联盟承办。

本次精英邀请赛中灯塔实验室研究人员针对存在安全漏洞与缺陷的工业控制系统提出了一种全新的主动防御解决方案。灯塔实验室执行合伙人雷承霖(Z-0ne)在攻击者的角度演示了黑客如何渗透工控系统,并通过存在的安全缺陷对工控系统展开攻击,与此同时还展示了由灯塔实验室提出的一种主动防御技术,通过该主动防御技术,实现了对攻击威胁的监测与主动防御。

该主动防御技术是专门针对工业控制系统网络安全威胁进行感知与捕获的一种创新的主动防御技术手段,可以有效感知攻击者甚至是工业蠕虫病毒等对工业控制系统进行针对性攻击的行为,可以实现对被防护网络的攻击事件进行实时预警。

此次提出的该主动防御技术相较于当前的防护与监测手段具有如下优势:

更易于部署

不会改变当前工控系统任何网络结构,无需修改网络配置,不需要串接网络,也无需旁路配置端口流量镜像,只需接入需要保护的网络中即可自动工作。

积极防御特性

对于工控网络的关键设备、系统、应用、服务提供“影子”保护功能,减低真实业务系统被网络探测到的可能,增加攻击者攻击的成本难度与时效。

安全威胁感知与告警

对于网络中任何潜在可疑的网络活动进行实时告警,并针对异常网络行为、工业协议异常功能码、危险业务指令,工业控制关键事件进行实时检测与告警,填补了针对工控系统网络攻击行为取证方面的空白。

解决方案详细介绍:tss.plcscan.org

目前我们已经开放该解决方案的免费试用与测试体验,如果你对本技术的任何细节感兴趣,亦或技术交流与申请演示,均可和我们取得联系,邮箱:[email protected]

About Z-0ne

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
ABB Panel Builder 800

This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800.. . . read more Tue, 17 Jul 2018 10:10:45 EDT

WAGO e!DISPLAY Web-Based-Management

This advisory includes mitigation recommendations for cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions. . . read more Tue, 17 Jul 2018 10:05:54 EDT

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

This advisory includes mitigation recommendations for an improper authentication vulnerability in the PEPPERL+FUCHS VisuNet RM, VisuNet PC, Box Thin C. . . read more Tue, 17 Jul 2018 10:00:37 EDT

Eaton 9000X Drive

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Eaton 9000X Drive.. . . read more Thu, 12 Jul 2018 10:00:01 EDT

Universal Robots Robot Controllers

This advisory includes mitigation recommendations for use of hard-coded credentials and missing authentication for critical function vulnerabilities r. . . read more Tue, 10 Jul 2018 10:10:05 EDT

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

This advisory includes mitigations for incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering's Co. . . read more Tue, 10 Jul 2018 10:00:01 EDT

Rockwell Automation Allen-Bradley Stratix 5950

This advisory includes mitigations for improper input validation, improper certificate validation, and resource management error vulnerabilities in th. . . read more Tue, 03 Jul 2018 11:01:56 EDT

Medtronic MyCareLink Patient Monitor

This advisory includes mitigation recommendations for hard-coded password and exposed dangerous method or function vulnerabilities reported in Medtron. . . read more Thu, 28 Jun 2018 10:00:01 EDT

Delta Electronics Delta Industrial Automation COMMGR

This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation COMMGR softwar. . . read more Thu, 21 Jun 2018 10:00:42 EDT

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-18-172-02 Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLo. . . read more Thu, 21 Jun 2018 09:55:36 EDT

Natus Xltek NeuroWorks

This medical device advisory includes mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in the Natus Xltek NeuroWorks. . . read more Thu, 14 Jun 2018 12:05:47 EDT

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C

This advisory includes mitigation recommendations for a permissions, privileges, and access controls vulnerability reported in Siemens SCALANCE X swit. . . read more Thu, 14 Jun 2018 10:10:00 EDT

Schneider Electric U.motion Builder

This advisory includes mitigations for a command injection, cross-site scripting, and improper input validation vulnerabilities in the Schneider Elect. . . read more Tue, 12 Jun 2018 14:31:11 EDT

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for a cross-site scripting vulnerability reported in Siemens SCALANCE X switches.. . . read more Tue, 12 Jun 2018 11:28:10 EDT

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway

This advisory contains mitigation recommendations for an unquoted search path or element vulnerability in the Rockwell Automation RSLinix Classic soft. . . read more Thu, 07 Jun 2018 11:55:09 EDT

Philips' IntelliVue Patient and Avalon Fetal Monitors

This medical device advisory includes mitigations for improper authentication, information exposure, and stack-based buffer overflow vulnerabilities i. . . read more Tue, 05 Jun 2018 10:05:11 EDT

ABB IP Gateway

This advisory contains mitigation recommendations for improper authentication, cross-site request forgery, and unprotected storage of credentials vuln. . . read more Tue, 05 Jun 2018 10:00:07 EDT

Delta Industrial Automation DOPSoft

This advisory contains mitigation recommendations for out-of-bounds read, heap-based buffer overflow, and stack-based buffer overflow vulnerabilities. . . read more Thu, 31 May 2018 10:10:11 EDT

GE MDS PulseNET and MDS PulseNET Enterprise

This advisory includes mitigations for improper authentication, improper restriction of XML external entity reference ('XXE'), and relative. . . read more Thu, 31 May 2018 10:05:11 EDT

Yokogawa STARDOM Controllers

This advisory includes mitigations for a hard-coded credentials vulnerability in the Yokogawa STARDOM Controller products.. . . read more Thu, 31 May 2018 10:00:11 EDT