contact@ascent-formation.fr +33 9 75 75 37 81 LinkedIn
Visitez notre site web
Logo de l'organisme de formation

La formation au coeur de l'avenir technologique

Représentation de la formation : OT Security - Fundamentals

OT Security - Fundamentals

Formation présentielle
Durée : 35 heures (5 jours)
Durée :35 heures (5 jours)
HT
Se préinscrire
Durée :35 heures (5 jours)
HT
Se préinscrire
Durée :35 heures (5 jours)
HT
Se préinscrire

Formation créée le 16/09/2022.

Version du programme : 1

Programme de la formation

Objectif de formation : According to Gartner, OT security is defined as "the set of practices and technologies used to (a) Protect people, resources, and information, (b) Monitor and/or control devices, processes, and events, and (c) Initiate change within enterprise OT systems." OT security solutions span a wide range of security technologies, from next-generation firewalls to SIEM systems, and deploy different layers of protection. Historically, OT-specific cybersecurity was not necessary, since OT systems were not connected to the Internet. Therefore, they were not exposed to external threats. As digital innovation initiatives progress, and IT and OT networks converge, companies have tended to deploy standalone tools to address specific issues. These approaches to OT security have resulted in a complex network that no longer shares information or provides the necessary visibility. Often, IT and OT networks operate separately, resulting in a duplication of security efforts and a lack of transparency in operations. These IT/OT networks cannot track what is happening across the entire attack surface. Because of different referees in security organization of both platforms, this results in two separate security teams protecting their respective network perimeters. When looking into OT, the biggest subset is ICS. ICS (Industrial Control System) is a broad term that embodies both SCADA and DCS.

Objectifs de la formation

  • Understand ICS components
  • Understand the different layers/levels
  • Enhance threat handling

Profil des bénéficiaires

Pour qui
  • Cybersecurity expert
  • OT expert in charge of the security
Prérequis
  • Basic understanding of IT systems (Linux/Windows)
  • Basic networking knowledge
  • Basic system administration

Contenu de la formation

  • Overview of ICS
    • Processes & Roles
    • Industries
  • Purdue Model
    • Levels 0 and 1 : Controllers and Field Devices
    • Levels 0 and 1 : Programming Controllers
    • Levels 2 and 3 : HMIs, Historians, Alarm Servers
    • Levels 2 and 3 : Specialized Applications and main Servers
    • Levels 2 and 3 : Control Rooms and Plants
    • Levels 2 and 3 : SCADA
  • IT & ICS Differences
    • ICS Life Cycle Challenges
  • Secure Network Architectures for ICS
    • Design example
  • ICS Attack Surface
    • Threat Actors and Reasons for Attack
    • Attack Surface and Inputs
    • Vulnerabilities
    • Threat/Attack Models
  • Level 0 and 1
    • Attacks Schemes
    • Control Things Platform
    • Technologies
    • Fieldbus Protocol Families
    • Defenses
  • Ethernet and TCP/IP
    • Ethernet Concepts
    • TCP/IP Concepts
    • ICS Protocols over TCP/IP
    • Wireshark and ICS Protocols
    • Attacks on Networks
  • Enforcement Zone Devices
    • Firewalls and NextGen Firewalls
    • Data Diodes and Unidirectional Gateways
    • NIDS/NIPS and Netflow
  • Understanding Basic Cryptography
    • Crypto Keys
    • Encryption, Hashing, and Signatures
  • Level 2 and 3
    • Historians and Database
    • HMI and UI Attacks
    • Web-based Attacks
    • Password Defenses
  • Wireless Technologies
    • Satellite and Cellular
    • Mesh Networks and Microwave
    • Bluetooth and Wi-Fi
  • Wireless Attacks and Defenses
    • Risks of Wireless
    • Sniffing, DoS, Masquerading, Rogue AP
  • Patching ICS Systems
    • Patch Decision Tree
    • Vendors, CERTS, and Security Bulletins
  • Defending IT Systems
    • Microsoft : Windows Services
    • Microsoft : Windows Security Poolicies and GPOs
    • Linux : Differences with Windows
    • Linux Daemons, SystemV, and SystemD
  • Endpoint Protection and SIEMS
    • Application Runtime and Execution Control
    • Configuration Integrity and Containers
    • Logs in Windows and Linux
  • Event Logging and Analysis
    • Windows Event Logs and Audit Policies
    • Syslog and Logrotate
  • Internet connectivity
    • Honeypots
    • Attacks on the perimeter
  • ICS Cybersecurity Programs
    • Starting the Process
    • Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
    • Using the NIST CSF
  • ICS Cybersecurity Policy
    • Policies, Standards, Guidance, and Procedures
    • Culture and Enforcement
    • Examples
  • Measuring Cybersecurity Risk
    • Quantitative vs Qualitative
    • Traditional Models
  • Incident Response
    • Digital forensics
    • Key focus
    • Key sources
    • Analyze digital evidence
Équipe pédagogique

Professionnel expert technique et pédagogique.

Suivi de l'exécution et évaluation des résultats
  • Feuilles de présence.
  • Questions orales ou écrites (QCM).
  • Mises en situation.
  • Formulaires d'évaluation de la formation.
  • Certificat de réalisation de l’action de formation.
Ressources techniques et pédagogiques
  • Accueil des apprenants dans une salle dédiée à la formation.
  • Documents supports de formation projetés.
  • Exposés théoriques
  • Etude de cas concrets
  • Quiz en salle
  • Mise à disposition en ligne de documents supports à la suite de la formation.