Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...

Validate the System
The initial step will be to do a network survey to validate the network, and eliminate any
incorrect assumptions from being made due to incorrect or outdated documentation. A
reference spreadsheet will be created to record all available information about each device. We
will then physically verify that all Ethernet connections are going to the proper place according
to the network map. Last, we will record the host names and IP addresses of all machines in the
lab, as well any software applications that are installed on each machine.
Document Running Services
The next step will be to find out how many ports were exposed to the local network, and what
services were running on each port. This step will be accomplished Nessus Security Scanner.
Nessus will scan through each possible TCP and UDP ports on each computer or hardware
device, detecting whether or not each port responds when queried with traffic. If the service
isn’t directly identifiable to the port scanner, software named Active Ports can be used to
discover which executable opens which port. This information will then be recorded to use as a
reference guide, in case we ever need to readily identify a particular port number or service.
Document Well-Known Software Vulnerabilities
During the port scan, it also runs numerous tests on each port to determine if each port is
susceptible to a particular vulnerability of any severity level.
The client side software scan requires a credentialed scan using Nessus’s SMB logon capabilities.
When Nessus is provided with the local Windows account credentials, the software is able to
check the patch levels of all software on the computer, including Windows itself. Information
about the OS patch level will be added to the reference spreadsheet.
Search for Implementation Vulnerabilities
The final step will be to search for vulnerabilities that are undocumented or specific to our lab
implementation. This includes investigating the Siemens software because Nessus does not have
any tests to evaluate its security level, as well as searching for any weaknesses in
communication or authentication protocols used by any devices or software in the lab.
Attack Implementation
To evaluate the results of the vulnerability assessment, we will attempt to implement any
promising vulnerabilities that are discovered. We will also attempt to make repeating these
attacks as simple as possible by documenting the steps on how to perform the attack, and if
possible, create shell scripts or batch files to run the attack commands.
Produce Report
We will produce a report detailing the existing vulnerabilities of the system, the possible impact
if an attack were carried out using a particular vulnerability, as well as possible countermeasures
to mitigate the effectiveness of a given attack.
SDMAY11-11 20