Designing and Implementing a Honeypot on a SCADA Network
- Wednesday, July 2nd, 2014 at 8:00 PM EDT (00:00:00 UTC)
- Charlie Scott, Master's Degree Candidate - Masters Presentation
You can now attend the webcast using your mobile device!
SCADA networks typically contain business-critical and mission-critical devices. Consequently, anything that might cause support or downtime issues, such as an anti-virus, IDS, or firewall, is often avoided. A low-interaction honeypot can be an effective means of detecting hostile scanning and other activity on a SCADA network without modifying the existing network and system configurations. Sending the honeypot logs to a Syslog server and indexing them with Splunk can allow the security operator to easily search honeypot activity, and be alerted when it appears that an attack is in progress. This allows a security operator to respond quickly to an event that might not have even been detectable before.
Charlie Scott, Master's Degree Candidate - Masters Presentation
Charlie Scott works in the Information Security Office at the University of Texas at Austin, where he performs vulnerability assessments, penetration tests, and supervises the risk management team. Prior to his current position, he held information security roles in local government and at an Internet data center company. He has 20 years of experience in IT and security. Charlie is a candidate for the Masters of Science degree from the SANS Technology Institute and holds several GIAC certifications, including the GSE.