-
While manufacturing environments were previously largely self-sufficient and isolated from other networks, Industry 4.0 is increasingly networking systems and controllers with the IT network. The aim is to optimize and automate processes. However, the first malware programs such as Stuxnet, Wannacry & Co. showed that this poses a massive threat to the security of entire industrial systems. Security through intelligent firewalls, IDS systems and other protective measures is therefore extremely important, although the requirements differ greatly between the classic IT world and a manufacturing environment. In addition, high standards are set for the operational safety of industrial networks.
-
Course Contents
-
- Typical attacks on factory environments and security vulnerabilities
- Risk analysis
- Communication routes in the ICS and their protection
- Security concepts for linking IT and manufacturing
- Identity and Access Management (IAM)
- Device Hardening and Virus Scanner – Design and Implementation in ICS
- Security through visibility and transparency
- Firewalls – Design and Implementation in ICS
- Intrusion Detection Systems (IDS) – Design and Implementation in ICS
- Remote maintenance access and VPNs for predictive maintenance – design and implementation in ICS
- Wireless LAN and WirelessHART: Security vulnerabilities and their protection
- Smartphones and tablets in the ICS
- Security Information and Event Management (SIEM) in the ICS
- Design and Architecture of Industrial Security Solutions: IEC-62443
- Protection of specific protocols such as PROFINET, Modbus, Ethernet/IP, etc.
- Further standards and best practices
- Safety – regulations and implementation
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
This course is aimed at network administrators and network planners who need to plan and implement a security policy in industrial environments. Practical examples and traces deepen the knowledge gained.
-
Knowledge Prerequisites
-
For successful participation, basic knowledge of industrial networks is required, as taught in the courses Industrial Ethernet I - Design and Implementation and Industrial Ethernet II - Special Requirements and Protocols.
| 1 | Grundlagen industrieller Sicherheit |
| 1.1 | Industrie 4.0: Neue Risiken und Herausforderungen |
| 1.2 | Begriffe und ihre Bedeutung |
| 1.3 | Sicherheitsempfehlungen für industrielle Netzwerke |
| 1.4 | Maßnahmen und Tools zur Steigerung von Sicherheit und Verfügbarkeit in der Industrie |
| 1.4.1 | Lösungen zur Umsetzung der Sicherheitsmaßnahmen |
| 1.4.2 | Fernwartungszugang |
| 1.4.3 | IDS/IPS-Systeme |
| 1.4.4 | Security Information and Event Management – SIEM |
| 1.5 | Bekannte Bedrohungen und Trends |
| 1.6 | Risikoanalyse |
| 1.7 | Standards |
| 1.8 | Typische Anbieter |
| 2 | Safety – Vorschriften und Umsetzung |
| 2.1 | Definition |
| 2.2 | Entwicklung |
| 2.3 | Vorschriften |
| 2.4 | Handlungsempfehlungen |
| 3 | Sicherheitskonzepte für die Kopplung von IT und Fabrikation |
| 3.1 | Sicherheitsaspekte in Fabrikationsumgebungen |
| 3.2 | Kommunikationswege im ICS |
| 3.3 | Typische Angriffe und Sicherheitslücken |
| 3.3.1 | Angriff auf Netzwerke |
| 3.3.2 | Angriff auf Server |
| 3.3.3 | Client Site Attacks |
| 3.3.4 | Mobile Endgeräte angreifen |
| 3.3.5 | Social Engineering |
| 3.3.6 | Angriffe im Internet of Things |
| 3.3.7 | Cloud Security |
| 3.3.8 | Advanced Persistent Threats |
| 3.4 | Typische Angriffe auf Fabrikumgebungen |
| 3.4.1 | Physikalischer Zugriff |
| 3.4.2 | Ungeschützte Netzzugänge |
| 3.4.3 | Mobile Endgeräte und Wechseldatenträger |
| 3.4.4 | Türschließsysteme und Thermostate |
| 3.4.5 | Fernwartungszugänge |
| 3.4.6 | Watering Hole Attacks |
| 3.5 | Design und Architektur von industriellen Sicherheitslösungen |
| 3.5.1 | Visibility und Transparenz |
| 3.5.2 | Design von Fernwartungszugängen am Beispiel Siemens |
| 3.6 | Zugriffsschutz auf Systeme und Netze |
| 3.6.1 | Komponenten |
| 3.6.2 | MAC Address Bypass |
| 3.6.3 | Secure Group Tagging |
| 3.7 | Firewalls – Design und Umsetzung im ICS |
| 4 | Sicherheit von industriellen Netzwerkprotokollen |
| 4.1 | Entstehung Feldbus-Systeme und Industrielles Ethernet |
| 4.2 | Modbus |
| 4.3 | Profibus |
| 4.4 | Profinet |
| 4.5 | EtherNet/IP |
| 4.6 | Wireless ICS-Technologien |
| 4.6.1 | WirelessHART |
| 4.7 | Wireless LAN (WLAN) |
| 4.7.1 | Authentisierung im WLAN |
| 4.7.2 | Neue Mechanismen für mehr Sicherheit im WLAN |
| 4.7.3 | WPA: Wi-Fi Protected Access |
| 4.7.4 | Authentisierung nach IEEE 802.1X |
| 4.7.5 | IEEE 802.11i |
| 4.7.6 | Protected Management Frames |
| 4.8 | OPC – Open Platform Communications |
| 4.9 | Local Area Networks (LANs) |
| 4.9.1 | MAC Spoofing |
| 4.9.2 | ARP Cache Poisoning |
| 4.9.3 | Neighbor Solicitation |
| 4.9.4 | Flooding der Switching Table |
| 4.9.5 | VLAN Hopping |
| 4.9.6 | Mirror Ports |
| 4.9.7 | DHCP Spoofing |
| 4.9.8 | Router Advertisements |
| 4.9.9 | Schutz von LAN-Umgebungen |
| 5 | Cyber Risk: Erkennung, Auswertung und Reaktion |
| 5.1 | Cyber Risk in Fabrikumgebungen |
| 5.2 | Risiken |
| 5.3 | Sicherheitsmetriken |
| 5.4 | Situative Awareness |
| 5.5 | Anomalie und Threat Detection |
| 5.6 | Security Monitoring |
| 5.7 | Security Responding |
| 6 | Best Practices und Trends |
| 6.1 | Best Practices |
| 6.2 | Trends und Ausblick |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
While manufacturing environments were previously largely self-sufficient and isolated from other networks, Industry 4.0 is increasingly networking systems and controllers with the IT network. The aim is to optimize and automate processes. However, the first malware programs such as Stuxnet, Wannacry & Co. showed that this poses a massive threat to the security of entire industrial systems. Security through intelligent firewalls, IDS systems and other protective measures is therefore extremely important, although the requirements differ greatly between the classic IT world and a manufacturing environment. In addition, high standards are set for the operational safety of industrial networks.
-
Course Contents
-
- Typical attacks on factory environments and security vulnerabilities
- Risk analysis
- Communication routes in the ICS and their protection
- Security concepts for linking IT and manufacturing
- Identity and Access Management (IAM)
- Device Hardening and Virus Scanner – Design and Implementation in ICS
- Security through visibility and transparency
- Firewalls – Design and Implementation in ICS
- Intrusion Detection Systems (IDS) – Design and Implementation in ICS
- Remote maintenance access and VPNs for predictive maintenance – design and implementation in ICS
- Wireless LAN and WirelessHART: Security vulnerabilities and their protection
- Smartphones and tablets in the ICS
- Security Information and Event Management (SIEM) in the ICS
- Design and Architecture of Industrial Security Solutions: IEC-62443
- Protection of specific protocols such as PROFINET, Modbus, Ethernet/IP, etc.
- Further standards and best practices
- Safety – regulations and implementation
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
This course is aimed at network administrators and network planners who need to plan and implement a security policy in industrial environments. Practical examples and traces deepen the knowledge gained.
-
Knowledge Prerequisites
-
For successful participation, basic knowledge of industrial networks is required, as taught in the courses Industrial Ethernet I - Design and Implementation and Industrial Ethernet II - Special Requirements and Protocols.
| 1 | Grundlagen industrieller Sicherheit |
| 1.1 | Industrie 4.0: Neue Risiken und Herausforderungen |
| 1.2 | Begriffe und ihre Bedeutung |
| 1.3 | Sicherheitsempfehlungen für industrielle Netzwerke |
| 1.4 | Maßnahmen und Tools zur Steigerung von Sicherheit und Verfügbarkeit in der Industrie |
| 1.4.1 | Lösungen zur Umsetzung der Sicherheitsmaßnahmen |
| 1.4.2 | Fernwartungszugang |
| 1.4.3 | IDS/IPS-Systeme |
| 1.4.4 | Security Information and Event Management – SIEM |
| 1.5 | Bekannte Bedrohungen und Trends |
| 1.6 | Risikoanalyse |
| 1.7 | Standards |
| 1.8 | Typische Anbieter |
| 2 | Safety – Vorschriften und Umsetzung |
| 2.1 | Definition |
| 2.2 | Entwicklung |
| 2.3 | Vorschriften |
| 2.4 | Handlungsempfehlungen |
| 3 | Sicherheitskonzepte für die Kopplung von IT und Fabrikation |
| 3.1 | Sicherheitsaspekte in Fabrikationsumgebungen |
| 3.2 | Kommunikationswege im ICS |
| 3.3 | Typische Angriffe und Sicherheitslücken |
| 3.3.1 | Angriff auf Netzwerke |
| 3.3.2 | Angriff auf Server |
| 3.3.3 | Client Site Attacks |
| 3.3.4 | Mobile Endgeräte angreifen |
| 3.3.5 | Social Engineering |
| 3.3.6 | Angriffe im Internet of Things |
| 3.3.7 | Cloud Security |
| 3.3.8 | Advanced Persistent Threats |
| 3.4 | Typische Angriffe auf Fabrikumgebungen |
| 3.4.1 | Physikalischer Zugriff |
| 3.4.2 | Ungeschützte Netzzugänge |
| 3.4.3 | Mobile Endgeräte und Wechseldatenträger |
| 3.4.4 | Türschließsysteme und Thermostate |
| 3.4.5 | Fernwartungszugänge |
| 3.4.6 | Watering Hole Attacks |
| 3.5 | Design und Architektur von industriellen Sicherheitslösungen |
| 3.5.1 | Visibility und Transparenz |
| 3.5.2 | Design von Fernwartungszugängen am Beispiel Siemens |
| 3.6 | Zugriffsschutz auf Systeme und Netze |
| 3.6.1 | Komponenten |
| 3.6.2 | MAC Address Bypass |
| 3.6.3 | Secure Group Tagging |
| 3.7 | Firewalls – Design und Umsetzung im ICS |
| 4 | Sicherheit von industriellen Netzwerkprotokollen |
| 4.1 | Entstehung Feldbus-Systeme und Industrielles Ethernet |
| 4.2 | Modbus |
| 4.3 | Profibus |
| 4.4 | Profinet |
| 4.5 | EtherNet/IP |
| 4.6 | Wireless ICS-Technologien |
| 4.6.1 | WirelessHART |
| 4.7 | Wireless LAN (WLAN) |
| 4.7.1 | Authentisierung im WLAN |
| 4.7.2 | Neue Mechanismen für mehr Sicherheit im WLAN |
| 4.7.3 | WPA: Wi-Fi Protected Access |
| 4.7.4 | Authentisierung nach IEEE 802.1X |
| 4.7.5 | IEEE 802.11i |
| 4.7.6 | Protected Management Frames |
| 4.8 | OPC – Open Platform Communications |
| 4.9 | Local Area Networks (LANs) |
| 4.9.1 | MAC Spoofing |
| 4.9.2 | ARP Cache Poisoning |
| 4.9.3 | Neighbor Solicitation |
| 4.9.4 | Flooding der Switching Table |
| 4.9.5 | VLAN Hopping |
| 4.9.6 | Mirror Ports |
| 4.9.7 | DHCP Spoofing |
| 4.9.8 | Router Advertisements |
| 4.9.9 | Schutz von LAN-Umgebungen |
| 5 | Cyber Risk: Erkennung, Auswertung und Reaktion |
| 5.1 | Cyber Risk in Fabrikumgebungen |
| 5.2 | Risiken |
| 5.3 | Sicherheitsmetriken |
| 5.4 | Situative Awareness |
| 5.5 | Anomalie und Threat Detection |
| 5.6 | Security Monitoring |
| 5.7 | Security Responding |
| 6 | Best Practices und Trends |
| 6.1 | Best Practices |
| 6.2 | Trends und Ausblick |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Hybrid Training
Trainer language German