1 / 15

Identifying security events in a Building Energy Management System (BEMS) Jeffrey M. Young

Identifying security events in a Building Energy Management System (BEMS) Jeffrey M. Young Dr. Milos Manic University of Idaho, IF. Overview Network/Sensor setup What is Wireshark Example security event. Sensors Various Temperature Occupancy Light CO2 Damper position

lev
Télécharger la présentation

Identifying security events in a Building Energy Management System (BEMS) Jeffrey M. Young

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identifying security events in a Building Energy Management System (BEMS) Jeffrey M. Young Dr. Milos Manic University of Idaho, IF

  2. Overview • Network/Sensor setup • What is Wireshark • Example security event

  3. Sensors • Various Temperature • Occupancy • Light • CO2 • Damper position • Supply Fan Load/Current • Exhaust Fan Load/Current

  4. Network nodes • Router – VxWorks • Hosts – Mix of Windows and Linux • Can2Go controller • Star network topology

  5. Wireshark – What is it? • Network packet analyzer • Capture network packets • Display that packet data • Open source

  6. Wireshark – What it is not • Not an intrusion detection system • No warning when something strange things on your network • Read only mode

  7. Wireshark layout

  8. Packet Detail

  9. Build a profile • Display filters • Most any characteristic of a network packet • Can be color coded for easy recognition • tcp.flags.reset eq 1

  10. Coloring Rules

  11. Normal traffic

  12. Example attack/vulnerability

  13. Attack continued

  14. Conclusion • How to setup Wireshark and host for packet capture • How to setup and commence a port probe attack • Configure capture filters to highlight packets involved in a port probe

  15. Thank you for your time

More Related