Page 1

ian bauckham head teacher personal statement 08 18

write my dissertation abstract on cloning please 05 14

ib english a1 hl evolution writers 1 tips 05 05

international business strategy presentation powerpoint 05 13


six degrees of separation meaning movie review 05 14

apa research evolution writers cover page 05 04


sample cover letter good communication skills 05 15



infamous second son evolution writers trail part 3 help 05 04


need research paper on gay clubs plz 05 14

eia petroleum status report released 05 13

essay on i want to become a doctor in hindi 05 05


evolution writers on poverty 05 05

edit my dissertation introduction on medicine for money 05 14


help with writing a philosophy evolution writers 05 05

cover letter builder download 05 13


evolution writersclip help guy 05 04

report card facebook statuses about love 05 17

writing letter of resignation from work 05 12

brown evolution writers tickets santa cruz 05 03

booker washington speech cast down your bucket essay 05 13

roi marketing campaign examples of thesis 05 15

the mystic masseur movie review 05 10


800 word essay on bullying 05 02


nature background for powerpoint presentation 05 10

need someone to write my research proposal on medicine 05 09

essay writing 4 paragraph 05 03

soffioni doccia incasso prezi presentations 05 17

admin evolution writers 05 03



example research paper cigarette smoking 05 13



i need help writing a term evolution writers 05 04

may labor report 05 13




reading critical thinking 08 20

does my resume have to have references 05 12

CUNY School of Professional Studies ​my name is pastor Allen from vtt I work as a principal scientist at all theory of cybersecurity and I my manager NIST has been over several years already to improve the cybersecurity of industry that that is using automation and mission for today I have that everybody of you understand the risk of a cyber world today for it for your business and and until I try to make it as simple as possible for you so that you understand what we have what we kind of risk we are talking about and civic I always look silly don't worry yeah and hello researchers I mean open and was was actually carrying out this for for this presentation some some security testing so I wanted to include him also to the slide so before we start testing or penetration testing to certain targets we need to the tester needs to know who is bad so who is our enemy who is who is the attacker so that requires some discussion with the customer that how they how they feel what kind of what kind of risks who are their enemies who wants to hurt them their business or operations or otherwise so so so you need to discuss have a serious discussions with them and maybe with the risks risk managers also that what is what is the biggest risk for that for their business and to let you know that who are the bad guys usually in cotton in corporations it's it's the insiders it's religious insiders who make it on purpose this attack inside the company or then in a product in what opportunity there's who just accidentally maneuver they they don't do it on purpose but accidentally they Margaret a tech company systems and from outside last year attacks comes only 40% of the attacks comes from outside of the firewall so you should look inside your company or your employees and you should educate your employees as you can see there has been some progress for this I accidentally Muller the scream sector has reduced over the year quite a lot now so there is some real improvements happening on going ok but you should know at the first hand is that the cyber crime is now services it's in the internet it's in turn darknet it's in inner underground market of different countries for example in Orosco has their own russian-speaking under on the ground criminal underground that's sales sales criminal crime software for crimes and services for crimes so attacker today I don't need to know about techniques at all let's just buy buy some services from from the market criminal market they can sue spot from the list of services what they want to do they want to do a dinner service attack to some IP address or do they want to steal some information to hack some data from from some company or so what number to tell there is a dedicated service this means that series attackers they they buy cannot do it well private servers from these services to hide perfectly hide from authorities to catch them so they if if authorities are are trying to or almost trying to catch them they can change the service totally from to another place in in earth because they are you using a virtualized service services for these criminal purposes they can store their data there and develop better take a store there privately without any authorities to catch them taken taken by services paper install type they don't need to buy the software or licenses taken by only for one installation couple of dollars and they can get the mission done so it's you need to know this that it doesn't need to know technical endeavor guys and hit his picture of course where that is in the middle which side he DT we have this V DT ballroom disclosed kind of Internet simulating room that we have not lots of equipments and switches and service and utilized systems and automation systems and that is our kind of core of making business here so that we we want to cooperate with industries on the left side like oil and gas power waste water cleaning and upkeep energy grids and medicine food and beverages companies Terrace tax or business where the money comes and then the left the right up there are vendors and service product providers like like like you most of you I think who are doing doing automation systems for the industries use and there is also these service providers companies like like lung planet one and process and annex who are providing like security services for example to these vendors and what we do in the war room is that we test these two systems together we cannot do this ourselves we need always partnerships and cooperation you don't get good test targets if they don't cooperate with others so a news cases we get from the industry until we have a critical process NASA work most cases in penis who is support in this work - when we make testing we should let other finish parties to know what is the right way to improve cybersecurity in general and how it should be done in in each case and we will cooperate with the national cybersecurity center of payment also electrolysis cask and others so so we had this work ballroom and their behalf of this for example we have great team people who are specialized on specialized on attacking target systems so take it money for for making attacks and a nun customers want it so but we do it in a controlled way and with ethical hacking purposes and usually on closed doors so it's not connected to other systems accidentally if you do a penetration testing for example you are installing a penetration testing tool and then you start start running it you can accidentally cross the network across the system

so so you need to run this on unsafe environments then the security testing part there are lots of commercial and open source tools to make a decent security testing and that that is most of same people and Internet team that is specialized don't intend monitoring is important so that we need for example how the target is behaving on the attack when it goes down when it when it behaves from in the wrong way so that we know that which test case was causing this and then we have some visualizing threat model tools that we can see what kind of big picture of threads of that test target and we continuously develop this disk or where security testing is just one part of the big bigger because even when we are improving including Industrial cybersecurity automation cybersecurity so on the left side you can see some technical matter measures like OPC UA UA obviously way gateways firewalls for automation networks and then some development tools SDKs and security properties of those then we have the security testing tasks and then we have this network monitoring tasks and most of the work we have done last year for example we have done for those tools two tasks main major tasks so because we have you know the first first picture there was the insider was the thread so we need to monitor the inside network that products on network what is happening there how how the attacker is inside you whether he is inside or not and then try to cut it out to understand how it works then on the left side we have kind of policies and instructions and models how to do things in general in the second way secure way okay then how we work with the customer so we we first have a meeting where we discuss about the suitable products for where we start with how what is the most suitable or wearable get most of the benefits from with products and so we cannot just everything at some time same time then we talk about the current testing process and tools and if there is any security testing at all in the company today and we go through the test mitosis as good as possible and have some objectives for for our cybersecurity testing and then we do the actual cybersecurity testing at IDT so we find the best tools there are hundreds of different cyber security testing penetration testing tools available such some of those works for its target maybe you need to so we need to have a very good software to find the tools quickly and I'll see what metals and tools are working for his target specifically and then we we can start making scripts automated scripts that how to make it out more automated this testing and and we can have some examples test scripts for that and finally the hardest part is that we want that our customers would test cyber security test themselves and that's that's more difficult this would integrate the cybersecurity testing to death their own testing processes and that that is users it was worth the hardest part to make it really happen then turn to the OPC us security so how how testing how attacker works he first buy equipment what what is coming to be his or her target then he studies it closely he for example puts it puts it to work record some data from the network and then start Todd modeling that data what kind of message is it sending and receiving and making ten the attacker can slightly modify those messages and sent them again and see how how the targets behaves and so so you start it usually you start with anonymous all or none security mode to see what kind of messages there will be and then then you start for example design the signaling you will record that and see how designing a handshake is are going and how you how the attacker could get into this handshake process so that nobody realizes that there is somebody made me between so this way the this crime industry is developing their software today by eating and they study that right they make working application for it and so on so we also to do it that way when we test and let you notice obviously US equity valuation is already done by BSA so many I don't go into details of that it's very good study you should check it and it's coming to put in English version also later on then to tell PC you a product of process that was - well cases that we have run for three years for process so we have this process what we see us simulations for or server for 214 and the process how we how we proceed it was that together we made some test planning what products what kind of test cases what focus and so on and then then we find the tools and methods but that works and then be reported to the customer ante they take that same study done and do some fixing so that then we can test again okay there are no more problems in this case it was also saw that process was able to fix the problems that we found so this is the way to go so in 14 we did had some passing and would ability scanning and we find some there were some findings in the participate on re-encoding and HTTP and and there are some problems as usually interesting and so we used a little bit smaller sample set of messages okay 15 we we also used this SDK for client-server vilasa Merson for test this was test target little bit more than first time and test tool was coroner makan defense 6 OPC you way this server test so it actually helped them to develop this tool to work work with the target so so that it would be usable for for many other targets too so we tested this binary TCP with motor best one model we modeled the traffic and then started money manipulate in the traffic and some selected tests take cases where run and usually it was overnight process to run these test cases and generally the targets are out there if it was able to continue a correct operation you also tested some time to encryption a certificate hanging things too and as some slow down of services was the only typical reaction for the target before you know you know the NAPLAN esos will need a police scanner was useless here for example then we did some other other load testing also and and this year we had Linux windows and says decay

versus also as a test target and we concentrated on those testing because it's most important to keep systems of whatever happens in the network test tools tools were port scanning network flooring some packet manipulation of OPC UA messages and tenth is again this coordinate can given six traffic capture for posture was used where we can we can actually develop a test tool for any any protocol possible okay again test target server quite well was was able to continue even we flut flut it as much as possible and there are some - something to improve in the log handling ok if there is very high overload and nothing survives that's for sure and only few test cases were found where this was repeatedly jumped desktop ok quite a good points for posture and I usually our our goal is to to get this cyber security kind of tool set to designers desktop so that the company can themselves so they don't need to come to us it needs to be continuous process always basic testing of accent testing phase that it also has expanded from from war room we can also do as a kind of more wider scope testing we can we can check public information what is available in the internet about the company's systems is that to to get it out get the information if there is too much knowledge available intended to add for autocracy to utilize you also you should not put everything to internet about your systems your configurations or firewall settings and so no no and then we can we have done a social engineering attacks that the customer base so we are testing to employees that can they behave correctly if somebody's calling tomorrow sending an illness is the reaction second radar so that nobody can pull them and then of course this black boxes testing and or white box testing that I was telling you a minute minute ago in the ballroom here's some sample of tools that we are using commercial tools on less than three open-source tools on the right not nowadays I can I can give you this information because many many other other organizations are already using these same tools it's not news anymore this is actually almost last words we also arranged cyber defense hand of hands-on workshop stand where we teach the customers to hack themselves to see how it how easy it is to use open source tools to to hack their own systems just in a couple of minutes whatever security they have and then then we also teach them how they could find those attacks how do they detect attacks and how to how they should have how this would defend against the attacks okay thank you this was always part of puberty that I'm running running also there we are developing and testing services for for companies for penis in penis in the industry that's all New York City College of Technology at MetroTech, Downtown Brooklyn.