[Ics-security] SCADA Security Training -- SANS and DHS

[Robert Lukens]

FYI:

The SANS Institute provides a consistently high level of technical
training in computer security.  For anyone considering training in the
protection of industrial control systems, this would be a good place to
start.  See the announcement, below.

Similar, very good training is that offered by DHS at the Idaho National
Lab.  For details, see

> http://www.us-cert.gov/control_systems/cstraining.html

Bob


additional
-------- Original Message --------
Subject: SCADA Security Advanced Training 5-day course
Date: Thu, 21 Jun 2012 13:19:07 +0000
From: The SANS Institute <sans at sans.org>
Reply-To: sans at sans.org
To: <rlukens at jlab.org>

SCADA Security Advanced Training 5-day course

August 20 - 24, 2012
The Woodlands, Texas
*Space is limited to 50 students

Event Link: http://www.sans.org/info/107759

This 5-day course combines advanced topics from SCADA and IT Security
into the first hands-on Ethical Hacking course for Industrial Control
Systems. Both SCADA Administrators and IT Security Professionals will
widen their knowledge through hands-on exercises with live SCADA systems
and equipment.

The course starts with a review of Industrial Control Systems (ICS),
Operating System Kernels, and Network Security, and then quickly dives
deeply into topics that include SCADA Penetration Testing, SCADA
Vulnerability Assessment methodology, Vulnerability Analysis, Embedded
Device Fuzzing, Protocol Analysis, and several methods for compromising
and dissecting common security controls found on ICS environments.
Students will be provided with several, structured virtual machine
environments to deploy on their own laptops. These will contain
pre-configured software with a wide variety of security tools which will
be used to guide students through hands-on techniques on how to
compromise live ICS equipment, wireless devices, and SCADA Operator
Consoles.

Answer These and Other Similar Questions Related to SCADA Security:

- What are unique vulnerabilities and security risks with ICS systems?
- What approach should be used to test Internet, Enterprise IT, and ICS
Systems for security vulnerabilities?
- What are the common security weaknesses in Internet and Enterprise IT
Systems that pose the greatest risk to ICS systems?
- Can poorly managed ICS systems pose an even greater risk to
Enterprise IT and Internet-connected systems?
- What is a solid approach to testing SCADA systems for security
vulnerabilities?
- When and how to conduct Penetration Testing on live SCADA equipment
- How to use open source security tools to research and discover
unknown vulnerabilities with ICS equipment
- What are solid techniques to securing SCADA Systems that are not
vendor-specific, and require low administrative overhead?
- Can social networking information about employees found in sites like
Facebook, LinkedIn, MySpace, and Twitter be used to compromise critical
industrial facilities?
- What is a Red Team or Tiger Team Attack Exercise, and how can these
scenarios simulate a targeted attack on a SCADA facility?

This is a hands-on course, and students are required to have a working
knowledge of Linux and windows security tools. A small SCADA network is
setup with switches, routers, SCADA equipment, wireless devices, and
telecommunications gateways to aide in the instruction and hands-on
exercises.

Course Materials:
Each student receives a course handbook as well as virtual machine
environments preloaded with all of the software tools required for the
course. Students are required to bring their own laptop computers to the
training course that have a minimum of 20 GB free disk space and 4 GB of
RAM memory. Any operating system that supports VMware Player is allowed
as the host operating system.

Register now http://www.sans.org/info/107764 to secure your seat! Space
is limited to 50 students.

We look forward to seeing you in the The Woodlands, Texas.

**************************

To change your subscription, address, or other information, visit
http://portal.sans.org.  To opt out of future mailings, visit the link
above, click on "update your account" and check the box "Do not send any
email."

SANS Institute, 8120 Woodmont Ave., Suite 205, Bethesda, MD 20814-2743

***************************