Vulnerability Inheritance in PLCs. K. Reid Wightman Director, Digital Bond Labs

Size: px
Start display at page:

Download "Vulnerability Inheritance in PLCs. K. Reid Wightman Director, Digital Bond Labs"

Transcription

1 Vulnerability Inheritance in PLCs K. Reid Wightman Director, Digital Bond Labs

2 About Digital Bond Labs New division of Digital Bond Focused on working with vendors Finding new vulns in products Fixing bugs before they re an issue We find the kinds of bugs shown here I am biased Strong advocate of Red Teaming products Hire any outside team (or build your own)

3 Outline Vulnerabilities: What are they? Inheritance -3 rd party libraries Specific example Deep Dive Affected Vendor #1 Affected Vendor #2 Conclusion

4 Vulnerability In Industrial space this is strangely ambiguous, thanks to ICS-CERT My definition: Any mechanism which allows unauthorized changes to configuration or control Includes traditional bugs Authentication bypass Parsing errors Includes insecure by design

5 Outline Vulnerabilities: What are they? 3 rd party libraries Specific example Deep Dive Affected Vendor #1 Affected Vendor #2 Conclusion

6 3 rd Party Libraries Any OS (vxworks, GNU/Linux, Windows CE) Common embedded servers (GoAhead Webserver, fnord, boa, etc) Common libraries (OpenSSL, GNU/Bash) Specialized Industrial Libraries: CoDeSys, ProConOs

7 Ownership is the issue 3 rd Party Libraries You own any problems with 3 rd party software If Vendor software depends upon library, end user must have Vendor assurance that patch will work For embedded, end user needs Vendor to produce patched firmware Ex: Windows CE may have bugs Will vendor keep track of the bugs? Will vendor produce a patch to firmware? Will vendor inform customers of the patch?

8 Outline Vulnerabilities: What are they? 3 rd party libraries ICS-Specific example Deep Dive Affected Japanese Vendor #1 Affected Japanese Vendor #2 Conclusion

9 CoDeSys Programmable Logic Controller (PLC) Runtime and Engineering Software Used by hundreds of ICS vendors Primarily used in Europe, though some inroads into USA, Japan

10 CoDeSys: Select Vendors

11 CoDeSysComponents PLC Ladder Logic Runtime Runs on vxworks, WinCE, Linux, Nucleus, and others Executes ladder logic Comms for sending status and receiving commands Engineering Workstation (EWS) Software Common GUI for programming PLCs Supports LAD, STL, FBD, etc. Communicates with PLC via plugins OPC Server Gateway (Optional) between EWS and PLC

12 CoDeSys Components G L24V G 0V Y0 Y2 C1 Y5 Y7 Y10 Y12 C3 Y15 Y17 AC(L) AC(N) C0 Y1 Y3 Y4 Y6 C2 Y11 Y13 Y14 Y16 +V OUTPUT6-27V= :Sinking PWR: V~ 50-60Hz 1.0A Output 40VA Y X INPUT: 12-24V ~15mA PWR RUN CPU TX1 RX1 TX2 RX2 C0 X1 X3 X4 X6 C2 X11 X13 X14 X16 C4 X21 X23 N.C. X0 X2 C1 X5 X7 X10 X12 C3 X15 X17 X20 X22 N.C. PLC WWW Web Application Gateway Server OPC Server HMI Engineering Station

13 CoDeSysDeep Dive CoDeSysV2 protocol analysis and tools released in 2012 CoDeSysV3 protocol analysis done by DB Labs September 2014, internal tools developed The protocol changed a bit from V2 (more complex) Identical vulnerabilities as V2

14 CoDeSysV2 Flaws Unauthenticated ladder logic upload Unauthenticated command line for debugging Unauthenticated start/stop process control Directory traversal Upload/Download arbitrary files Rootkit deployment is free Many systems internet-connected (see joint paper with Éireann Leverett)

15 ICS-CERT advisory CVE (CVSS score: 10.0) CVE (CVSS score: 10.0) ICS-CERT Advisory ICSA

16 CoDeSysV3 Flaws Unauthenticated ladder logic upload Unauthenticated command line for debugging Unauthenticated start/stop process control Directory traversal quite likely Upload/Download arbitrary files Rootkit deployment possible Internet scan more difficult

17 CoDeSysDeployment Issues Usually installed/runs with root privileges (Linux) and SYSTEM (Windows) Why? CoDeSys runtime interacts with IO directly Easiest to run with elevated privs, instead of learning what is actually required A symptom of rushed development WHY? Bad news: CoDeSysruntime executes binary blobs that are uploaded to it, by design. rootkit ability is a side-effect.

18 No Security CoDeSysFlaws Summary Original vendor (3S-Software) may have assumed that no-one would learn protocol Original vendor (3S-Software) likely never had a Red Team look at components Original vendor has taken the stance, This is not our problem.

19 CoDeSysV2 Simple Protocol: Start bytes (usually 0xbbbb or 0xcccc), length field, function code, arguments Uses TCP/1200 (some systems use TCP/2455 or custom port) Determined how protocol works through protocol analysis (quite straightforward)

20 CoDeSysV2 3S Software included password protection in V2 Password protection was not enforced by PLC initially 3S Software provided patch for PLC to fix that To date, one model of PLC has the patch PLC-enforced password protection interferes with 3S OPC Server one reason offered by vendor Patching insecure-by-design is too late in Development Lifecycle Requires changing too much other software

21 CoDeSysV2 Ladder Logic PLC Runtime Loads DEFAULT.PRG into RAM Runtime then literally jumps into copied program Ladder Logic rootkit possible No verification of DEFAULT.PRG functionality PLC Runtime often runs with administrator privileges Needs access to hardware: read+write hardware I/O On poorly configured deeply embedded OSes(vxWorks), can read/write any memory Very bad design decision Example: Ladder Logic can call system()/execve() as root on Linux PLCs, if it wants

22 CoDeSysV2 Application Literally code injection, without authentication PC equivalent: service open on PC which accepts and runs binary blobs with admin privileges with no authentication Exploitation == learn how it works

23 CoDeSysV2 Lessons to Learn Apply Security Development Lifecycle to products Have Red Team review components Look at the design early and the implementation often Decide: Will we live with these vulnerabilities, will we fix them, or will we stop using the component? Determine how you will monitor and patch future problems Catching this problem early saved the two vendors who fixed it a lot of trouble

24 CoDeSysV2 Lessons to Learn Component DESIGN problems are contamination One component s insecure-by-design causes add-ons to expect that behavior Now instead of one fix, you need at least two The problem gets worse as more components communicate Fixing a design problem late is often impossible Great example: Modbus It could have security added via reserved function code but then every system on Earth would have to be changed

25 Protocol differs from v2 Can use UDP or TCP CoDeSysV3 UDP limits attack surface somewhat, although we can get around this TCP has not been thoroughly tested on live PLCs, only our simulator

26 CoDeSysV3 Notes No documentation on CoDeSysprotocols is publicly available Example presented is based entirely on reverse engineering and protocol analysis Our terminology may not match 3S Software s (debugging symbols removed from binaries, mostly) UDP/1740, TCP/11740

27 CoDeSysV3 First Packet M->S c e6 00 1e c a d5 79 f4 e1 17 9d f Destination Address, Last Octet E.g , 230 == 0xE6 Source Address, Last Octet E.g , 30 == 0x1E CRC CRC is calculated based on 0xC3 (byte 13) onward CRC algorithm is selected via protocol (more on this) Random Nonce

28 CoDeSysV3 First Reply S->M c5 f e 00 e a7 eb 4c e1 17 9d c de Session ID (2 bytes)

29 CoDeSysV3 Session Packet M->S c e6 00 1e c fd c fa b3 5e cd c a c c f9 Session Identifier, 2 bytes Master Sequence number Little Endian Unsigned Int Starts with 1, increments with each request from master Slave Sequence number Little Endian, increments with each response from slave Length CRC

30 CRC Algorithm Took some time to learn how this works Appeared to be CRC32 Several CRC algorithms implemented in GatewayService.exe, but no calls to these algorithms Debugged application to learn how it gets called

31 CoDeSysV3 CRC Selection (packet parser disassembly)

32 CoDeSysV3 CRC Selection Interesting place to look for bugs, both in EWS and Firmware Some suggestions that other fields in the protocol work the same way (no function references that we would expect in the disassembly) A good Red Team would shout about this implementation lots to go wrong

33 CoDeSysV3 UDP Security Security completely dependent upon session ID Local Subnet == Hacker wins 100% Remote Subnet == Easy to work around Session ID only values 2 bytes (up to values) but PLC increments value by 4 with each new session

34 So CoDeSysV3 IsVulnerable! ICS-CERT gets it wrong ICS-CERT probably got this information from 3S- Software. They don t verify vendor claims.

35 So CoDeSysV3 IsVulnerable! 3S-Software gets it wrong Bad Info ( affects V2.3? Also V2.4 and V3!) Only OEMs can download patch

36 CoDeSysV3 Lessons 3 rd party library vendor analysis Most will say, We have no problem Ask to see vendor s SDL documentation Trust But Verify Bring in Red Team and test yourself

37 CoDeSysV3 Lessons ICS-CERT reports untrustworthy ICS-CERT either can t do or can t publish own analysis Pretty obvious in this case would have spotted problem in 1 day of analysis Does more harm than good in this case (V3 users read, we aren t vulnerable, unlikely to pay attention to future issues)

38 Outline Vulnerabilities: What are they? 3 rd party libraries Specific example Deep Dive Affected Vendor #1 Affected Vendor #2 Conclusion

39 Vulnerable Vendor Highlight Hitachi EHV+ Line CoDeSysV3

40 Hitachi EHV+ Line: CoDeSysV3 EHV-CPU 1025 tested UDP only* Command line disabled* * These features might be enabled via updating config.cfg file on the PLC. No success yet.

41 Hitachi EHV+ Line: What They Did Right Hitachi deserves some credit EHV+ has no open TCP ports by default Only one open UDP port that we could tell (CoDeSys V3) This is much smaller attack surface than most vendors

42 Hitachi EHV+ Line No mechanism seen for applying a firmware update (Have not reverse engineered firmware, though, so maybe there is a way)

43 Hitachi EHV+: Exploiting UDP No security on CoDeSysV3 Protocol, just SID 2 bytes, so range is but PLC increments by 4, so only values No mechanism for adding password via CoDeSys Engineering Software Exploit script capabilities tested: Stop/Start CPU Retrieve/Send Ladder Logic Send New config.cfg Change IP address

44 Attacking UDP Attacker Network Router CoDeSys PLC PC (Might not exist)

45 Attacking UDP Attacker Request Session Source address: PC Network Router CoDeSys PLC PC (Might not exist)

46 Attacking UDP Attacker Network Router PLC Sends Session ID To Local PC PC may not expect message, or PC may not exist! CoDeSys PLC PC (Might not exist)

47 Attacking UDP Attacker Attacker must guess Session ID to STOP CPU Network Router CoDeSys PLC PC (Might not exist)

48 Outline Vulnerabilities: What are they? 3 rd party libraries Specific example Deep Dive Affected Vendor #1 Affected Japanese Vendor #2 Conclusion

49 Vulnerable Vendor Highlight Sanyo-Denki SanMotion C CoDeSysV2 vxworks debugger service Backdoor accounts (FTP)

50 Sanyo-Denki SanMotionC

51 SanMotionC FestoCECX-X-M1

52 SanMotion C Festo CECX-X-M1 Keba CP 232/Z

53 Festo/Sanyo/OEM? Festoand Sanyo seem to use same OEM Identical firmware on all systems Also in use by Keba, Kuka, Trumpf, Haitian, Buehler, Duerr, Engel, and other vendors OEM probably Keba Automation CP 232/Z (Austria) Tons of software components in system vxworks CoDeSys CANOpen protocol stack Etc

54 Festo/Sanyo/EtcVulnerabilities CoDeSysV2 All V2 problems exist First contacted Festo via ICS-CERT in early 2013 See ICS-CERT advisory ICSA , Festorefused to fix any problems vxworks Debugging Backdoor CVE Unauthenticated read/write to all memory Vulnerability was 5 years old at product release Backdoor FTP account CANBus debugging protocol ports

55 Festo/Sanyo/EtcVulnerabilities Of the 9 total companies affected, none of them spotted the security problems Likely that none of these companies do internal or external red teaming Unknown if any of these companies share vulnerability information (what about hardware defect information?)

56 Outline Vulnerabilities: What are they? 3 rd party libraries Specific example Deep Dive Affected Vendor #1 Affected Vendor #2 Conclusion

57 Conclusions but first.nl Shared scan script with John Matherly~2014 CoDeSys now searchable on Shodan country:nl 3s-smart 68 total devices (number has been increasing) Quite a few devices in Netherlands! Many HVAC systems One navigation/engine controller identified onboard a ferry (public transportation) Mostly devices for which we do not know the purpose

58 On Scanning for Systems Leverett smetric: cost for finding vulnerable devices 2013 stats: 600 devices found on Internet, cost was 1.30 per discovered device Cost: VPS rental and time to massage data 2015 stats: 1500 devices found on Internet, cost is 0.01 per discovered device Cost: 17 for Shodanfilter access

59 On Scanning for Systems Hardest part is what to do with device lists Most CERT/CSIRT have no authority to do anything May have friends at ISPs/companies, but cannot compel action Most ISPs refuse to forward security advisories to clients Legal issues abound: sometimes not allowed, sometimes afraid if we do it for this vuln, and not another, we may get sued Very rarely, device owners can be identified, but even they don t always take action One recent conversation: Yes, that is ours, but we don t know where it is.

60 Conclusions Identify security issues before product release Vendors should build list of 3 rd party products and monitor them for vulnerabilities In Sanyo-Denki example, controller released April 2010 (5 years after vxworksvulnerability widely known) In Hitachi example, EHV+ line released before v2 vulnerability was public, ~June-September Should have been noticed during internal security analysis

61 Plan to Patch Conclusions 2 Design an update mechanism Secure by design (functional/interface security) Genuine bugs are then easy to patch Design problems major problem for ICS Ex: Schneider patches webserver directory traversal (Billy Rios) quickly, but years later design problems persist Ex: 3S Software patched directory traversal bugs (Aaron Portnoy) quickly, took >1 year to patch CoDeSys design problem.

62 Questions? Reid Twitter

Potential Targets - Field Devices

Potential Targets - Field Devices Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to

More information

Analysis of the 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals

Analysis of the 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals Tofino Security SCADAhacker.com White Paper Version 1.1 Published November 20, 2012 Analysis of the 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals Contents Executive Summary...

More information

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

SECURITY TRENDS & VULNERABILITIES REVIEW 2015 SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Technical and Operational Requirements for Approved Scanning Vendors (ASVs) Version 1.1 Release: September 2006 Table of Contents Introduction...1-1 Naming

More information

SSA-345442: Multiple Vulnerabilities in WinCC flexible and WinCC V11 (TIA Portal)

SSA-345442: Multiple Vulnerabilities in WinCC flexible and WinCC V11 (TIA Portal) SSA-345442: Multiple Vulnerabilities in WinCC flexible and WinCC V11 (TIA Portal) Publishing Date 2012-01-24 Last Update 2012-01-24 Current Version V1.5 CVSS Overall Score 8.7 Summary: Multiple vulnerabilities

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

Turning your managed Anti-Virus

Turning your managed Anti-Virus Turning your managed Anti-Virus into my Botnet Jérôme NOKIN http://funoverip.net About me # id Jérôme Nokin http://funoverip.net jerome.nokin@gmail.com # job Penetration Tester Verizon Enterprise Solutions

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Using the Nessus Vulnerability Scanner on Control Systems

Using the Nessus Vulnerability Scanner on Control Systems Using the Nessus Vulnerability Scanner on Control Systems By Dale Peterson All too often we hear stories about the IT Department or some consultant running a vulnerability scan that takes down a key control

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices

The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices Kyle Wilhoit Sr. Threat Researcher Trend Micro 1 Glossary HMI: Human Machine Interface IED: Intelligent Electronic Device SCADA:

More information

Vulnerability Testing of Industrial Network Devices

Vulnerability Testing of Industrial Network Devices Vulnerability Testing of Industrial Network Devices Matthew Franz (mfranz@cisco.com) Critical Infrastructure Assurance Group (CIAG) http://www.cisco.com/go/ciag 2003, Cisco Systems, Inc. All rights reserved.

More information

Yahoo Attack. Is DDoS a Real Problem?

Yahoo Attack. Is DDoS a Real Problem? Is DDoS a Real Problem? Yes, attacks happen every day One study reported ~4,000 per week 1 On a wide variety of targets Tend to be highly successful There are few good existing mechanisms to stop them

More information

Automated Vulnerability Scan Results

Automated Vulnerability Scan Results Automated Vulnerability Scan Results Table of Contents Introduction...2 Executive Summary...3 Possible Vulnerabilities... 7 Host Information... 17 What Next?...20 1 Introduction The 'www.example.com' scan

More information

noway.toonux.com 09 January 2014

noway.toonux.com 09 January 2014 noway.toonux.com p3.7 10 noway.toonux.com 88.190.52.71 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4

More information

OSMOSIS. Open Source Monitoring Security Issues HACKITO ERGO SUM 2014 / April 2014 / Paris

OSMOSIS. Open Source Monitoring Security Issues HACKITO ERGO SUM 2014 / April 2014 / Paris OSMOSIS Open Source Monitoring Security Issues HACKITO ERGO SUM 2014 / April 2014 / Paris AGENDA Who are we? Open Source Monitoring Software Results Demonstration Responses Mitigations and conclusion 4/25/14

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

1 Scope of Assessment

1 Scope of Assessment CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned

More information

Exploiting Access Control and Facility Management Systems. Billy Rios Director of Threat Intelligence Qualys

Exploiting Access Control and Facility Management Systems. Billy Rios Director of Threat Intelligence Qualys Exploiting Access Control and Facility Management Systems Billy Rios Director of Threat Intelligence Qualys About:Me Qualys Director of Vulnerability Research and Threat Intelligence SpearPoint Security

More information

ModBus Server - KNX. Gateway for integration of KNX equipment into Modbus (RTU and TCP) control systems.

ModBus Server - KNX. Gateway for integration of KNX equipment into Modbus (RTU and TCP) control systems. IntesisBox ModBus Server - KNX Gateway for integration of KNX equipment into Modbus (RTU and TCP) control systems. Integrate KNX based lighting control into your SCADA, BMS, PLC "talking" Modbus. Master

More information

Securing EtherNet/IP Using DPI Firewall Technology

Securing EtherNet/IP Using DPI Firewall Technology Securing EtherNet/IP Using DPI Firewall Technology www.odva.org Technical Track About Us Erik Schweigert Leads device firmware development at Tofino Security BSc in Computer Science from VIU Michael Thomas

More information

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. Tools for penetration tests 1 Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. What is a penetration test? Goals: 1. Analysis of an IT-environment and search

More information

Medical Device Security: The Transition From Patient Privacy To Patient Safety. Scott Erven

Medical Device Security: The Transition From Patient Privacy To Patient Safety. Scott Erven Medical Device Security: The Transition From Patient Privacy To Patient Safety Scott Erven Who I Am Scott Erven Associate Director Medical Device & Healthcare Security Security Researcher Over 15 Years

More information

SSL Tunnels. Introduction

SSL Tunnels. Introduction SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

Why Should You Care About Security Issues? SySmox WEB security Info@sysmox.com. Top seven ColdFusion Security Issues

Why Should You Care About Security Issues? SySmox WEB security Info@sysmox.com. Top seven ColdFusion Security Issues SySmox WEB security Info@sysmox.com Top seven ColdFusion Security Issues This installment discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.

More information

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated IIS Web Servers Group The policies shipped with StormWatch address both application-specific

More information

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference... NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Medical Device Security Health Group Digital Output

Medical Device Security Health Group Digital Output Medical Device Security Health Group Digital Output Security Assessment Report for the Kodak Color Medical Imager 1000 (CMI-1000) Software Version 1.1 Part Number 1G0434 Revision 2.0 June 21, 2005 CMI-1000

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Yun Shield User Manual VERSION: 1.0. Yun Shield User Manual 1 / 22. www.dragino.com

Yun Shield User Manual VERSION: 1.0. Yun Shield User Manual 1 / 22. www.dragino.com Yun Shield User Manual VERSION: 1.0 Version Description Date 0.1 Initiate 2014-Jun-21 1.0 Release 2014-Jul-08 Yun Shield User Manual 1 / 22 Index: 1 Introduction... 3 1.1 What is Yun Shield... 3 1.2 Specifications...

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT Telecom Testing and Security Certification A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT 1 Need for Security Testing and Certification Telecom is a vital infrastructure

More information

The Security Gap. Philip Young aka Soldier of Fortran @mainframed767

The Security Gap. Philip Young aka Soldier of Fortran @mainframed767 The Security Gap Philip Young aka Soldier of Fortran @mainframed767 DISCLAIMER All research was done under personal time. I am not here in the name of, or on behalf of, my employer. Any views expressed

More information

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010 al al MWR InfoSecurity Security Advisory Symantec s Altiris Deployment Solution File Transfer Race Condition 7 th January 2010 20010-01-07 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...4

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

3.1 Connecting to a Router and Basic Configuration

3.1 Connecting to a Router and Basic Configuration 3.1 Connecting to a Router and Basic Configuration Objective This lab will focus on the ability to connect a PC to a router in order to establish a console session and observe the user interface. A console

More information

Management (CSM) Capability

Management (CSM) Capability CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE

More information

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015 QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs Absolute Backdoor Revisited Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs BlackHat, Las Vegas August, 2014 What is Computrace? Computrace is an Anti-Theft software

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD whoami? Senior Director of a Red Team PSIRT Case Manager Data Analyst Internet Crime Investigator Security Evangelist

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0. Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

Custom Solutions Center. Users Guide. Low Cost OEM PackML Templates L02 Release. Version LC-1.0

Custom Solutions Center. Users Guide. Low Cost OEM PackML Templates L02 Release. Version LC-1.0 Users Guide Low Cost OEM PackML Templates L02 Release Version LC-1.0 Users Guide Low Cost OEM PackML Templates L02 Release: Part 1 - Overview Version LC-1.0 Content 1 Introduction...1 2 Low Cost PackML

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson Nessus A short review of the Nessus computer network vulnerability analysing tool Authors: Henrik Andersson Johannes Gumbel Martin Andersson Introduction What is a security scanner? A security scanner

More information

Running a Default Vulnerability Scan SAINTcorporation.com

Running a Default Vulnerability Scan SAINTcorporation.com SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s

More information

Table of Contents. Safety Warnings..3. Introduction.. 4. Host-side Remote Desktop Connection.. 5. Setting Date and Time... 7

Table of Contents. Safety Warnings..3. Introduction.. 4. Host-side Remote Desktop Connection.. 5. Setting Date and Time... 7 Table of Contents Safety Warnings..3 Introduction.. 4 Host-side Remote Desktop Connection.. 5 Setting Date and Time....... 7 Changing Network Interface Settings.. 8 System Properties... 10 Changing the

More information

From Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org

From Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org From Rivals to BFF: WAF & VA Unite 07.23.2009 Brian Contos, Chief Security Strategist Imperva Inc. brian.contos@imperva.com +1 (650) 832.6054 Copyright The Foundation Permission is granted to copy, distribute

More information

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,

More information

Patch and Vulnerability Management Program

Patch and Vulnerability Management Program Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent

More information

Using Nessus In Web Application Vulnerability Assessments

Using Nessus In Web Application Vulnerability Assessments Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed

More information

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Black Box Penetration Testing For GPEN.KM V1.0 Month dd #$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;! Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:

More information

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Kaspersky Endpoint Security 10 for Windows. Deployment guide Kaspersky Endpoint Security 10 for Windows Deployment guide Introduction Typical Corporate Network Network servers Internet Gateway Workstations Mail servers Portable media Malware Intrusion Routes Viruses

More information

7.7 Ethernet Communication (AFPX-COM5)

7.7 Ethernet Communication (AFPX-COM5) 7.7 Ethernet Communication (AFPX-COM5) 7.7.1 AFPX-COM5 Overview The communication cassette AFPX-COM5 has an Ethernet interface at the COM1 port and a 3-wire RS232C interface at the COM2 port. The Ethernet

More information

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION copyright 2003 securitymetrics Security Vulnerabilities of Computers & Servers Security Risks Change Daily New

More information

Nessus scanning on Windows Domain

Nessus scanning on Windows Domain Nessus scanning on Windows Domain A little inside information and Nessus can go a long way By Sunil Vakharia sunilv@phreaker.net Version 1.0 4 November 2003 About this paper This paper is not a tutorial

More information

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012 Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012 1 The person installing the VC is knowledgeable of the Linux file system

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T+ 485+ PIN6 T- 485- PIN7 R+ PIN8 R-

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T+ 485+ PIN6 T- 485- PIN7 R+ PIN8 R- MODEL ATC-2004 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2004 is a 4 Port RS232/RS485 to TCP/IP converter integrated with a robust system and network management features

More information

Missing the Obvious: Network Security Monitoring for ICS

Missing the Obvious: Network Security Monitoring for ICS Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06

virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06 virtualization.info Review Center SWsoft Virtuozzo 3.5.1 (for Windows) // 02.26.06 SWsoft Virtuozzo 3.5.1 (for Windows) Review 2 Summary 0. Introduction 1. Installation 2. VPSs creation and modification

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges

More information

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper WP2 Subject: with the CRYPTO-BOX Version: Smarx OS PPK 5.90 and higher 0-15Apr014ks(WP02_Network).odt Last Update: 28 April 2014 Target Operating Systems: Windows 8/7/Vista (32 & 64 bit), XP, Linux, OS

More information

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

School of Information Science (IS 2935 Introduction to Computer Security, 2003) Student Name : School of Information Science (IS 2935 Introduction to Computer Security, 2003) Firewall Configuration Part I: Objective The goal of this lab is to allow students to exploit an active attack

More information

Client logo placeholder XXX REPORT. Page 1 of 37

Client logo placeholder XXX REPORT. Page 1 of 37 Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company

More information

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

IPPBX FAQ. For Firmware Version: V2.0/V3.0 2013-12-11

IPPBX FAQ. For Firmware Version: V2.0/V3.0 2013-12-11 For Firmware Version: V2.0/V3.0 2013-12-11 Contents 1. IPPBX Access... 3 1.1 How to access IPPBX via SSH?... 3 1.2 How to access IPPBX if I forget the IP of WAN?... 4 1.3 How to retrieve WEB password via

More information

Looking for Trouble: ICMP and IP Statistics to Watch

Looking for Trouble: ICMP and IP Statistics to Watch Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

The Hacker Strategy. Dave Aitel dave@immunityinc.com. Security Research

The Hacker Strategy. Dave Aitel dave@immunityinc.com. Security Research 1 The Hacker Strategy Dave Aitel dave@immunityinc.com Security Research Who am I? CTO, Immunity Inc. History: NSA->@stake -> Immunity Responsible for new product development Vulnerability Sharing Club

More information

Post-Access Cyber Defense

Post-Access Cyber Defense Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center

More information

Technical Information

Technical Information Technical Information Recorders, Data Loggers, and Control Products Security Standard Contents 1. Introduction... 1-1 Why Security Is Essential... 1-1 Applicable Products... 1-2 Trademarks... 1-2 2. Assets

More information

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Running a Default Vulnerability Scan

Running a Default Vulnerability Scan Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability

More information

ECE 4893: Internetwork Security Lab 12: Web Security

ECE 4893: Internetwork Security Lab 12: Web Security Group Number: Member Names: ECE 4893: Internetwork Security Lab 12: Web Security Date: April 6, 2004 Date Due: April 13, 2004 Last Revised: April 2, 2004 Written by: Tom Bean and Valerio Oricchio Goal:

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information