Kibernetske vabe za operativna okolja

SOTOŠEK, JAKA

Kibernetske vabe za operativna okolja
ID SOTOŠEK, JAKA (Author), ID Pustišek, Matevž (Mentor) More about this mentor... This link opens in a new window

PDF - Presentation file, Download (772,10 KB)
MD5: 9F13FDD35E88389350394BACFDAB8237

Abstract

Kibernetska varnost je ena izmed tematik, ki jih dnevno najdemo v novicah. Napadi, ki se lahko zgodijo, kot tudi njihove posledice, so lahko zelo različni. Problematike, kako narediti varen sistem, se je treba lotiti na več načinov. Treba je upoštevati ranljivosti končnih naprav, kot tudi omrežja, saj so ranljivosti glede na vrsto oziroma funkcijo naprave zelo različne. Poznamo varnostne mehanizme, katerih namen je v realnem času odkriti ranljivost in jo preprečiti. Primeri takih sistemov so protivirusni programi in požarni zidovi. Poznamo pa tudi sisteme za zaznavanje vdorov, ki so v operativnih omrežjih zelo pogosti. Običajno so zasnovani na osnovi strojnega učenja, zaradi česar zanesljivost sistema ni popolna in takemu sistemu ne moremo dovoliti delati sprememb na kritični infrastrukturi, je pa tak sistem odličen za zaznavanje anomalij, ki jih javlja v nadzorni varnostni center. Še ena od metod zagotavljanja varnosti, ki sem ji v tem diplomskem delu dal velik poudarek, so pasti oziroma vabe. Z njimi želimo ugotoviti najnovejše tehnike napadanja z uporabo simuliranih sistemov, ki jih zlonamerni akterji napadejo. Z opazovanjem in analizo njihovih ukazov lahko nato razkrijemo poteke napadov in se pred njimi zaščitimo. Tudi sam sem implementiral vabo, ki spremlja in se odziva na ukaze v protokolih značilnih za operativna omrežja. Namen tega ni bil odkriti novih napadov, saj vaba ni bila dovolj sofisticirana, temveč sem si želel ustvariti sliko, kako pogosto zlonamerni akterji iščejo takšna omrežja in kakšne ukaze pošiljajo za prepoznavo ranljivosti. Operativna omrežja so specifična, saj pri njihovem načrtovanju in izgradnji prednjačijo drugačne stvari kot pri običajnih omrežjih. Velik pomen ima redundanca in dolga življenjska doba strojne opreme, saj izpadi nosijo veliko večje posledice. Po takšnih omrežjih se običajno pretaka zelo majhna količina podatkov, pri katerih je pomembna nizka zakasnitev. K temu pripomorejo tudi posebni protokoli, večina katerih ima vnaprej definirane funkcijske kode, tako da se prenaša res minimalna količina podatkov. Promet v operativnih omrežjih običajno ni šifriran, saj bi to podaljšalo čas prenosa, kar pa predstavlja eno izmed ranljivosti v operativnem omrežju, ki je v informacijskem svetu rešena.

Language:	Slovenian
Keywords:	Operativne tehnologije, kibernetska varnost, kibernetske vabe
Work type:	Bachelor thesis/paper
Organization:	FE - Faculty of Electrical Engineering
Year:	2020
PID:	20.500.12556/RUL-119393
Publication date in RUL:	08.09.2020
Views:	949
Downloads:	110
Metadata:
:	Copy citation
Share:

Secondary language

Abstract:
Language:	English
Title:	Cyber honeypots for operating environments
Cyber security is one of the topics found in the news daily. There are a lot of different attacks that can happen, so the consequences they cause can also vary from negligible to devastating. How to make a secure system is a never-ending question that has to be addressed from multiple perspectives. Most security mechanisms in use today try to detect a threat in real time and block its actions. The most common representatives of this group are firewalls and antiviruses. Another kind of security mechanism, which is getting more and more adopted and is very common in operational networks, is the intrusion detection system or IDS. They are not yet completely accurate, so normally they are not allowed to make any changes to live systems, but they are exceptionally good at detecting anomalies, which are then reported to the SOC as alerts. Another method for making our system secure, which I emphasised in this thesis, are honeypots. Through using them we want to find out what the newest techniques of attacks are by simulating a system and luring hackers into thinking they found the real thing and attacking it. By logging every interaction we can later analyse them and hope to find unknown attacks and take action to prevent them in the future. While exploring this theme, I set up a honeypot that tracks protocols specific to industrial networks. My goal was not to identify new attack methods, but to paint a picture of how often attackers search for this kind of network, and to see what kind of commands they use to identify them. The design and construction of operational networks require taking into consideration different things than those of conventional networks. Redundancy and long expected lifetime of the hardware are of extreme importance, as outages have much greater consequences. Usually such networks transport a very small amount of data, for which low latency is a priority. This is allowed by special protocols, most of which use predefined function codes. The traffic in operational networks is usually not encrypted, as that would increase transmission time. This represents only one of many vulnerabilities that are present in operational networks and solved in informational networks.
Keywords:	Operational technologies, Cyber security, Honeypots

Similar works from RUL:
Similar works from other Slovenian collections:

Secondary language

Similar documents