Subscribe to gain access to ALL of our courses and labs, over 50 hours of content and growing! Completing this "course" will auto-enroll you in all of our courses.
Fortiphyd Logic
-
Cyberphysical ranges for ICS/OT networks
Skip available courses
Available courses
Subscribe to gain access to ALL of our courses and labs, over 50 hours of content and growing! Completing this "course" will auto-enroll you in all of our courses.
Subscribe to gain access to ALL of our courses and labs, over 50 hours of content and growing! Completing this "course" will auto-enroll you in all of our courses.
Create your own ICS security lab in VirtualBox with the open source GRFICS project to learn some of the key lessons of ICS security!
Hours: 1.0
Why is it so hard to get IT and OT to work together on security? They have different priorities, strengths, and technology and can struggle to communicate their needs. Learn how to communicate with both sides in this introduction to ICS security. After completing this module, users will be able to:
- Identify common cybersecurity and ICS devices
- Locate which level of the Purdue model ICS devices belong in
- Compare and contrast cybersecurity in IT and ICS/OT networks
Hours: 2.0
(Lab) Take on the role of an attacker in the DMZ network of a power plant, learning how to exploit the common vulnerabilities there and pivot deeper into the ICS network. After completing this chapter, users will be able to:
• Use basic Linux commands and tools (whoami, pwd, ls, mkdir, nano, cd, mv, cp, rm, man)
• Run basic network scans with nmap
• Understand the function of historians in ICS networks
• Test for SQL injection vulnerabilities
• Perform man-in-the-middle (MITM) attacks using ARP spoofing
• Explore ICS protocols using Wireshark
• Run password cracking tools against remote access protocols (SSH)
• Check for weak passwords by running a cracking tool against password files
Hours: 2.0
(Lab) After pivoting into the ICS network, continue your exploration of common ICS protocol and software vulnerabilities to reprogram a PLC and cause a power outage in the simulated power plant. After completing this chapter, users will be able to:
• Run advanced network scanning to enumerate ICS devices
• Run password cracking tools against remote access protocols (RDP)
• Understand the function of HMIs in ICS networks
• Perform man-in-the-middle (MITM) attacks using ARP spoofing
• Explore ICS protocols using Wireshark
• Understand how PLCs are programmed
Hours: 1.5
(Lab) Using lessons learned from successfully attacking the power plant in Chapters 1 and 2, learn how to harden and secure ICS assets using various endpoint defenses. After completing this chapter, users will be able to:
• Validate operator inputs on HMIs
• Add safety checks to PLC programs
• Scan for malware using Yara
• Investigate Windows event logs, and set up audit policies
• Use the Windows powershell command line (ps, select-string, netstat)
• Use intermediate level Linux commands (ps, grep, netstat)
• Investigate Linux logs
• Write basic Linux host firewall rules
Hours: 2.0
(Lab) Using lessons learned from successfully attacking the power plant, learn how to harden the ICS network with firewalls, monitoring systems, and intrusion detection systems.. After completing this chapter, users will be able to:
• Monitor network flows
• Install and monitor an inline network intrusion detection system
• Investigate DNS exfiltration traffic
• Use Fortiphyd Logic's LogicWatch product to monitor the ICS network
• Write basic network firewall rules
Hours: 1.0
(Lab) In this advanced level module, take a deep dive into the Modbus traffic of a simulated chemical plant to understand how to attack and harden one of the most common ICS protocols in use. After completing this chapter you will be able to
- Run advanced nmap scripts to enumerate Modbus devices
- Use Python Scapy scripts to perform detailed Modbus device enumeration
- Scan and scrape data from a Modbus server
- Send Modbus commands to control a process
- Fuzz Modbus servers to check for vulnerabilities
- Write IDS rules to detect suspicious Modbus activity
- Set up a basic Modbus honeypot to study attacker behavior
Hours: 2.0
(Lab) The Industrial IoT promises to make ICS more efficient than ever before, but with great technology comes great responsibility to secure it. In this course, exploit and mitigate common IIoT vulnerabilities in a simulated power plant. After completing this chapter you will be able to:
- Communicate the benefits of deploying IIoT, as well as the added responsibility for securing IIoT
- Use Shodan to perform basic reconnaissance on Internet facing ICS assets
- Understand the difference between application layer security and transport layer security
- Perform basic checks for default and hardcoded passwords in IIoT devices
Hours: 1.0
(Lab) In this advanced level module, get hands on experience with the BACnet protocol in a simulated server room cooling system to understand how to attack and harden one of the most common building automation system (BAS) protocols in use. After completing this chapter you will be able to
- Explore building automation systems in Shodan
- Run nmap scripts to enumerate BACnet devices
- Set up a rogue BACnet master to read process data and send commands
- Fuzz BACnet servers to check for vulnerabilities
- Write Suricata/Snort content rules to detect suspicious BACnet activity
- Set up a basic BACnet honeypot to study attacker behavior
Hours: 2.0
(Lab) DNP3 is one of the most popular protocols used in SCADA networks like the power grid, water utilities, and train systems. In this hands-on lab course, learn some of the biggest ways attackers can abuse DNP3 and what you can do to prevent and detect their attacks.
Hours: 1.0
After completing this module, users will be able to:
- Understand the key concepts of computer networking and cryptography
- Describe common networking and network security devices and when to use them
- Identify common protocols on ICS networks and when to use them
Hours: 3.5
After completing this module, users will be able to:
- Understand the different kinds of security assessments
- Participate in deciding the type and scope of assessments for their networks
- Describe common assessment methods and when each are appropriate to use
Hours: 2.0
After completing this module, users will be able to:
- Operate basic HMIs
- Explore simple historians for process data
- Identify common vulnerabilities in Purdue Level 2/3 devices
- Recommend strategies for securing Level 2/3 devices
Hours: 2.0
After completing this module users will be able to:
- Program and understand basic ladder logic programs
- Describe the operating systems used in Level 0 and 1 devices
- Identify common vulnerabilities in Level 0 and 1
- Recommend common defenses for Level 0 and 1
Hours: 2.0
After completing this module users will be able to:
- Understand common wireless protocols used in ICS
- Identify vulnerabilities in wireless communication
- Recommend more secure deployments of wireless communication
Hours: 1.0
After completing this module users will be able to:
- Differentiate the best use cases for various segmentation devices
- Recommend high level sure architecture for ICS networks
- Identify key requirements for implementing secure remote access to ICS networks
- Understand the benefits and appropriate uses for ICS network monitoring
Hours: 1.0
After completing this module users will be able to:
- Build a patch management program suitable for ICS networks
- Prioritize ICS patches
- Understand how to implement application whitelisting for ICS devices
- Perform basic Linux and Windows system hardening and configuration management
Hours: 1.0
After completing this module users will be able to
- Implement a basic ICS security program
- Leverage existing standards and frameworks to improve their ICS security
- Use the NIST CSF to compare Current Profiles with Target Profiles and prioritize steps
- Include cybersecurity in ICS procurement
Hours: 1.0
After this course, users will be able to:
- Develop a basic incident response plan for their facility
- Plan and conduct a tabletop exercise
Hours: 1.0
(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions?
In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks.
Part 4 of the 4-part series covers:
- Practice 9: Validate Indirections
- Practice 10: Assign Designated Register Blocks by Function
- Practice 14: Restrict Third-Party Data Interfaces
- Practice 15: Define Safe Process State in Case of Restart
- Practice 18: Log Hard Stops and Trend them on the HMI
Hours: 2.0
(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions?
In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks.
Part 3 of the 4-part series covers:
- Practice 3: Leave operational logic in the PLC
- Practice 20: Trap false negatives and false positives for critical alerts
- Practice 8: Validate HMI input variables at the PLC level
- Practice 6: Validate timers and counters
Hours: 2.0
(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions?
In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks. Part 2 of the 4-part series covers:
- Practice 13 - Disable Unused Ports and Protocols
- Practice 4 - User PLC Flags as Integrity Checks
- Practice 12 - Validate Inputs on Physical Plausibility
- Practice 7 - Validate and Alert for Paired IO
- Practice 1 - Modularize PLC Code
Hours: 2.0
(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions?
In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks. Part 1 of the 4-part series covers:
- Practice 19 - Monitor PLC Memory Usage
- Practice 17 - Log PLC Uptime
- Practice 2 - Track Operating Modes
- Practice 16 - Summarize PLC Cycle Times
- Practice 11 - Instrument for Plausibility Checks
Hours: 2.0