Security log time synchronization for high-availability systems

Security log time synchronization for high-availability systems

An increasing number of factory automation systems are connected to the Internet or other public networks, and secured by firewalls, intrusion detection systems (IDSs), etc. In order to detect attacks, correlation of firewalls, router, proxy, and IDS logs is necessary. Successful correlation require...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Naedele, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Best practices
Computer crime
Data security
Delay
Intrusion detection
IP networks
Manufacturing automation
Network topology
Protocols
Real time systems
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An increasing number of factory automation systems are connected to the Internet or other public networks, and secured by firewalls, intrusion detection systems (IDSs), etc. In order to detect attacks, correlation of firewalls, router, proxy, and IDS logs is necessary. Successful correlation requires, among other things, synchronized time stamps for all the log entries created by different sources. The automation system usually contains a rather accurate time source, which could be used to derive the time base for all system components, including the above-mentioned security mechanisms. A number of standard protocols exist for time synchronization. It will be shown that these protocols do not fulfill the necessary security requirements. In particular, they open up the automation system network to denial-of-service attacks from the outside. Various design alternatives and the requirements for an alternative time synchronization protocol are discussed.
DOI:10.1109/INDIN.2003.1300270