Beruflich Dokumente
Kultur Dokumente
Sello Ralethe
School of Electrical and Information Engineering
University of the Witwatersrand, Johannesburg
South Africa
Introduction
2014/01/24
SAUPEC 2014
SCADA Architecture
2014/01/24
SAUPEC 2014
2014/01/24
SAUPEC 2014
SCADA Vulnerabilities
The use of open protocols and standard
devices and the connection to public network
have made SCADA systems a major target of
cyber-attacks
Attacks on SCADA systems are highly
customised and most do not have the same
configuration
2014/01/24
SAUPEC 2014
2014/01/24
SAUPEC 2014
Penetration Testing
Used to discover security vulnerabilities
Stresses the application from an attackers point
of view
Discovers vulnerabilities by simulating attacks
from hackers on a target application
Provides an automatic way to search for
vulnerabilities
Three phases: information gathering, attack
generation and response analysis
2014/01/24
SAUPEC 2014
2014/01/24
SAUPEC 2014
Research Hypothesis
The vulnerability Analysis of Energy Delivery
Control Systems report prepared by the
Idaho National Laboratory
Report identified 10 most significant cyber
security risks
Report mentioned that the vulnerabilities are
common among different SCADA systems
with different functions, designs and
configurations
2014/01/24
SAUPEC 2014
2014/01/24
SAUPEC 2014
10
Implementation:
Conceptual Design of the Virtual Plant
Environment
2014/01/24
SAUPEC 2014
11
2014/01/24
SAUPEC 2014
12
Experimental Setup
Experiments involved simulations
Three computers were used: one running a
SCADA system, one simulating a plant, and
one used to run penetration tests targeted at
the SCADA system
Two Scenarios
2014/01/24
SAUPEC 2014
13
Scenario One
2014/01/24
SAUPEC 2014
14
Scenario Two
2014/01/24
SAUPEC 2014
15
STATE
SERVICE
23/tcp
Open
Telnet
513/tcp
Open
tcpwrapped
514/tcp
Open
tcpwrapped
2014/01/24
SAUPEC 2014
16
2014/01/24
Vulnerability
Risk Factor
High
Information Disclosure
Medium
SQL Injection
High
SQL pg_dump
Medium
Medium
Medium
Medium
Medium
Low
SAUPEC 2014
17
Risk Factor
Man-in-the-middle attack
High
Weak Crytography
Medium
Insecure renegotiation of
TLS/SSL
Medium
IP Fprwarding
Medium
2014/01/24
SAUPEC 2014
18
2014/01/24
SAUPEC 2014
19
Conclusion
SCADA system security is an area of growing
interest due to the security threats faced by
SCADA systems
Idaho National Laboratory reported common
SCADA vulnerabilities that are faced by all
SCADA systems
This research utilised penetration testing to
investigate common vulnerabilities
2014/01/24
SAUPEC 2014
20
Conclusion (cont.)
Experiments conducted under two different
scenarios
There were no results from the second
scenario due to the security of the University
network
Results from scenario one show that there
are common vulnerabilities among different
SCADA system
2014/01/24
SAUPEC 2014
21
Future Work
Investigate vulnerabilities under different
network topologies
Use simulating tools to simulate different
network topologies
Use more penetration testing tools
2014/01/24
SAUPEC 2014
22
Thank you
2014/01/24
SAUPEC 2014
23