Computing | Computer Security | Linux Security | Industrial Control Systems Security | Penetration Testing

Securing Industrial Control Systems

SCADA

The GENERATIONS of Scada

Scada has evolved over the years.

Primary Scada Services

Secondary Scada Services

Achieving Security - Guides and Standards

5 Phases of Security Testing

  1. Reconaissance, Footing, Information Gathering
    • Wappalyser
    • web.nvd.nist.gov
    • exploit-db
    • Maltego - paterva.com (get the community version)
    • Shodan
    • Dorks
    • hackersforcharity.org
    • traceroute
    • ping host -l 1000 -f
    • email footprinting
    • readnotify
    • ip2location
    • email tracking services
  2. Scanning - Port Scanning - Getting the Socket
    • Ports can be considered:
      • Open
      • Closed
      • Filtered (ACL)
    • nmap, winpcap, zenmap
    • Vunerability scanning
      • Nessus - checks webapps for malware, missing patches, misconfigs, use of defaults, zero day vulnerabilities, mobile platform weaknesses, PCI DSS Complianse
      • openVAS the Freesoftware scanner
      • Acunetix - Windows & Cloud Only
      • Zed Attack Proxy
      • Websecurify
      • Arachni
      • Nikto
      • Burp Suite
      • Virusdie
      • IronWASP
      • SecApps
      • skipfish
      • wapiti
      • w3af
      • Tamper Data
  3. Enumeration
  4. Exploitation
  5. Maintaining Access
  6. Clearing Your Tracks

Geting to Know Types of Threats

Policies & Procedures

Platform Vunerabilities

SIEM @ SCADA

SIEM - Security Incident and Event Management

Transforms Machine Data into the Operational Intelligence giving Proactive Anticipation of Attacks by Event Corrolation of Indicators of Compromise

Players in the Market



The systems work by installing a forwarder that then forwards machine logs to an Indexer


          Forwarder [collect logs from various machines]
             |
             V
          Indexer [to identify + label fields of the logs]
             |
             V
        Search-Head [event corrolation happens here]


http:///wiki/?icssecurity

10dec16   admin