Scribd
Upload
88 views

SCADA Hacking For Dummies: Security Engineer For EE

This document provides an overview and introduction to SCADA systems and hacking. It discusses SCADA evolution from analog to TCP/IP signaling, common SCADA protocols like Modbus TCP, typical SCADA system functions and elements, a demonstration SCADA system model used, and introductions to Snort and Sourcefire technologies for intrusion detection and prevention.

Uploaded by

silentidea8317
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
88 views

SCADA Hacking For Dummies: Security Engineer For EE

This document provides an overview and introduction to SCADA systems and hacking. It discusses SCADA evolution from analog to TCP/IP signaling, common SCADA protocols like Modbus TCP, typical SCADA system functions and elements, a demonstration SCADA system model used, and introductions to Snort and Sourcefire technologies for intrusion detection and prevention.

Uploaded by

silentidea8317
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

SCADA Hacking for

Dummies

Piotr Linke
Security Engineer for EE
Who doesn’t like these conferences!? my wife…

2
Agenda
● Snort and Sourcefire
● What we should know about SCADA
● SCADA model for our demo
● Live presentation
● Two words about the NextGen IPS

3
About Sourcefire

● Founded in 2001 by Snort Creator,


Martin Roesch, CTO
● Polska: Krzysztof Rocki, Michał Ceklarz
● FY2010 Revenue: $130.6M
● 12 offices worldwide, 380 employees
● Over 4000
commercial/enterprise/government
customers
● #1 in IPS Detection by NSS Labs
(96.7% default)
● Recognized by Forbes as Fastest-
Growing company in Security (2011)
● NASDAQ: FIRE
4
SCADA
● Supervisory Control And Data Acquisition
▸ Evolved from analog signaling from the past into
TCP/IP based signaling:
● Human maintained
● Leased telephone line
● Circuit switched lines
● Packet Switched lines

5
SCADA’s connectivity
● Modbus TCP

IP

TCP

Function code – reading/writing coils/registers


Address - offset into register list
Length - number of bits and coils
Data – what you want to put to the device
6
UnitID – which unit under the same IP address
SCADA
● Functions and elements
▸ Data Acquisition:
● sensors (digital ‘on’ and ‘off’ or analog ‘how much?’)
● relays
▸ Data Communication:
● Comm. Networks
▸ Data Presentation:
● Remote Terminal Unit – RTU
● Historian used for storage
▸ Control:
● Programmable Logic Controller – PLC
● Human-Machine Interface – HMI
● Supervisory Computer System - SCS
7
SCADA model
Data Control Data Presentation Data Comm. Data Acquisition

PLC/HMI/SCS RTU/Historian Cables/Radio Sensors/Relays


8
Our SCADA model
Sourcefire IPS
&
Attacker

RTU
&
Alarm Interlocks PLC
Cooling
System Dehumidifier

9
Demonstration Time!
Real world example

11
Open Source Snort

• Global IDS/IPS
standard
• Largest community
contributing to atack
detection rules
• Easy to integrate
• Ran in parallel with
Sourcefire
• Global Portal
www.snort.org

12
Next-Gen IPS – The Power of Awareness

Network
Know what’s there, what’s vulnerable,
and what’s under attack

Application
Identify change and enforce policy
on hundreds of applications

Behavior
Detect anomalies in configuration,
connections and data flow

Identity
Know who is doing what,
with what, and where

13
Next-Generation IPS

Defense Center

Intrusion Prevention Awareness technologies

Networks Apps Behavior Users

SSL Inspection Virtualisation

14
NSS Labs report May 2011

15
www.linkedin.com

Chrumkarnia – Snort PL

You might also like