Methodologies For SCADA Penetration Testing

Over the years, Supervisory Control and Data Acquisition(SCADA) control systems have moved from closed networks to open source solutions. They are frequently deployed in infrastructure and industrial based processing environments. As a result, these control systems have become vulnerable to the security issues that our traditional computer networks go through. Applied Risk has developed a methodology to identify and analyze the security flaws and gaps systematically.  

A company has basically two alternatives if one wants to remain protected against computer risks. One is to take the aid of penetration testing experts to identify and resolve any vulnerabilities. Another option is to train their own IT team in penetration testing so that they can understand, identify and resolve the risks.

In order to have an effective penetration testing, it should be integrated into your security architecture that must be in line with the potential vulnerabilities and business objectives.

Methodologies For SCADA Penetration Testing

The comprehensive audit of security is conducted through expert knowledge and methods of best practices. During the tests, no interruption of services or intentional damage is caused to the customer’s systems. However, the use of test environments for the purpose of penetration testing is highly recommended.  

The methodology of Applied risk as described below follows the guidelines of penetration tests determined by the Federal Office for Information Security.

  • It basically involves scoping and pre-engagement, gathering of information, exploitation of weakness, evaluation of risks, reporting, maintaining the expertise and quality assurance.

  • Audit identification and perimeter – The identification is of devices and networks that involves router tables, router configs, packet sniffing, physical cable checks, switch tables among others. Local port verification is the service performed to resolve the risk of local banner grabbing. Its perimeter is inclusive of identifying all the external connections.

  • Network infrastructure – It involves reviewing of switch tables and router configs, conducting cable checks and packet sniffing and analysis.

  • Host operating systems – It consists of reviewing of patch level, password quality, share and directory permissions along with the review of remote access.

  • Applications – Reviewing of codes, OS credentials, remote access along with ports and services.

  • Scanning and discovery – We can change the name of stations, scan supported stations and devices, Change Netmask, gateway and IP along with requesting the full network info. Some of the tools available are Modescan and plc scan to scan Modbus devices.

  • Analyze protocols – The tools available for analyzing protocols are python, wireshark and hex viewer that allows us to detect devices and protocols and to monitor the state and commands. Also, we inject, modify and replay in real time.

  • Data Manipulation – The available tools for data manipulation are scapy extension, openDNP3, Library (C++), Metasploit Modules among others. As SCADA make use of web application on SQL and HMI in database, we can test them for any possible vulnerabilities.

As SCADA systems are becoming a focused attackers’ target, you need to ensure that the systems based on SCADA are secured from any external threats. Moreover, ensure external independent testing and self assessment are performed on a regular basis.

Applied risk has in depth experience and has performed various assessments on these networks. So, if your SCADA system is in need of penetration testing, contact us and we will provide you with the appropriate solutions.

Olivia Rs
Categorized as Tech