Scribd Logo
Carica

Benvenuto in Scribd!

  • Investigating SCADA Security Using Penetration Testing

    Caricato da

    Nelison Mandela
    38 visualizzazioni23 pagine
    Conference presentation

    Titolo originale

    SAUPEC Presentation 2014

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Conference presentation

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    38 visualizzazioni23 pagine

    Investigating SCADA Security Using Penetration Testing

    Caricato da

    Nelison Mandela
    Conference presentation

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 23

    Investigating Common SCADA Security

    Vulnerabilities Using Penetration Testing

    Sello Ralethe
    School of Electrical and Information Engineering
    University of the Witwatersrand, Johannesburg
    South Africa

    Introduction

    Supervisory Control and Data Acquisition


    SCADA Vulnerabilities
    Penetration Testing
    Research Hypothesis
    Results
    Conclusion

    2014/01/24

    SAUPEC 2014

    SCADA Architecture

    2014/01/24

    SAUPEC 2014

    Typical SCADA System

    2014/01/24

    SAUPEC 2014

    SCADA Vulnerabilities
    The use of open protocols and standard
    devices and the connection to public network
    have made SCADA systems a major target of
    cyber-attacks
    Attacks on SCADA systems are highly
    customised and most do not have the same
    configuration

    2014/01/24

    SAUPEC 2014

    SCADA Cyber-attack Examples


    Aurora Generator Test
    Distributed Denial of Service attack on an
    Israeli power plant
    Stuxnet worm

    2014/01/24

    SAUPEC 2014

    Penetration Testing
    Used to discover security vulnerabilities
    Stresses the application from an attackers point
    of view
    Discovers vulnerabilities by simulating attacks
    from hackers on a target application
    Provides an automatic way to search for
    vulnerabilities
    Three phases: information gathering, attack
    generation and response analysis
    2014/01/24

    SAUPEC 2014

    Penetration Testing Tools


    Tools used: Metasploit, Nessus and Nmap
    Metasploit is a framework for cyber
    exploitation
    Nessus is a tool designed to automate the
    testing and discovery of known security
    problems
    Nmap is a port scanning tool

    2014/01/24

    SAUPEC 2014

    Research Hypothesis
    The vulnerability Analysis of Energy Delivery
    Control Systems report prepared by the
    Idaho National Laboratory
    Report identified 10 most significant cyber
    security risks
    Report mentioned that the vulnerabilities are
    common among different SCADA systems
    with different functions, designs and
    configurations
    2014/01/24

    SAUPEC 2014

    Research Hypothesis (cont)


    Hypothesis: Penetration testing on a given
    SCADA system which was not part of the
    research covered by Idaho National Laboratory
    will reveal vulnerabilities which are classified as
    common by the report, as well as other
    uncommon vulnerabilities

    2014/01/24

    SAUPEC 2014

    10

    Implementation:
    Conceptual Design of the Virtual Plant
    Environment

    2014/01/24

    SAUPEC 2014

    11

    Implementation: Tools used in the


    Virtual Plant Design

    2014/01/24

    SAUPEC 2014

    12

    Experimental Setup
    Experiments involved simulations
    Three computers were used: one running a
    SCADA system, one simulating a plant, and
    one used to run penetration tests targeted at
    the SCADA system
    Two Scenarios

    2014/01/24

    SAUPEC 2014

    13

    Scenario One

    2014/01/24

    SAUPEC 2014

    14

    Scenario Two

    2014/01/24

    SAUPEC 2014

    15

    Scenario One Results


    Nmap Results
    PORT

    STATE

    SERVICE

    23/tcp

    Open

    Telnet

    513/tcp

    Open

    tcpwrapped

    514/tcp

    Open

    tcpwrapped

    2014/01/24

    SAUPEC 2014

    16

    Scenario One Results


    Nessus Results

    2014/01/24

    Vulnerability

    Risk Factor

    Distributed Denial of Service

    High

    Information Disclosure

    Medium

    SQL Injection

    High

    SQL pg_dump

    Medium

    SMB Signing Disabled

    Medium

    SSL Certificate cannot be Trusted

    Medium

    SSL Self-Signed Certificate

    Medium

    SSL Certificate with Wrong Hostname

    Medium

    SSL RC4 Cipher Suites Supported

    Low

    SAUPEC 2014

    17

    Scenario One Results


    Metasploit Results
    Vulnerability

    Risk Factor

    Man-in-the-middle attack

    High

    Weak Crytography

    Medium

    Insecure renegotiation of
    TLS/SSL

    Medium

    IP Fprwarding

    Medium

    2014/01/24

    SAUPEC 2014

    18

    Scenario Two Results


    Under this scenario, the attacks were
    launched from outside the company network
    Security policy on University network
    prevented the penetration testing runs
    No results collected under this scenario

    2014/01/24

    SAUPEC 2014

    19

    Conclusion
    SCADA system security is an area of growing
    interest due to the security threats faced by
    SCADA systems
    Idaho National Laboratory reported common
    SCADA vulnerabilities that are faced by all
    SCADA systems
    This research utilised penetration testing to
    investigate common vulnerabilities
    2014/01/24

    SAUPEC 2014

    20

    Conclusion (cont.)
    Experiments conducted under two different
    scenarios
    There were no results from the second
    scenario due to the security of the University
    network
    Results from scenario one show that there
    are common vulnerabilities among different
    SCADA system
    2014/01/24

    SAUPEC 2014

    21

    Future Work
    Investigate vulnerabilities under different
    network topologies
    Use simulating tools to simulate different
    network topologies
    Use more penetration testing tools

    2014/01/24

    SAUPEC 2014

    22

    Thank you

    2014/01/24

    SAUPEC 2014

    23

    Potrebbero piacerti anche