Incubation of ICS Malware (English)
Click here to load reader
-
Upload
digital-bond -
Category
Technology
-
view
108 -
download
1
description
Transcript of Incubation of ICS Malware (English)
SCADA Honeypots
• A device or system (Honeynet) that is on a live network, but has no operational purpose– Different levels of interaction / realism– How long will it fool an attacker
Detect Attacks
• Nothing should access the Honeypot since it has no legitimate purpose
• Any traffic is either an attack or spurious traffic
• Debate on the value of Honeypot’s in detecting attacks– Many say there are better, more efficient
solutions– IDS and other network monitoring
Learn How Attackers Work
• Real value of the Honeypot• High interaction may lead to attacker
revealing advanced techniques, end goals, other info
• Decision … how exposed is the Honeypot?– Widely exposed (on Internet) many will hit the
Honeypot and lots of data to review– Hidden on secure network, may see little
activity
Analysis is Important
Incubator
Why An Incubator?
• Be prepared to analyze malware / attacks• Identify what the attack did so you can fix
the affected systems• Learn what information or control was lost• Attempt to identify the attacker