工具分享 技术分享

一种工控系统主动防御技术

6月30日,首届工业互联网安全精英邀请赛颁奖典礼在2018年第二十二届中国国际软件博览会“软件之夜”盛典上隆重举行,灯塔实验室凭借“一种工控系统主动防御技术”的攻防项目展示获得了本届精英邀请赛二等奖

此次工业互联网安全精英邀请赛是第二十二届软博会重要活动之一,由国家工业信息安全发展研究中心主办、工业信息安全产业发展联盟承办。

本次精英邀请赛中灯塔实验室研究人员针对存在安全漏洞与缺陷的工业控制系统提出了一种全新的主动防御解决方案。灯塔实验室执行合伙人雷承霖(Z-0ne)在攻击者的角度演示了黑客如何渗透工控系统,并通过存在的安全缺陷对工控系统展开攻击,与此同时还展示了由灯塔实验室提出的一种主动防御技术,通过该主动防御技术,实现了对攻击威胁的监测与主动防御。

该主动防御技术是专门针对工业控制系统网络安全威胁进行感知与捕获的一种创新的主动防御技术手段,可以有效感知攻击者甚至是工业蠕虫病毒等对工业控制系统进行针对性攻击的行为,可以实现对被防护网络的攻击事件进行实时预警。

此次提出的该主动防御技术相较于当前的防护与监测手段具有如下优势:

更易于部署

不会改变当前工控系统任何网络结构,无需修改网络配置,不需要串接网络,也无需旁路配置端口流量镜像,只需接入需要保护的网络中即可自动工作。

积极防御特性

对于工控网络的关键设备、系统、应用、服务提供“影子”保护功能,减低真实业务系统被网络探测到的可能,增加攻击者攻击的成本难度与时效。

安全威胁感知与告警

对于网络中任何潜在可疑的网络活动进行实时告警,并针对异常网络行为、工业协议异常功能码、危险业务指令,工业控制关键事件进行实时检测与告警,填补了针对工控系统网络攻击行为取证方面的空白。

解决方案详细介绍:tss.plcscan.org

目前我们已经开放该解决方案的免费试用与测试体验,如果你对本技术的任何细节感兴趣,亦或技术交流与申请演示,均可和我们取得联系,邮箱:[email protected]

About Z-0ne

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Tec4Data SmartCooler

This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Data's SmartCooler, a cooling applianc. . . read more Thu, 20 Sep 2018 12:00:41 EDT

Rockwell Automation RSLinx Classic

This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Au. . . read more Thu, 20 Sep 2018 11:55:00 EDT

WECON PLC Editor

This advisory includes mitigations for a stack-based buffer overflow vulnerability in WECON’s PLC Editor, a ladder logic software.. . . read more Tue, 18 Sep 2018 11:25:23 EDT

Honeywell Mobile Computers with Android Operating Systems

This advisory includes mitigations for an improper privilege management vulnerability in the Honeywell mobile computers running the Android Operating. . . read more Thu, 13 Sep 2018 11:34:56 EDT

Fuji Electric V-Server

This advisory includes mitigations for use-after free, untrusted pointer dereference, heap-based buffer overflow, out-of-bounds write, integer underfl. . . read more Tue, 11 Sep 2018 10:20:44 EDT

Fuji Electric V-Server Lite

This advisory includes mitigation recommendations for a classic buffer overflow vulnerability in Fuji Electric's V-Server Lite, a data collection. . . read more Tue, 11 Sep 2018 10:15:52 EDT

Siemens TD Keypad Designer

This advisory includes mitigation recommendations for an uncontrolled search path element vulnerability in Siemens' TD Keypad Designer.. . . read more Tue, 11 Sep 2018 10:10:18 EDT

Siemens SIMATIC WinCC OA

This advisory includes mitigation recommendations for an improper access control vulnerability in Siemens' SIMATIC WinCC OA.. . . read more Tue, 11 Sep 2018 10:05:12 EDT

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for an improper input validation vulnerability in Siemens' SCALANCE X switches used to connect. . . read more Tue, 11 Sep 2018 10:00:18 EDT

Ice Qube Thermal Management Center

This advisory includes mitigation recommendations for improper authentication and unprotected storage of credentials vulnerabilities in Ice Qube'. . . read more Thu, 06 Sep 2018 13:21:57 EDT

Opto22 PAC Control Basic and PAC Control Professional

This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22's PAC Control software.. . . read more Tue, 04 Sep 2018 10:30:01 EDT

Philips e-Alert Unit

This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips' e-Alert Unit, a non-medical device.. . . read more Thu, 30 Aug 2018 11:22:01 EDT

Qualcomm Life Capsule

This advisory includes mitigations for a code weakness vulnerability in the Qualcomm Life Capsule Datacaptor Terminal Server software.. . . read more Tue, 28 Aug 2018 10:20:24 EDT

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for information management errors, and permissions, privileges, and access controls vulnerabilities. . . read more Tue, 28 Aug 2018 10:15:25 EDT

Schneider Electric Modicon M221

This advisory includes mitigation recommendations for an improper check for unusual or exceptional conditions vulnerability in Schneider Electric’s. . . read more Tue, 28 Aug 2018 10:10:14 EDT

Schneider Electric PowerLogic PM5560

This advisory includes mitigation recommendations for a cross-site scripting vulnerability in Schneider Electric's PowerLogic PM5560 power manage. . . read more Tue, 28 Aug 2018 10:05:11 EDT

ABB eSOMS

This advisory includes mitigation recommendations for an improper authentication vulnerability in ABB’s eSOMS.. . . read more Tue, 28 Aug 2018 10:00:11 EDT

BD Alaris Plus

This medical device advisory includes mitigation recommendations for an improper authentication vulnerability in specific versions of BD’s Alaris Pl. . . read more Thu, 23 Aug 2018 10:00:26 EDT

Philips IntelliVue Information Center iX (Update A)

This updated medical device advisory is a follow-up to the original medical device advisory titled ICSMA-18-233-01 Philips IntilliVue Information Cent. . . read more Tue, 21 Aug 2018 10:05:29 EDT

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawa's iDefine, STARDOM, ASTPLANNER, and. . . read more Tue, 21 Aug 2018 10:00:11 EDT