Industrial cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Birmingham
Packt Publishing Limited
2021
|
| Ausgabe: | second edition |
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Beschreibung: | [2nd Revised edition] |
| Beschreibung: | xx, 779 Seiten Illustrationen, Diagramme 93 mm. |
| ISBN: | 9781800202092 |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV047573917 | ||
| 003 | DE-604 | ||
| 005 | 20220110 | ||
| 007 | t | ||
| 008 | 211104s2021 a||| |||| 00||| eng d | ||
| 020 | |a 9781800202092 |9 978-1-80020-209-2 | ||
| 024 | 3 | |a 978-1-80020-209-2 | |
| 035 | |a (ELiSA)ELiSA-9781800202092 | ||
| 035 | |a (OCoLC)1291615708 | ||
| 035 | |a (DE-599)BVBBV047573917 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-739 | ||
| 084 | |a ST 277 |0 (DE-625)143643: |2 rvk | ||
| 100 | 1 | |a Ackerman, Pascal |d ca. 20./21. Jh. |e Verfasser |0 (DE-588)1249121868 |4 aut | |
| 245 | 1 | 0 | |a Industrial cybersecurity |b Efficiently monitor the cybersecurity posture of your ICS environment |
| 250 | |a second edition | ||
| 264 | 1 | |a Birmingham |b Packt Publishing Limited |c 2021 | |
| 300 | |a xx, 779 Seiten |b Illustrationen, Diagramme |c 93 mm. | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 500 | |a [2nd Revised edition] | ||
| 505 | 8 | |a Table of Contents; Introduction and Recap of First Edition; A Modern Look at the Industrial Control System Architecture; The Industrial Demilitarized Zone; Designing the ICS Architecture with Security in Mind; Introduction to Security Monitoring; Passive Security Monitoring; Active Security Monitoring; Industrial Threat Intelligence; Visualizing, Correlating, and Alerting; Threat Hunting; Threat Hunt Scenario 1 - Malware Beaconing; Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications; Threat Hunt Scenario 3 - Suspicious External Connections; Different Types of Cybersecurity Assessments; Industrial Control System Risk Assessments; Red Team/Blue Team Exercises; Penetration Testing ICS Environments; Incident Response for the ICS Environment; Lab Setup | |
| 650 | 0 | 7 | |a Computersicherheit |0 (DE-588)4274324-2 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Infrastruktur |0 (DE-588)4026944-9 |2 gnd |9 rswk-swf |
| 653 | |a Computer Communications & Networking | ||
| 653 | 0 | |a Process control - Security measures | |
| 653 | 0 | |a Computer security | |
| 689 | 0 | 0 | |a Computersicherheit |0 (DE-588)4274324-2 |D s |
| 689 | 0 | 1 | |a Infrastruktur |0 (DE-588)4026944-9 |D s |
| 689 | 0 | |5 DE-604 | |
| 856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032959466&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-032959466 | ||
Datensatz im Suchindex
| _version_ | 1804182922107813889 |
|---|---|
| adam_text | Table of Contents Preface Section 1: ICS Cybersecurity Fundamentals 1 Introduction and Recap of First Edition Industrial Cybersecuritysecond edition Recap of the first edition What is an ICS? ICS functions ICS architecture The Purdue model for ICSes IT and ОТ convergence and the associated benefits and risks 4 5 5 6 10 16 Example attack on the Slumbertown papermill 25 The comprehensive risk management process The DiD model ICS security program development Takeaway from the first edition 27 30 32 34 Summary 36 21 2 A Modern Look at the Industrial Control System Architecture Why proper architecture matters 38 Industrial control system architecture overview 38 The Enterprise Zone The Industrial Demilitarized Zone 40 44 The Industrial Zone 45 The hardware that s used to build the ICS environment 52 ICS environment and architecture management 59 Summary 60
vi Table of Contents 3 The Industrial Demilitarized Zone The IDMZ 61 Fundamental concept IDMZ design process Design changes due to an expanding ICS environment 63 63 IDMZ firewalls IDMZ switches IDMZ broker services 70 71 73 68 The Industrial Zone ֊ Level 3 Site Operations 74 Example IDMZ broker-service solutions Summary 78 92 What makes up an IDMZ design? 69 The Enterprise Zone 69 4 Designing the ICS Architecture with Security in Mind Typical industrial network architecture designs 94 Evolution from standalone islands of automation 94 Designing for security mind 104 Network architecture with security in Security monitoring Network choke points Logging and alerting Summary 104 111 112 117 117 Section 2: Industrial CybersecuritySecurity Monitoring 5 Introduction to Security Monitoring Security incidents Passive security monitoring Active security monitoring Threat-hunting exercises Security monitoring data collection methods Network packet capturing 122 124 124 125 125 126 Event logs Putting it all together introducing SIEM systems Summary 128 131 132
Table of Contents vii 6 Passive Security Monitoring Technical requirements Passive security monitoring explained 134 configuring Security Onion 151 134 Deploying the Security Onion VM Configuring Security Onion Deploying Wazuh agents 152 162 165 Network packet sniffing 135 Collection and correlation of event logs 137 Host-based agents 139 Security Information and Event Management - SIEM 140 What is a SIEM solution? How does a SIEM solution work? 140 140 Common passive security monitoring tools 141 NSM 142 IDS Event log collection and correlation 145 149 Setting up and configuring Security Onion 150 Exercise 1 - Setting up and Exercise 2 - Setting up and a configuring a pfSense firewall Deploying a pfSense VM Configuring pfSense 171 172 177 Exercise 3 ֊ Setting up, configuring, and using Forescout s eyelnsight (formerly 182 known as SilentDefense) Deploying the SilentDefense sensor and Command Center VMs Configuration of the SilentDefense setup Example usages of the SilentDefense setup Summary 182 188 197 216 / Active Security Monitoring Technical requirements Understanding active security monitoring 218 218 *510 Endpoint inspection with host-based aeents 222 Manual endpoint inspection/verification225 Exercise 1 - Scanning networkconnected devices 226 Dangers of scanning in the ICS environment Nmap Assets scan Interrogating Windows machines Exploring Modbus Getting EtherNet/IP information Scanning Siemens S7 (iso-tsap) Manual vulnerability verification Scanning for vulnerabilities 226 227 229 245 257 263 269 270 272
viii Table of Contents Exercise 2 - Manually inspecting 286 an industrial computer Pulling Windows-based host information Configured users Summary 286 293 295 8 Industrial Threat Intelligence Technical requirements 298 Threat intelligence explained 298 Using threat information in industrial environments 300 Acquiring threat information 302 Your own incidents and threat hunting efforts Vendor reports Your own honeypots Peers and sharing communities 303 303 303 External/third-party free and paid-for feeds Creating threat intelligence data out of threat information 304 307 Exercise - Adding an AlienVault OTX threat feed to Security Onion 307 Summary 312 304 У Visualizing, Correlating, and Alerting Technical requirements 314 Holistic cybersecurity monitoring SilentDefense alerts to Security Onion syslog 341 315 Exercise 5 - Creating a pfSense firewall event dashboard in Kibana 349 Network traffic monitoring Network intrusion monitoring 316 317 Host-based security monitoring 318 Exercise 1 - Using Wazuh to add Sysmon logging 319 Exercise 2 - Using Wazuh to add PowerShell Script Block Logging 327 Exercise 3 - Adding a Snort IDS to pfSense 331 Exercise 4 ֊ Sending Exercise 6 - Creating a breach detection dashboard in Kibana 359 NIDS alerts Zeek notices Zeek Intel logs Suspicious process and file creation Suspicious PowerShell commands 360 366 369 370 373 Suspicious egress connections Suspicious ingress connections 377 379
Table of Contents ix Failed user login attempts 380 New user creation and changes to user accounts 382 Downloaded files 384 SilentDefense alerts Finishing up the dashboard Summary 385 386 390 Section 3: Industrial Cybersecurity - Threat Hunting 10 Threat Hunting What is threat hunting? Threat hunting in ICS environments What is needed to perform threat hunting exercises? Network traffic logs 394 Network services event logs SIEM 409 409 396 Network packet captures Research, lookups, and comparison resources 410 397 397 Endpoint OS and application event logs 398 Making modifications to PLC, HMI, and other control systems and equipment 408 Tracking new and changed devices on the (industrial) network 408 Threat hunting is about uncovering threats Correlating events and alerts for threat hunting purposes Summary 410 411 412 412 11 Threat Hunt Scenario 1 - Malware Beaconing Forming the malware beaconing threat hunting hypothesis 414 Detection of beaconing behavior in the ICS environment415 Malware beaconing explained 415 Data exfiltration Legitimate application beaconing 416 416 Using Security Onion to detect beaconing behavior Using RITA to detect beaconing behavior 428 Investigating/forensics of suspicious endpoints 435 Finding the suspicious computer 417 439 Find the beaconing process - netstat 440 Upload executable to VirusTotal 454
x Table of Contents Rudimentary inspection of the suspicious executable ֊ malware analysis 101 455 Using indicators of compromise to uncover additional suspect systems 492 492 Discovered lOCs so far Searching for network-specific 493 indicators of compromise Searching for host-based indicators of compromise 498 Summary 500 12 Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications Technical requirements Forming the malicious or unwanted applications threat hunting hypothesis Detection of malicious or unwanted applications in the ICS environment Comparing system snapshots to find artifacts Looking for application errors to find artifacts Looking for malicious network traffic to find artifacts Comparing port scans to find artifacts Inventorying currently running processes in the ICS environment 503 503 Inventorying startup processes in the ICS environment 524 Investigation and forensics of suspicious endpoints 532 Securely extracting the suspicious executables 533 Using discovered indicators of compromise to search the environment for additional suspect systems 535 504 505 509 509 514 518 Using YARA to find malicious executables Using file strings as an indicator of compromise Summary 535 537 542 13 Threat Hunt Scenario 3 - Suspicious External Connections Forming the suspicious external connections threat hunting hypothesis 545 546 Mayhem from the internet Attacks originating from the enterprise network 552 Ingress network connections Summary 546 568
Table of Contents xi Section 4: Industrial Cybersecurity Security Assessments and Intel 14 Different Types of Cybersecurity Assessments Understanding the types of cybersecurity assessments 572 Risk assessments 572 Asset identification System characterization Vulnerability identification Threat modeling Risk calculation Mitigation prioritization and planning Red team exercises 573 573 574 574 575 576 576 How do red team exercises differ from penetration tests? 577 Blue team exercises 578 Penetration testing 579 How do ICS/ОТ security assessments differ from IT? 582 Summary 583 15 Industrial Control System Risk Assessments 16 Red Team/Blue Team Exercises Red Team versus Blue Team versus pentesting Penetration-testing objective - get to the objective at any cost 587 588 Red Team exercise objective - emulate real-world adversary TTPs 588 Blue Team objective - detect and respond to security incidents as quickly as possible 589 Red Team/Blue Team example exercise, attacking Company Z 589 Red Team strategy Blue Team preparation The attack Summary 589 590 591 634
xii Table of Contents 17 Penetration Testing ICS Environments Practical view of penetration testing Why ICS environments are easy targets for attackers Typical risks toan ICS environment Modeling pentests around the ICS Kill Chain The Cyber Kill Chain explained 636 Creating an approximation of the industrial environment 636 Exercise - performing an ICScentric penetration test 637 639 639 639 641 The Intrusion Kill Chain The ICS Cyber Kill Chain Pentest methodology based on the ICS Kill Chain 645 Pentesting results allow us to prioritize cybersecurity efforts 646 Pentesting industrial environments requires caution 646 Preparation work Setting up the test environment Pentest engagement step 1 - attacking the enterprise environment Pentest engagement step 2 - pivoting into the industrial environment Pentest engagement step 3 - attacking the industrial environment Testing Level 3 Site Operations Testing the lower layers Pentest engagement step 4 - reaching the objective of the attack Summary 647 647 647 648 651 658 661 665 677 691 691 Section 5: Industrial Cybersecurity Incident Response for the ICS Environment 18 Incident Response for the ICS Environment What is an incident? What is incident response? Incident response processes 696 697 697 Incident response preparation process 698 Incident handling process Incident response procedures 699 702 Incident response preparation process 703 711 Incident handling process Example incident report form Summary 728 730
Table of Contents xiii 19 Lab Setup Discussing the lab architecture 732 The lab hardware The lab software Details about the enterprise environment lab setup 732 733 734 ENT-DC 735 ENT-SQLand ENT-IIS ENT-Clients Active Directory/Windows domain setup 735 736 Details about the industrial environment - lab setup 736 736 Servers 737 Workstations 738 Other Books You May Enjoy Index HMIs PLCs and automation equipment Active Directory/Windows domain setup How to simulate (Chinese) attackers Discussing the role of lab firewalls How to install the malware for the lab environment Configuring packet capturing for passive security tools Summary Why subscribe? 738 739 747 747 748 749 751 751 753
|
| adam_txt |
Table of Contents Preface Section 1: ICS Cybersecurity Fundamentals 1 Introduction and Recap of First Edition Industrial Cybersecuritysecond edition Recap of the first edition What is an ICS? ICS functions ICS architecture The Purdue model for ICSes IT and ОТ convergence and the associated benefits and risks 4 5 5 6 10 16 Example attack on the Slumbertown papermill 25 The comprehensive risk management process The DiD model ICS security program development Takeaway from the first edition 27 30 32 34 Summary 36 21 2 A Modern Look at the Industrial Control System Architecture Why proper architecture matters 38 Industrial control system architecture overview 38 The Enterprise Zone The Industrial Demilitarized Zone 40 44 The Industrial Zone 45 The hardware that's used to build the ICS environment 52 ICS environment and architecture management 59 Summary 60
vi Table of Contents 3 The Industrial Demilitarized Zone The IDMZ 61 Fundamental concept IDMZ design process Design changes due to an expanding ICS environment 63 63 IDMZ firewalls IDMZ switches IDMZ broker services 70 71 73 68 The Industrial Zone ֊ Level 3 Site Operations 74 Example IDMZ broker-service solutions Summary 78 92 What makes up an IDMZ design? 69 The Enterprise Zone 69 4 Designing the ICS Architecture with Security in Mind Typical industrial network architecture designs 94 Evolution from standalone islands of automation 94 Designing for security mind 104 Network architecture with security in Security monitoring Network choke points Logging and alerting Summary 104 111 112 117 117 Section 2: Industrial CybersecuritySecurity Monitoring 5 Introduction to Security Monitoring Security incidents Passive security monitoring Active security monitoring Threat-hunting exercises Security monitoring data collection methods Network packet capturing 122 124 124 125 125 126 Event logs Putting it all together introducing SIEM systems Summary 128 131 132
Table of Contents vii 6 Passive Security Monitoring Technical requirements Passive security monitoring explained 134 configuring Security Onion 151 134 Deploying the Security Onion VM Configuring Security Onion Deploying Wazuh agents 152 162 165 Network packet sniffing 135 Collection and correlation of event logs 137 Host-based agents 139 Security Information and Event Management - SIEM 140 What is a SIEM solution? How does a SIEM solution work? 140 140 Common passive security monitoring tools 141 NSM 142 IDS Event log collection and correlation 145 149 Setting up and configuring Security Onion 150 Exercise 1 - Setting up and Exercise 2 - Setting up and a configuring a pfSense firewall Deploying a pfSense VM Configuring pfSense 171 172 177 Exercise 3 ֊ Setting up, configuring, and using Forescout's eyelnsight (formerly 182 known as SilentDefense) Deploying the SilentDefense sensor and Command Center VMs Configuration of the SilentDefense setup Example usages of the SilentDefense setup Summary 182 188 197 216 / Active Security Monitoring Technical requirements Understanding active security monitoring 218 218 *510 Endpoint inspection with host-based aeents 222 Manual endpoint inspection/verification225 Exercise 1 - Scanning networkconnected devices 226 Dangers of scanning in the ICS environment Nmap Assets scan Interrogating Windows machines Exploring Modbus Getting EtherNet/IP information Scanning Siemens S7 (iso-tsap) Manual vulnerability verification Scanning for vulnerabilities 226 227 229 245 257 263 269 270 272
viii Table of Contents Exercise 2 - Manually inspecting 286 an industrial computer Pulling Windows-based host information Configured users Summary 286 293 295 8 Industrial Threat Intelligence Technical requirements 298 Threat intelligence explained 298 Using threat information in industrial environments 300 Acquiring threat information 302 Your own incidents and threat hunting efforts Vendor reports Your own honeypots Peers and sharing communities 303 303 303 External/third-party free and paid-for feeds Creating threat intelligence data out of threat information 304 307 Exercise - Adding an AlienVault OTX threat feed to Security Onion 307 Summary 312 304 У Visualizing, Correlating, and Alerting Technical requirements 314 Holistic cybersecurity monitoring SilentDefense alerts to Security Onion syslog 341 315 Exercise 5 - Creating a pfSense firewall event dashboard in Kibana 349 Network traffic monitoring Network intrusion monitoring 316 317 Host-based security monitoring 318 Exercise 1 - Using Wazuh to add Sysmon logging 319 Exercise 2 - Using Wazuh to add PowerShell Script Block Logging 327 Exercise 3 - Adding a Snort IDS to pfSense 331 Exercise 4 ֊ Sending Exercise 6 - Creating a breach detection dashboard in Kibana 359 NIDS alerts Zeek notices Zeek Intel logs Suspicious process and file creation Suspicious PowerShell commands 360 366 369 370 373 Suspicious egress connections Suspicious ingress connections 377 379
Table of Contents ix Failed user login attempts 380 New user creation and changes to user accounts 382 Downloaded files 384 SilentDefense alerts Finishing up the dashboard Summary 385 386 390 Section 3: Industrial Cybersecurity - Threat Hunting 10 Threat Hunting What is threat hunting? Threat hunting in ICS environments What is needed to perform threat hunting exercises? Network traffic logs 394 Network services event logs SIEM 409 409 396 Network packet captures Research, lookups, and comparison resources 410 397 397 Endpoint OS and application event logs 398 Making modifications to PLC, HMI, and other control systems and equipment 408 Tracking new and changed devices on the (industrial) network 408 Threat hunting is about uncovering threats Correlating events and alerts for threat hunting purposes Summary 410 411 412 412 11 Threat Hunt Scenario 1 - Malware Beaconing Forming the malware beaconing threat hunting hypothesis 414 Detection of beaconing behavior in the ICS environment415 Malware beaconing explained 415 Data exfiltration Legitimate application beaconing 416 416 Using Security Onion to detect beaconing behavior Using RITA to detect beaconing behavior 428 Investigating/forensics of suspicious endpoints 435 Finding the suspicious computer 417 439 Find the beaconing process - netstat 440 Upload executable to VirusTotal 454
x Table of Contents Rudimentary inspection of the suspicious executable ֊ malware analysis 101 455 Using indicators of compromise to uncover additional suspect systems 492 492 Discovered lOCs so far Searching for network-specific 493 indicators of compromise Searching for host-based indicators of compromise 498 Summary 500 12 Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications Technical requirements Forming the malicious or unwanted applications threat hunting hypothesis Detection of malicious or unwanted applications in the ICS environment Comparing system snapshots to find artifacts Looking for application errors to find artifacts Looking for malicious network traffic to find artifacts Comparing port scans to find artifacts Inventorying currently running processes in the ICS environment 503 503 Inventorying startup processes in the ICS environment 524 Investigation and forensics of suspicious endpoints 532 Securely extracting the suspicious executables 533 Using discovered indicators of compromise to search the environment for additional suspect systems 535 504 505 509 509 514 518 Using YARA to find malicious executables Using file strings as an indicator of compromise Summary 535 537 542 13 Threat Hunt Scenario 3 - Suspicious External Connections Forming the suspicious external connections threat hunting hypothesis 545 546 Mayhem from the internet Attacks originating from the enterprise network 552 Ingress network connections Summary 546 568
Table of Contents xi Section 4: Industrial Cybersecurity Security Assessments and Intel 14 Different Types of Cybersecurity Assessments Understanding the types of cybersecurity assessments 572 Risk assessments 572 Asset identification System characterization Vulnerability identification Threat modeling Risk calculation Mitigation prioritization and planning Red team exercises 573 573 574 574 575 576 576 How do red team exercises differ from penetration tests? 577 Blue team exercises 578 Penetration testing 579 How do ICS/ОТ security assessments differ from IT? 582 Summary 583 15 Industrial Control System Risk Assessments 16 Red Team/Blue Team Exercises Red Team versus Blue Team versus pentesting Penetration-testing objective - get to the objective at any cost 587 588 Red Team exercise objective - emulate real-world adversary TTPs 588 Blue Team objective - detect and respond to security incidents as quickly as possible 589 Red Team/Blue Team example exercise, attacking Company Z 589 Red Team strategy Blue Team preparation The attack Summary 589 590 591 634
xii Table of Contents 17 Penetration Testing ICS Environments Practical view of penetration testing Why ICS environments are easy targets for attackers Typical risks toan ICS environment Modeling pentests around the ICS Kill Chain The Cyber Kill Chain explained 636 Creating an approximation of the industrial environment 636 Exercise - performing an ICScentric penetration test 637 639 639 639 641 The Intrusion Kill Chain The ICS Cyber Kill Chain Pentest methodology based on the ICS Kill Chain 645 Pentesting results allow us to prioritize cybersecurity efforts 646 Pentesting industrial environments requires caution 646 Preparation work Setting up the test environment Pentest engagement step 1 - attacking the enterprise environment Pentest engagement step 2 - pivoting into the industrial environment Pentest engagement step 3 - attacking the industrial environment Testing Level 3 Site Operations Testing the lower layers Pentest engagement step 4 - reaching the objective of the attack Summary 647 647 647 648 651 658 661 665 677 691 691 Section 5: Industrial Cybersecurity Incident Response for the ICS Environment 18 Incident Response for the ICS Environment What is an incident? What is incident response? Incident response processes 696 697 697 Incident response preparation process 698 Incident handling process Incident response procedures 699 702 Incident response preparation process 703 711 Incident handling process Example incident report form Summary 728 730
Table of Contents xiii 19 Lab Setup Discussing the lab architecture 732 The lab hardware The lab software Details about the enterprise environment lab setup 732 733 734 ENT-DC 735 ENT-SQLand ENT-IIS ENT-Clients Active Directory/Windows domain setup 735 736 Details about the industrial environment - lab setup 736 736 Servers 737 Workstations 738 Other Books You May Enjoy Index HMIs PLCs and automation equipment Active Directory/Windows domain setup How to simulate (Chinese) attackers Discussing the role of lab firewalls How to install the malware for the lab environment Configuring packet capturing for passive security tools Summary Why subscribe? 738 739 747 747 748 749 751 751 753 |
| any_adam_object | 1 |
| any_adam_object_boolean | 1 |
| author | Ackerman, Pascal ca. 20./21. Jh |
| author_GND | (DE-588)1249121868 |
| author_facet | Ackerman, Pascal ca. 20./21. Jh |
| author_role | aut |
| author_sort | Ackerman, Pascal ca. 20./21. Jh |
| author_variant | p a pa |
| building | Verbundindex |
| bvnumber | BV047573917 |
| classification_rvk | ST 277 |
| contents | Table of Contents; Introduction and Recap of First Edition; A Modern Look at the Industrial Control System Architecture; The Industrial Demilitarized Zone; Designing the ICS Architecture with Security in Mind; Introduction to Security Monitoring; Passive Security Monitoring; Active Security Monitoring; Industrial Threat Intelligence; Visualizing, Correlating, and Alerting; Threat Hunting; Threat Hunt Scenario 1 - Malware Beaconing; Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications; Threat Hunt Scenario 3 - Suspicious External Connections; Different Types of Cybersecurity Assessments; Industrial Control System Risk Assessments; Red Team/Blue Team Exercises; Penetration Testing ICS Environments; Incident Response for the ICS Environment; Lab Setup |
| ctrlnum | (ELiSA)ELiSA-9781800202092 (OCoLC)1291615708 (DE-599)BVBBV047573917 |
| discipline | Informatik |
| discipline_str_mv | Informatik |
| edition | second edition |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02494nam a2200433 c 4500</leader><controlfield tag="001">BV047573917</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20220110 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">211104s2021 a||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781800202092</subfield><subfield code="9">978-1-80020-209-2</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">978-1-80020-209-2</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ELiSA)ELiSA-9781800202092</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1291615708</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV047573917</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Ackerman, Pascal</subfield><subfield code="d">ca. 20./21. Jh.</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1249121868</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Industrial cybersecurity</subfield><subfield code="b">Efficiently monitor the cybersecurity posture of your ICS environment</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">second edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham</subfield><subfield code="b">Packt Publishing Limited</subfield><subfield code="c">2021</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xx, 779 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield><subfield code="c">93 mm.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">[2nd Revised edition]</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Table of Contents; Introduction and Recap of First Edition; A Modern Look at the Industrial Control System Architecture; The Industrial Demilitarized Zone; Designing the ICS Architecture with Security in Mind; Introduction to Security Monitoring; Passive Security Monitoring; Active Security Monitoring; Industrial Threat Intelligence; Visualizing, Correlating, and Alerting; Threat Hunting; Threat Hunt Scenario 1 - Malware Beaconing; Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications; Threat Hunt Scenario 3 - Suspicious External Connections; Different Types of Cybersecurity Assessments; Industrial Control System Risk Assessments; Red Team/Blue Team Exercises; Penetration Testing ICS Environments; Incident Response for the ICS Environment; Lab Setup</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Infrastruktur</subfield><subfield code="0">(DE-588)4026944-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="653" ind1=" " ind2=" "><subfield code="a">Computer Communications & Networking</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Process control - Security measures</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Computer security</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Infrastruktur</subfield><subfield code="0">(DE-588)4026944-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032959466&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032959466</subfield></datafield></record></collection> |
| id | DE-604.BV047573917 |
| illustrated | Illustrated |
| index_date | 2024-07-03T18:31:18Z |
| indexdate | 2024-07-10T09:15:14Z |
| institution | BVB |
| isbn | 9781800202092 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-032959466 |
| oclc_num | 1291615708 |
| open_access_boolean | |
| owner | DE-739 |
| owner_facet | DE-739 |
| physical | xx, 779 Seiten Illustrationen, Diagramme 93 mm. |
| publishDate | 2021 |
| publishDateSearch | 2021 |
| publishDateSort | 2021 |
| publisher | Packt Publishing Limited |
| record_format | marc |
| spelling | Ackerman, Pascal ca. 20./21. Jh. Verfasser (DE-588)1249121868 aut Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment second edition Birmingham Packt Publishing Limited 2021 xx, 779 Seiten Illustrationen, Diagramme 93 mm. txt rdacontent n rdamedia nc rdacarrier [2nd Revised edition] Table of Contents; Introduction and Recap of First Edition; A Modern Look at the Industrial Control System Architecture; The Industrial Demilitarized Zone; Designing the ICS Architecture with Security in Mind; Introduction to Security Monitoring; Passive Security Monitoring; Active Security Monitoring; Industrial Threat Intelligence; Visualizing, Correlating, and Alerting; Threat Hunting; Threat Hunt Scenario 1 - Malware Beaconing; Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications; Threat Hunt Scenario 3 - Suspicious External Connections; Different Types of Cybersecurity Assessments; Industrial Control System Risk Assessments; Red Team/Blue Team Exercises; Penetration Testing ICS Environments; Incident Response for the ICS Environment; Lab Setup Computersicherheit (DE-588)4274324-2 gnd rswk-swf Infrastruktur (DE-588)4026944-9 gnd rswk-swf Computer Communications & Networking Process control - Security measures Computer security Computersicherheit (DE-588)4274324-2 s Infrastruktur (DE-588)4026944-9 s DE-604 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032959466&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Ackerman, Pascal ca. 20./21. Jh Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment Table of Contents; Introduction and Recap of First Edition; A Modern Look at the Industrial Control System Architecture; The Industrial Demilitarized Zone; Designing the ICS Architecture with Security in Mind; Introduction to Security Monitoring; Passive Security Monitoring; Active Security Monitoring; Industrial Threat Intelligence; Visualizing, Correlating, and Alerting; Threat Hunting; Threat Hunt Scenario 1 - Malware Beaconing; Threat Hunt Scenario 2 - Finding Malware and Unwanted Applications; Threat Hunt Scenario 3 - Suspicious External Connections; Different Types of Cybersecurity Assessments; Industrial Control System Risk Assessments; Red Team/Blue Team Exercises; Penetration Testing ICS Environments; Incident Response for the ICS Environment; Lab Setup Computersicherheit (DE-588)4274324-2 gnd Infrastruktur (DE-588)4026944-9 gnd |
| subject_GND | (DE-588)4274324-2 (DE-588)4026944-9 |
| title | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_auth | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_exact_search | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_exact_search_txtP | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_full | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_fullStr | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_full_unstemmed | Industrial cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment |
| title_short | Industrial cybersecurity |
| title_sort | industrial cybersecurity efficiently monitor the cybersecurity posture of your ics environment |
| title_sub | Efficiently monitor the cybersecurity posture of your ICS environment |
| topic | Computersicherheit (DE-588)4274324-2 gnd Infrastruktur (DE-588)4026944-9 gnd |
| topic_facet | Computersicherheit Infrastruktur |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032959466&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT ackermanpascal industrialcybersecurityefficientlymonitorthecybersecuritypostureofyouricsenvironment |