Quantitatively Assessing and Visualising Industrial System Attack Surfaces

More documents

Recommendations

Info

CHAPTER 3. EXPLORING THE DATASET 34 Figure 3.1: Breakdown of HTTP response types Figure 3.2: Screenshot of unauthenticated whitelisting own IP addresses earlier is a disturbing discovery. We can only hope this individual device was not safety critical, and merely a demonstration system. In another case, we found the default user name and password provided in online help files. The screenshot can be found in Figure 3.3, showing the help file available from the website itself.
CHAPTER 3. EXPLORING THE DATASET 35 Figure 3.3: Default user names and passwords available in help files Proportion of connected and remotely exploitable nodes This dissertation is primarily concerned with the scale of industrial system exposure, so while the anecdotal cases above are interesting, they do not assist understanding the scale of the problem. The data shows roughly 7500 nodes exposed online, 17% with authentication, and most without. Primarily this protection is a password, and there are plenty of known techniques for compromising those. If simple attacks such as password cracking are eliminated from discussion, then 20.5% of the nodes analysed from SHODAN have published remote exploits for a technology listed in their application or operating system dependency stack (as derived from a banner). Top ten Autonomous Systems In Table 3.3 the top ten Autonomous Systems are shown and ranked by the number of devices or systems we found within their allocations. The top ten also conveniently delineate ASes that contain greater than 100 each. In some cases the AS will have some responsibility for this state of affairs, but in others they will not. The point of this table is to show that if one of these ISPs suffer a loss of connectivity, then that has an effect on the remote management of these systems accordingly. 3.4 Disambiguation and false positives In general false positives (presence of a node in the dataset when it should not be) can occur when the string we are searching for in SHODAN is replicated in another banner,
Page 1 and 2: Quantitatively Assessing and Visual
Page 3 and 4: Quantitatively Assessing and Visual
Page 5 and 6: Contents 1 Introduction 9 1.1 Goals
Page 7 and 8: List of Figures 2.1 Example exposur
Page 9 and 10: Chapter 1 Introduction Security of
Page 11 and 12: CHAPTER 1. INTRODUCTION 11 1. Slamm
Page 13 and 14: CHAPTER 1. INTRODUCTION 13 This par
Page 15 and 16: CHAPTER 1. INTRODUCTION 15 Stuxnet
Page 17 and 18: Chapter 2 Methodology In this chapt
Page 19 and 20: CHAPTER 2. METHODOLOGY 19 4. Combin
Page 21 and 22: CHAPTER 2. METHODOLOGY 21 2. SCADA
Page 23 and 24: CHAPTER 2. METHODOLOGY 23 A banner
Page 25 and 26: CHAPTER 2. METHODOLOGY 25 Of course
Page 27 and 28: CHAPTER 2. METHODOLOGY 27 but it do
Page 29 and 30: CHAPTER 2. METHODOLOGY 29 Figure 2.
Page 31 and 32: Chapter 3 Exploring the Dataset In
Page 33: CHAPTER 3. EXPLORING THE DATASET 33
Page 37 and 38: CHAPTER 3. EXPLORING THE DATASET 37
Page 39 and 40: CHAPTER 3. EXPLORING THE DATASET 39
Page 41 and 42: CHAPTER 4. INDUSTRY FEEDBACK SESSIO
Page 43 and 44: CHAPTER 4. INDUSTRY FEEDBACK SESSIO
Page 45 and 46: CHAPTER 5. CONCLUSION 45 systems vi
Page 47 and 48: CHAPTER 5. CONCLUSION 47 5.2.5 Real
Page 49 and 50: CHAPTER 5. CONCLUSION 49 5.3 Critic
Page 51 and 52: CHAPTER 5. CONCLUSION 51 Of academi
Page 53 and 54: Bibliography [1] Ross Anderson and

Quantitatively Assessing and Visualising Industrial System Attack Surfaces

Create successful ePaper yourself

Delete template?

Save as template?