OnDemand Special Offer - iPad Air w/ Smart Keyboard, Surface Go, or $300 Off


To attend this webcast, login to your SANS Account or create your Account.

Designing and Implementing a Honeypot on a SCADA Network

  • Wednesday, July 02, 2014 at 8:00 PM EDT (2014-07-03 00:00:00 UTC)
  • Charlie Scott, Master's Degree Candidate - Masters Presentation

You can now attend the webcast using your mobile device!



SCADA networks typically contain business-critical and mission-critical devices. Consequently, anything that might cause support or downtime issues, such as an anti-virus, IDS, or firewall, is often avoided. A low-interaction honeypot can be an effective means of detecting hostile scanning and other activity on a SCADA network without modifying the existing network and system configurations. Sending the honeypot logs to a Syslog server and indexing them with Splunk can allow the security operator to easily search honeypot activity, and be alerted when it appears that an attack is in progress. This allows a security operator to respond quickly to an event that might not have even been detectable before.

Speaker Bio

Charlie Scott, Master's Degree Candidate - Masters Presentation

Charlie Scott works in the Information Security Office at the University of Texas at Austin, where he performs vulnerability assessments, penetration tests, and supervises the risk management team. Prior to his current position, he held information security roles in local government and at an Internet data center company. He has 20 years of experience in IT and security. Charlie is a candidate for the Masters of Science degree from the SANS Technology Institute and holds several GIAC certifications, including the GSE.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.