Professional Documents
Culture Documents
Course Outline
1. Introduction to Ethical Hacking
2. Network and Computer Attacks
3. Intruder Attacks on Networks and Computers
4. Security and Vulnerability of SCADA Systems
Introduction
Hackers
Access computer system or network without authorization
Breaks the law; can go to prison
Crackers
Break into systems to steal or destroy data
U.S. Department of Justice calls both hackers
Ethical hacker
Performs most of the same activities but with owner’s permission
Penetration test
Legal attempt to break into a company’s network to find its weakest link
Security test
Port
Logical, not physical, component of a TCP connection
Identifies the service that is running
Example: HTTP uses port 80
A 16-bit number – 65,536 ports
Each TCP packet has a source and destination port
Ports 20 and 21
File Transfer Protocol (FTP)
Use for sharing files over the Internet
Requires a logon name and password
More secure than Trivial File Transfer Protocol (TFTP)
Micro Viruses
Virus encoded as a macro
Macro
Lists of commands
Passwords
PINs
Prevalent technology
Main goal
Tailored advertisement
Main problem
Firewalls
Can be combined
Attack
Any attempt by an unauthorized person to access or use network resources
Network Security
Security of computers and other devices in a network
Computer Security
Securing a standalone computer--not part of a network infrastructure
Computer Crime
Fastest growing type of crime worldwide
Some forms do not involve computers, like feeding a paper loop through a fax
machine
Loss of bandwidth
Often participants are not aware they are part of the attack
Goal
Hardware
Software
Software
Hardware
Easy to install
Inside attacks are more likely than attacks from outside the company
In addition to general cyber threats, which have been steadily increasing, several
factors have contributed to the escalation of risks specific to control systems,
including the:
There is no one magic solution for industry. Each entity must determine what
their goals are and arrive at a costeffective solution to these issues.
PLCs and RTUs are usually polled by other 3rd party vendor-specific networks
and protocols like RS-232, RS-485, MODBUS4, and DNP, and are usually
done over phone lines, leased private frame relay circuits, satellite systems,
licensed and spread spectrum radios, and other token-ring bus topology
systems.
This often gives the SCADA System Administrators a false sense of security
since they assume that these end devices are protected by these non-
corporate network connections.
This means that there is a path back to the SCADA systems and eventually
the end devices through their corporate network.
Use a Denial of Service (DoS) attack to crash the SCADA server leading to
shut down condition (System Downtime and Loss of Operations)
Delete system files on the SCADA server (System Downtime and Loss of
Operations)
Plant a Trojan and take complete control of system (Gain complete control of
system and be able to issue any commands available to Operators)
Change data points or deceive Operators into thinking control process is out
of control and must be shut down (Downtime and Loss of Corporate Data)
Modify any logged data in remote database system (Loss of Corporate Data)
The following list suggests ways to help protect the SCADA network in
conjunction with the corporate network:
The SCADA Security team should first analyze the current risks and threat at
each of the rings of defense, and then initiate a work plan and project to
reduce the security risk, while remembering to avoid any major impacts to
operations.