IT Security
t’s one thing to know generally that your systems are under fire from hackers around the world and malicious users around the office; it’s another to understand the specific attacks against your systems that are possible. This section discusses some well-known attacks but is by no means a comprehensive listing. Many security vulnerabilities aren’t critical … Read more
You need protection from hacker shenanigans; you have to become as savvy as the guys trying to attack your systems. A true security assessment professional possesses the skills, mindset, and tools of a hacker but is also trustworthy. He or she performs the hacks as security tests against systems based on how hackers might work. … Read more
Although you can’t know about and detect all vulnerabilities in advance of deployment, you certainly can be proactive in mitigating the potential of a SCADA security breach by taking the following defense-in-depth methods into consideration: • Develop a security policy. • Implement ACLs (access control lists). • Use MAC address filtering. • Use VLAN segmentation. … Read more
SCADA uses several protocols. The most common protocols are • Object Linking and Embedding for Process Control (OPC) • Inter-Control Center Protocol (ICCP) • Modbus • Distributed Network Protocol version 3 (DNP3) OPC OLE for Process Control is a software interface standard that allows Windows programs to communicate with industrial hardware devices. OPC is implemented … Read more
SCADA stands for supervisory control and data acquisition. SCADA networks control and monitor the critical utility and process control infrastructures for manufacturing, production, and power generation for utility companies, including electricity, natural gas, oil, water, sewage, and railroads. The development of SCADA can be traced back to the beginning of the 19 th century through … Read more
It would be fair to say that in most industries reverse engineering for the purpose of developing competing products is the most well-known application of reverse engineering. The interesting thing is that it really isn’t as popular in the software industry as one would expect. There are several reasons for this, but it is primarily … Read more
The first place to turn to when discussing the proper disclosure of software vulnerabilities is the governing body known as the CERT Coordination Center (CC). CERT/CC is a federally funded research and development operation that focuses on Internet security and related issues. Established in 1988 in reaction to the first major virus outbreak on the … Read more
Hacking into a system and environment is almost always carried out by exploiting vulnerabilities in software. Only recently has the light started to shine on the root of the problem of successful attacks and exploits, which is flaws within software code. Most attack methods described in this book can be carried out because of errors … Read more
Reverse engineering is the process of extracting the knowledge or design blue-prints from anything man-made. The concept has been around since long before computers or modern technology, and probably dates back to the days of the industrial revolution. It is very similar to scientific research, in which a researcher is attempting to work out the … Read more
Kickoff Meeting Unless a black box test is called for, it is important to schedule and attend a kickoff meeting, prior to engaging with the client. This is your opportunity not only to confirm your understanding of the client’s needs and requirements but also to get off on the right foot with the client. It … Read more