Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
6Activity
0 of .
Results for:
No results containing your search query
P. 1
OPC Security WP2

OPC Security WP2

Ratings: (0)|Views: 273 |Likes:
Published by Gary8
OPC Security White Paper #2 – OPC Exposed:
What are the risks and vulnerabilities incurred in deploying OPC in a control environment?
OPC Security White Paper #2 – OPC Exposed:
What are the risks and vulnerabilities incurred in deploying OPC in a control environment?

More info:

Published by: Gary8 on Mar 24, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/07/2012

pdf

text

original

 
 intrinsically secure
po box 178#5 – 7217 Lantzville rdlantzville, bccanada v0r 2h0office250.390.1333fax250.390.3899www.byressecurity.com
Digital Bond
suite 1301580 sawgrass corp pkwysunrise, FL 33323office954.315.4633www.digitalbond.com
OPC Security White Paper #2
OPC Exposed
 
PREPARED BY:
Digital BondBritish Columbia Institute of TechnologyByres ResearchNovember 13, 2007OPC Security WP 2 (Version 1-3c).doc
 
 
OPC Security WP 2 (Version 1-3c).doc ii November 2007
Revision History
Revision Date Authors Details
0.7 May 15, 2006 E. Byres, M Franz, Draft internal review version1.0 May 31, 2006 E. Byres, J. Carter, MFranzDraft for controlled public review1.1 August 31, 2006 E. Byres, M. Franz 2
nd
Draft for controlled publicreview1.2 February 9, 2007 E. Byres, D. Peterson 3
rd
Draft for controlled publicreview1.3 May 16, 2007 E. Byres, D. Peterson Public Release Version1.3a June 8, 2007 Typo fixed in Section 2.5.4 andadded required vulnerability1.3b August 27, 2007 Minor grammatical errorscorrected1.3c November 13, 2007 Grammatical error corrected in
Acknowledgements
The Group for Advanced Information Technology (GAIT) at the BritishColumbia Institute of Technology (BCIT), Digital Bond, and Byres Researchwould like to thank all the vendors and end users that generously supportedour efforts through numerous interviews and by providing us with documentsthat could only be described as extremely sensitive. Unfortunately we cannot name you for obvious security reasons, but we appreciate your time, trustand encouragement.Several people stood out in their contributions and advice for this documentthat we would like to acknowledge. First are Bill Cotter of MSMUG and ChipLee of ISA - we thank you for all your help in making the user surveys possible.We would also like to thank Ralph Langner for providing the four examplescenarios for this report and lots of useful information on OPC vulnerabilities.Finally we would like to thank Evan Hand, formerly of Kraft Foods Limited, forhis vision and support. Without him, this project never would have beenpossible.
Disclaimer
Deployment or application of any of the opinions, suggestions orconfiguration included in this report are the sole responsibility of the readerand are offered without warrantee of any kind by the authors.
 
Downloaded from www.PAControl.com
 
 
OPC Security WP 2 (Version 1-3c).doc iii November 2007
Table of Contents
Executive Summary.................................................................................................1
 
1
 
Introduction.......................................................................................................3
 1.1 The Issues........................................................................................................31.2 Organization of OPC White Paper Series..................................................51.3 Study Methodology......................................................................................51.4 Limitations of this Study................................................................................6
2
 
Threats & Vulnerabilities for OPC Host Systems..............................................8
 2.1 Underlying System Vulnerabilities on OPC Hosts......................................92.1.1 Unnecessary System Services..............................................................92.1.2 System Enumeration and Profiling....................................................102.1.3 Password Vulnerabilities.....................................................................132.1.4 Inadequate Logging..........................................................................142.1.5 Patching and Updates.......................................................................142.1.6 Use of Weak Authentication Mechanisms......................................142.1.7 Remote Registry Browsing..................................................................152.1.8 Local Vulnerabilities............................................................................152.2 OPC Related Vulnerabilities......................................................................152.2.1 Use of Historically Insecure Transport................................................152.2.2 Lack of Authentication in OPC Server Browser..............................162.2.3 Overly Permissive Authorization Policy on OPC Server Browser...162.2.4 OPC Server and OPC Server Browser Assigned ExcessivePrivileges..............................................................................................................172.2.5 Unnecessary Protocol Support for OPC Server Browser................172.2.6 Lack of Integrity of OPC Communications.....................................172.2.7 Lack of Confidentiality of OPC Traffic..............................................172.2.8 COM Internet Services Reliance on IIS.............................................182.2.9 OPC Security Configuration Lacks Fine Grained Access Control182.3 Security Considerations for Specific OPC Specifications.....................182.3.1 Security Considerations for OPC-DA................................................182.3.2 Security Considerations for OPC A&E..............................................182.3.3 Security Considerations for OPC-HDA.............................................192.3.4 Security Considerations for OPC-DX................................................192.3.5 Security Considerations for OPC XML-DA........................................192.4 A Very Brief OPC Threat Analysis..............................................................192.4.1 Attacker Objectives............................................................................192.4.2 Attacker Tools and Techniques.........................................................202.5 Four Possible OPC Risk Scenarios.............................................................202.5.1 Risk #1: Collateral Damage by OPC-Unaware Malware.............202.5.2 Risk #2: Accidental Shutdown of Control System by User............212.5.3 Risk #3: Opportunistic OPC Denial of Service Attack....................22
Downloaded from www.PAControl.com

Activity (6)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
phyowintsoe liked this
ysgadre liked this
baizen liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->