An Introduction to Industrial Control Systems Security Part III: Auditing the Environment

In order to ensure the security of a system sometimes it is not enough to follow the general advice outlined in the Overview of Protection Strategies and one may chose to perform a penetration test.

Security assessments of this highly sensitive environment should be conducted with extreme care. It requires not only basic network security skills but also knowledge of the equipment, SCADA-specific protocols and vulnerabilities.

ICT

On the photo you can see different types of PLC and RTU devices, discussed in the Overview of Industrial Control Systems:

  • Modicon Momentum PLC
  • Rockwell Automation MicroLogix 1100 PLC
  • Siemens S7 1200 PLC
  • Small embedded RTU device

The original SCADA protocols (vendor-specific protocols include ModbusRTU, DF1, Conitel, and Profibus) were serial-based, meaning that the master station initiated the communication with the controllers. Nowadays, almost all SCADA protocols are encapsulated in TCP/IP and can be operated over Ethernet.

To get a better understanding, one can use Modscan32 to connect to the PLC and view register data by entering the IP address and TCP port number in the tool.

mob2

If there is no live PLC available to work with, one can always use the ModbusTCP simulator to practice capturing traffic with Wireshark, configuring the OPC server and building human-machine interfaces.

modbus

Advertisements

One Comment on “An Introduction to Industrial Control Systems Security Part III: Auditing the Environment”

  1. […] the introduction to Industrial Control Systems Security see my previous blogs (Part I, Part II, Part II) or ICS Security […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s