Packet sniffing:

For IPv4:

For SYN flag set:
windump -i 1 "tcp[13] & 2 == 2"
tcpdump -i eth0 "tcp[13] & 2 == 2"

For ACK flag set:
windump -i 1 "tcp[13] & 2 != 0"
tcpdump -i eth0 "tcp[13] & 2 != 0"

For FIN flag set:
windump -i 1 "tcp[13] & 1 == 1"
tcpdump -i eth0 "tcp[13] & 1 == 1"

For IPv6:

For SYN Flag set:
windump -i 1 "ip6[6]=6 and ip6[40] & 2 == 2"
tcpdump -i eth0 "ip6[6]=6 and ip6[40] & 2 == 2"

For ACK Flag set: 
windump -i 1 "ip6[6]=6 and ip6[40] & 2 != 0"
tcpdump -i eth0 "ip6[6]=6 and ip6[40] & 2 != 0"

For FIN flag set:
windump -i 1 "ip6[6]=6 and ip6[40] & 1 == 1"
tcpdump -i eth0 "ip6[6]=6 and ip6[40] & 1 == 1"

Hvis man skal få dette til å kjøre sammen med Wireshark under windows, så må man først intallere Windump med tilhørende revisjon av pcap.

Nyttige redskaper:

Produktside hos Schneider

 

https://www.se.com/no/no/work/solutions/cybersecurity/

Bygninger:

https://download.schneider-electric.com/files?p_Doc_Ref=998-20119182_GMA-US

https://download.schneider-electric.com/files?p_Doc_Ref=998-2095-12-08-15AR0_EN

https://download.schneider-electric.com/files?p_Doc_Ref=998-20140821

https://download.schneider-electric.com/files?p_Doc_Ref=ciberseguridad_sistemas_bms

Kraftforsyning:

https://download.schneider-electric.com/files?p_Doc_Ref=998-20329038_GMA

https://download.schneider-electric.com/files?p_Doc_Ref=PAS_63680_CPM16068

https://download.schneider-electric.com/files?p_Doc_Ref=998-2095-04-06-16AR0_EN

Industri:

https://download.schneider-electric.com/files?p_Doc_Ref=How_can_I_Cybersec

https://download.schneider-electric.com/files?p_Doc_Ref=STN+v2

https://blog.se.com/digital-transformation/cybersecurity/2017/05/05/cybersecurity-business-case-arduous-challenge-part-1/

https://blog.se.com/digital-transformation/cybersecurity/2017/05/19/cybersecurity-business-case-arduous-challenge-part-2/

https://blog.se.com/industry/machine-and-process-management/2017/06/15/building-cybersecurity-knowledge-critical-first-step-secure-industrial-networks/

Masteroppgave i Cyber Security for OT

Denne masteroppgaven vinkler problemstillingen rundt Cyber Security i et ganske interessant tverrfaglig perspektiv.

Tittelen er:  Ikke-tekniske cybersikkerhetsbarrierer for OT-systemer i petroleumsindustrien. (Men den har nok også relevans utenfor petroleumsindustrien.)

https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/3024585

Her er også en annen masteroppgave innenfor beslektet tema:

“Cybersecurity Incident Management Process in Industrial ICT Systems”

https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/2781139

Her har vi en masteroppgave som er rettet mot innkjøp i forhold til overføringssystemene for elektrisk kraft. Inneholder kanskje litt generell informasjon som kan være interessant.

https://uia.brage.unit.no/uia-xmlui/bitstream/handle/11250/3019796/no.uia:inspera:110849353:20325511.pdf