Week 7: Reading….

Armstrong, T. (2003), “Netcat – The TCP/IP Swiss Army Knife”, Information Security Reading Room, SANS Institute. Based on Nmap’s optimized and tested passive and active scanning libraries, Ncat is a powerful and flexible general purpose command line tool, useful for a wide range of interactive and network-connected backend testing and administration tasks. It  can read, write, redirect, and encrypt/decrypt data across an computer network, and enable users to: control every character sent among servers, network services, and clients, and view the resulting raw, unfiltered responses.  As such it is helpful in understanding a service, and how clients are using it, and enables: fixing problems, finding security flaws, and testing custom commands. It runs on all major operating systems, and can act as a connection broker among clients and services.

Question for class: How do penetration testers test for and detect the most common SCADA attack methods: Restriction of Operations within the Bounds of a Memory Buffer (26%), Improper input Validation (9%) ?

News of the Week: Dell’s 2015 annual security report states: Attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled worldwide between 2013 (163,228 attacks) and 2014 (675,186 attacks.) They target basic system operations controls, access and credential management, network navigation and input validation – and have potential to wreak major havoc over critical infrastructure systems for all. Most common successful attack methods against SCADA target insecure applications programming and management practices, including: Improper, Restriction of Operations within the Bounds of a Memory Buffer (26%), Improper input Validation (9%), Information Exposure (9%), Resource Management Errors (8%), Improper Neutralization of Input During Web Page Generation – i.e. Cross-site Scripting (7%), Permissions, Privileges and Access Controls (7%),…

https://software.dell.com/docs/2015-dell-security-annual-threat-report-white-paper-15657.pdf