Logo TCP/IP Training
Special LE Courses
working with charts on laptop

SCADA & Industrial Control Systems Analysis & Troubleshooting

Price: € T.B.A.
Category: Security / Forensics
Format: Open Classroom / Virtual / In-house
This course is for Networking, Engineering, and Security personnel who need to develop a set of packet investigation techniques through study of the Industrial Control Systems and SCADA networking Protocols (IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols: BACNET, CODESYS,.. read more below
Amsterdam / In-House / Virtual
T.B.A.
8:30 - 16:30
duration: 5 days
5-12 class size
English
Sign up now
Request information

This course is for Networking, Engineering, and Security personnel who need to develop a set of packet investigation techniques through study of the Industrial Control Systems and SCADA networking Protocols (IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols: BACNET, CODESYS, DNP3, EIP, Ethercat, Modbus, Point Protocol, S7, HART IP, and ISO Protocol) using Wireshark and other Open-Source Analysis tools. 

The technologies of Industrial Control Systems and SCADA architecture comprise many of the critical components of the worldwide critical infrastructure. Effective analysis and troubleshooting such advanced technologies encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

– Specialized configuration and advanced traffic capture tips

– Recognition, analysis and threat recognition for a many of the Industrial Control Systems currently in use in such sectors as: Energy production, Water, food and transportation technologies including IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols: BACNET, CODESYS, DNP3, EIP, Ethercat, Modbus, Point Protocol, S7, HART IP, and ISO Protocol Stacks

– Specialized ICS Analysis techniques including data traffic reconstruction and viewing techniques.
Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents

This course is designed for Networking, Engineering and Security personnel that need to develop a set of packet investigation techniques through study of the Industrial Control Systems and SCADA networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.

Introduction to Advanced Network Analysis
Logistics
Network analysis challenges – Nomenclature, Terminology and the Next Generation Protocols

Collecting the Data – Data Capture
Recap – Data Collection
Configuring Wireshark 2.0
New features to enhance capture – USBPcap / Androiddump
Using capture filters to capture specific suspect traffic
Stealth / Silent Collection of Data – Tips & Techniques
WiFi Device Analysis using AirPcap Control Panel
New Wireless Toolbar and WiFi features – WEP / WPA / WPA2 Decryption
Bluetooth capture features
Location – How Network Infrastructure Devices Affect Network Analysis
Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU

Industrial Control Systems Architecture & Components
Architecture
Supervisory Control and Data Acquisition (SCADA)
Digital Control System (DCS)
Non-Centralized Systems (NCS)
Components
General-purpose computers
Programmable Logic Controller (PLC)
Remote Telemetry (or Terminal) Units (RTUs)
Special purpose systems
Smart sensors and actuators

 

Analysis of Network Applications and User Traffic
Key ICS / SCADA Protocols
What’s Normal vs. Abnormal – The Role of Control System Baseline Files
Color Rules
Filtering & Pattern recognition
Building a Baseline Library – Where Do I go to Find Samples?

IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols
ICS / SCADA Protocol Stacks
How do the standard TCP / IP Protocols fit in?
BACNET
CODESYS
DNP3
EIP
Ethercat
Modbus
Point Protocol
S7
HART IP
ISO Protocol Stacks

 

Network Analysis Methodology
Analyzing the Network Communication Architecture
Analyzing Conversations and Activities
Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to recognize and analyze suspicious user traffic
A Sample Advanced Network Analysis Methodology
6 Steps for practical ICS / SCADA Network Analysis
Answering the key questions
A Sample Network Analysis Methodology
Diagraming Conversations – A Picture is worth 1024 Words
Related Packet and Intelligent Scrollbar features

 

Security Concerns in the ICS / SCADA Environment – When Things go Wrong
Exploiting the Target & Exploits
Drive-by-Downloads
Ransomware, Crimeware and Malware – Worms & Virus’s
Fake Login’s & Password Hijacks
Overflow’s
Internet-Based Exploits
Attacks
Bots, Botnets, Bot Herders
Denial of Service (DoS / DDoS)

Student qoutes

" I found Phill to be the best teacher, and I learn so much from him. Thank you Phill"

- Paul Broyd

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"It's sure the most interesting course that i have followed"

- Karin van der Plas

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"It was a very very very interesting course, and done by the top guy"

- Matthew Steenwijk

Course: VoIP Network Analysis

"It was a real pleasure to receive the Wireshark training from a very dedicated trainer"

- Wim de Vries

Course: Voice & Video over IP Network Analysis

"I thought I already knew Wireshark. I was wrong, very wrong"

- Jeroen Valkonet

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"This course is a must have for everyone in IT"

- Johan den Besten

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"Great for network analyses or forensic investigations"

- Sven Schneider

Course: Masterclass – Advanced Network & Intro to Security Analysis

"By far the very best course I ever took"

- Joachim van Doeselaar

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"If there’s a packet, it can be WireSharked!!"

- Elena Petrova

Course: WiFi & Wireless Network Analysis Using Wireshark

"Extremely satisfied with the training. Very helpful instructor and great teaching methods"

- Lars Mikkelsen

Course: Masterclass – Advanced Network & Intro to Security Analysis

More courses within category Security / Forensics

Wireshark Command Line Tools for Troubleshooting

Amsterdam / In-House / Virtual
duration: 5 days
T.B.A.
Network and Forensics Analysis encompasses the skills of capturing data and the ability to discern unusual patterns hidden within seemingly normal network traffic. This course provides the student with an..

Cyber Security & Network Forensics Analysis

Amsterdam / In-House / Virtual
duration: 5 days
T.B.A.
Network Forensics Analysis encompasses the skills of capturing suspicious data and the ability to discern unusual patterns hidden within seemingly normal network traffic. This course provides the student with a..
  • Atoomweg 2
    1627 LE HOORN
    The Netherlands
  • +31 (0)23-5685610
  • info@scos.training

Sign up and register for SCADA & Industrial Control Systems Analysis & Troubleshooting

A course only takes place if there is sufficient participation.
*
= required

Do you want to register for more than one course? Click here

Request information for SCADA & Industrial Control Systems Analysis & Troubleshooting

*
= required

Do you want to request information for more than one course? Click here