Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Validate the System<br />
The initial step will be to do a network survey to validate the network, and eliminate any<br />
incorrect assumptions from being made due to incorrect or outdated documentation. A<br />
reference spreadsheet will be created to record all available information about each device. We<br />
will then physically verify that all Ethernet connections are going to the proper place according<br />
to the network map. Last, we will record the host names and IP addresses <strong>of</strong> all machines in the<br />
lab, as well any s<strong>of</strong>tware applications that are installed on each machine.<br />
Document Running Services<br />
The next step will be to find out how many ports were exposed to the local network, and what<br />
services were running on each port. This step will be accomplished Nessus <strong>Security</strong> Scanner.<br />
Nessus will scan through each possible TCP and UDP ports on each computer or hardware<br />
device, detecting whether or not each port responds when queried with traffic. If the service<br />
isn’t directly identifiable to the port scanner, s<strong>of</strong>tware named Active Ports can be used to<br />
discover which executable opens which port. This information will then be recorded to use as a<br />
reference guide, in case we ever need to readily identify a particular port number or service.<br />
Document Well-Known S<strong>of</strong>tware Vulnerabilities<br />
During the port scan, it also runs numerous <strong>test</strong>s on each port to determine if each port is<br />
susceptible to a particular vulnerability <strong>of</strong> any severity level.<br />
The client side s<strong>of</strong>tware scan requires a credentialed scan using Nessus’s SMB logon capabilities.<br />
When Nessus is provided with the local Windows account credentials, the s<strong>of</strong>tware is able to<br />
check the patch levels <strong>of</strong> all s<strong>of</strong>tware on the computer, including Windows itself. Information<br />
about the OS patch level will be added to the reference spreadsheet.<br />
Search for Implementation Vulnerabilities<br />
The final step will be to search for vulnerabilities that are undocumented or specific to our lab<br />
implementation. This includes investigating the Siemens s<strong>of</strong>tware because Nessus does not have<br />
any <strong>test</strong>s to evaluate its security level, as well as searching for any weaknesses in<br />
communication or authentication protocols used by any devices or s<strong>of</strong>tware in the lab.<br />
Attack Implementation<br />
To evaluate the results <strong>of</strong> the vulnerability assessment, we will attempt to implement any<br />
promising vulnerabilities that are discovered. We will also attempt to make repeating these<br />
attacks as simple as possible by documenting the steps on how to perform the attack, and if<br />
possible, create shell scripts or batch files to run the attack commands.<br />
Produce Report<br />
We will produce a report detailing the existing vulnerabilities <strong>of</strong> the system, the possible impact<br />
if an attack were carried out using a particular vulnerability, as well as possible countermeasures<br />
to mitigate the effectiveness <strong>of</strong> a given attack.<br />
SDMAY11-11 20