Certify Workshop Cybersecurity for Industrial Environments and Critical Infrastructures.
Cybersecurity training and consulting aimed to all levels of the organization: awareness, analysis, implementation, evaluation and actions monitoring.
Learn the basics notions, attacks types, anti-intrusion systems application and IT security control and diode firewalls.
Duration: 3 days (24 hours / 8 hours a day)
Schedule: 9:00h – 17:00h
Dates:
16-18 October - Cybersecurity - Madrid
23-25 October - Cybersecurity - Manchester
General Description:
Three-day workshop designed with the aim of learning the general concepts of Cybersecurity at Industrial Environments and Critical Infrastructures, as well as its most important aspects and the basic protection against attacks.
The workshop includes a theoretical part, followed by a practical part. At the end of the training, the student will be provided with free software with all the test tools used during the three days training.
At the end of the course, the student will have the theoretical and practical knowledge to:
- Evaluate threats and audit their monitoring and control systems.
- Obtain a list of critical points and their direct relationship with the applied countermeasures.
- Protect the most critical points of your installation and know what to do with the least critical ones.
- Install and / or configure protection equipment with physical access.
General Objective:
- Anti-intrusion systems application, computer security control and equipment firewall.
- Provide a general overview of the most important concepts associated with industrial cybersecurity.
- Analyze the main vulnerabilities and threats that may be experienced at industrial environments.
- Know the different types of hacker attacks that can be carried out on an OT network or a critical infrastructure.
- Describe the main countermeasures that can be included to fortify industrial networks and protocols.
- Provide recommendations and practical advice to strengthen the company’s industrial systems and networks.
- Introduce the main standards and/or the current and future laws regarding the implementation of said countermeasures.
Aimed at:
This workshop is designed to train technicians and engineers involved in the protection of critical industrial systems and the security measures implementation for PLC / SCADA / MES environments.
It is mainly aimed at technical personnel involved in the design of architectures, installation, configuration, maintenance and supervision projects commissioning and / or remote control systems automation.
Workshop Characteristics:
- Mode: In person with supervised practices as complement to the theory.
- Methodology: Keynote lectures and practical workshops.
- Participants: A minimum amount of 5 and a maximum amount of 20.
Workshop Observations:
Any topic or sub-topic of the workshop can be expanded and detailed in a second session tailored specially for the client. So the basic workshop can be supplemented with successive trainings if need it.
At the end the participant will get an USB PEN with a FREE distribution Linux with all the test tools used in the course.
Material Included:
- One computer per student during the workshop.
- Welcome stationery material (notebooks, pens, USB with additional information).
- Training manual.
- Certificate of successful completion.
- Meals: Coffee break and lunch (Coffee, tea and refreshments available during the training).
Workshop Schedule:
Day 1
09:00 – 11:00
Introduction to computer security:
- What is hacking?
- Information security properties: confidentiality, integrity / non-repudiation and availability
11:00 - 11:15
Coffee-break
11:15 – 13:30
- Authentication and authorization
- Risk, Threat, Vulnerability (+ CVSS), Exploit and Zero Day
- Main differences between IT Security and Cybersecurity in Industrial Environments
* Practice
13:30 - 14:30
Lunch
14:30 – 16:00
Attacks and Malware:
Types of attacks:
- According to the actions of the attacker: assets and liabilities
- According to the location of the attacker: internal and external
* Practice
16:00 - 16:15
Break
16:15 – 17:00
Attack stages I:
- Recognition
- Information gathering
Attack stages II:
- Scanning
- Exploitation
Day 2
09:00 – 11:00
Attack stages III:
- Maintain Access
- Cover the tracks
* Practice
11:00 - 11:15
Coffee-break
11:15 – 13:30
Safety Audits I:
- Types: White Box, Gray Box and Black Box
- Limitations: time, scope, allowed tests and knowledge
- Reporting
- Auditing from the Internet
- Auditing from the internal network
13:30 - 14:30
Lunch
14:30 – 16:00
Safety Audits II:
- Work on equipment
- Interviews with the organization members
* Practice
16:00 - 16:15
Break
16:15 – 17:00
Industrial networks safety I:
- Security in wired networks:
- Wired networks basic concepts
- Sniffers: TCPDump, WireShark
- Physical security: Port Security
Industrial networks safety II:
- DHCP Security: DHCP Snooping
- RSTP Security: BPDU Guard, Root Guard
- MiTM: IP Source Guard
- VPNs
Day 3
09:00 – 11:00
Security in WiFi networks:
Wireless networks basics concepts:
- Open networks
- WEP Networks
- WPA / WPA2 networks
- Rouge Aps
* Practice
11:00 - 11:15
Coffee-break
11:15 – 13:30
Countermeasures and protection I:
- Defense and protection technologies.
- Perimeter defense architecture
13:30 - 14:30
Lunch
14:30 – 16:00
Countermeasures and protection II:
- Management and protection Decalogue.
Physical security
Firewalls, IDS, IPS and SIEMs
16:00 - 16:15
Break
16:15 – 17:00
Cryptography I:
- Symmetric: DES, AES, RC4
- Asymmetric: RSA, GPG, IKE, SSL
Cryptography II:
- Hashes: MD5, SH
- Password cracking: brute force, hash tables and rainbow tables
* Practice
Requirements for course completion:
There is no specific requirements, ideal participant’s profile for our courses: Technical staff that participates in the design of architectures, Installation, configuration, maintenance and commissioning of automation projects for electrical substations and telecontrol systems.
Specifically for the OPC UA * course: * theory and practice and the OPC course UA: theory, practice and application development, it is convenient to have previous experience about OPC technology acquired through daily use.
In regards of aspects that stand out:
- In all workshops different gifts are provided to participants
- In Spain, Tripartite Foundation recognizes our workshops
- Courses:
OPC Technology and Advanced Architecture Development
OPC UA: Theory and Practice are certified by Matrikon
- In all our workshops we provide a completion certificate
- All workshops include practices with real hardware and simulation of issues that might occur in industrial plants today