HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
 Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Industrial control systems security. Scadastrophe... or not.
Go to: HSC Trainings
Search:  
 Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication 		  
o HSC Newsletter
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Industrial control systems security. Scadastrophe... or not.  
> Access to the content HTML Beginning of the presentation
PDF PDF version [4.2M]
AdobeFlash Adobe Flash version  
> Description Presentation about the security of industrial control systems (SCADA / ICS).  
> Context & Dates Talk presented during OSSIR Paris, on 15 May 2012.
 
> Author Stéphane Milani (Stephane.Milani@hsc.fr) 
> Type [ French - HTML ]  
> Abstract &
Table of content		 Flyleaf
Réseaux industriels / SCADA
Attaques récentes (Mars - Avril 2012)
Composants essentiels
Vannes et automates
IHM (Interface Homme-Machine)
IHM (Interface Homme-Machine)
Configuration courante - réseau
Protocoles
Protocole Modbus/TCP
Protocole IEC 104
Protocole S7
Protocole EtherNet/IP CIP
Protocole DNP3 (IEEE Std 1815)
Sécurité ?
Architecture
Automates PLC : exemple Schneider
Automates
Automates
Failles impactant les IHM
Sans fil ?
Moteurs de recherche
Sûreté vs sécurité
Retours d’expérience Accès au réseau industriel
Tests depuis un réseau industriel
Intrusion depuis un réseau Bureautique
Intrusion depuis un réseau Bureautique
Intrusion depuis un réseau Bureautique
Usines isolées - Accès distants
Usines isolées - Accès distants
Autres exemples
Attaques ciblées / APT / Ver / Virus
Quid des petites infrastructures ?
iPhone / Android / BlackBerry
Radio / Capteurs
Etude d'un boîtier de télétransmission (RTU)
Boîtiers de télétransmission (RTU)
Étude de la sécurité d'un RTU
HTTP RTU
Serveur FTP
Firmware
Quelques Solutions
Pistes...
Pistes...
Pistes...
Quelques solutions
Quelques solutions
Docs / Standards / Normes utiles US
Docs / Recommandations ENISA Europe  
> Related documents
themeAudit
[Service]  Audit & Assessment
[Presentation]  Feedback on RGS compliance [27 May 2011 - French]
[Presentation]  Infiltrate 2011 report [16 April 2011 - French]
[Presentation]  Feedback on security audits [1 April 2008 - French]
[Presentation]  Technicals Security Audits for BS7799 [24 May 2005 - French]
[Presentation]  Useful standards for network security [20 October 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [22 January 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [26 June 2002 - French]
[Presentation]  Network auditing [12 November 1997 - French]
[Presentation]  Tests and evaluation of Internet security solutions [30 May 1997 - French]
[Presentation]  Autohack [13 June 1995 - French]
[Presentation]  Satan [11 April 1995 - French]
themeNetwork Partitionning
[Presentation]  Deperimetrization or not ? [22 November 2007 - French]
[Presentation]  Network security stakes [14 October 2004 - French]
[Article]  Networks Security [25 July 2000 - French]
[Presentation]  Distributed Network Security [12 May 2000 - English]
[Presentation]  Distributed Network Security [15 December 1999 - English]
[Presentation]  Distributed Network Security - From Firewall to Network Partitioning [30 November 1999 - French]
[Article]  Distributed Network Security - From the Firewall to Network Partitionning [November 1999 - French]
[Presentation]  Le cloisonnement de réseaux [18 August 1999 - English]
[Article]  Network Partitioning [August 1997 - French]
[Presentation]  Private networks partitioning [8 July 1997 - French]
[Presentation]  Intranets partitioning [June 1997 - French]
themeSecurity Architectures
[Presentation]  Multi-layers in depth security [19 March 2011 - French]
[Article]  Évolution des attaques de type Cross Site Request Forgery [1 June 2007 - French]
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Article]  Détection de tunnels aux limites du périmètre [2 June 2006 - French]
[Presentation]  How to make one's Internet security [5 January 2002 - French]
[Presentation]  Security architecture for connecting to the Internet [18 December 2001 - French]
[Article]  How to set up security systems? [29 March 2001 - French]
[Presentation]  How to insert VPNs in existing security architectures? [29 September 1999 - French]
[Article]  TAFIM - Technical Architecture Framework for Information Management [May 1997 - French]
[Article]  How to build a secure Internet access architecture? [October 1995 - French]
themePenetration tests
[Service]  Vunerability assessment (TSAR)
[Service]  Penetration tests
[Course]  Advanced Penetration Testing, Exploits and Ethical Hacking - SANS SEC660
[Course]  Network Penetration Testing and Ethical Hacking - SANS SEC560
[Course]  Web App Penetration Testing and Ethical Hacking - SANS SEC542




[Tool]  Patator tool [Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. - English]
[Tool]  Dislocker tool [This software has been designed to read BitLocker encrypted partitions under a Linux system. - English]
[Tool]  skyrack tool [Tool to help ROP oriented exploitation - English]
[Presentation]  Skyrack, rop for masses [17 June 2011 - English]
[Presentation]  Infiltrate 2011 report [16 April 2011 - French]
[Tool]  Delphes tool [Delphes extracts the usernames and passwords from Oracle file. - English]
[Presentation]  Penetration tests: Exposing real world attacks [9 February 2011 - French]
[Presentation]  27C3 report [8 February 2011 - French]
[Tool]  Webef tool [Bruteforcer of web server files and directories - English]
[Tool]  BlueBerry tool [BlueBerry is a tool that can be used to decrypt BlackBerry Administration Service passwords. - English]
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Tool]  passe-partout tool [In-memory extraction of SSL private keys - English]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Webshells, real threat for information systems ? [1 December 2009 - French]
[Presentation]  Web Attacks with Smartphone [4 June 2009 - French]
[Presentation]  Security issue seen in enterprises web applications [27 November 2008 - French]
[Presentation]  Feedback on security audits [1 April 2008 - French]
[Tool]  WSPP tool [WSPP - English]
[Presentation]  Modern techniques of IP attacks [18 March 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [22 January 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [26 June 2002 - French]
[Tip]  Nmap's hidden option [27 December 2000 - French]
[Tool]  jis & wis tool [JBoss AS administration tools using HTTP invokers - English]
[Presentation]  Introduction to intrusion tests [17 March 1998 - French]
[Presentation]  Tests and evaluation of Internet security solutions [30 May 1997 - French]
[Presentation]  Intrusion tests [December 1996 - French]
> Copyright © 2012, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 15 May 2012 at 21:21:40 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants