Revision with unchanged content. Modern industrial facilities, such as oil refineries, chemical factories, electric power generation plants, etc. are large, complex, distributed systems. These systems are monitored and controlled by networks of special purpose embedded computing devices such as sensors, actuators, and PLCs. These industrial control networks are commonly called SCADA (Supervisory Control and Data Acquisition) networks. The increasing interconnectivity of SCADA networks has exposed them to a wide range of network security problems. One of the important issues in securing SCADA networks is to identify vulnerabilities in the communication protocols. This book analyses existing qualitative security assessment guidelines, specifically attack and vulnerability taxonomies, and proposes a new framework for organizing information about known attacks and vulnerabilities to find unknown or similar vulnerabilities in new systems. This framework is used to organize information related to known vulnerabilities in SCADA protocols into a taxonomy that provides a systematic methodology for the security assessment of other SCADA protocols.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) are among the most common threats to IT security. As it does not require advanced resources, such attacks can be carried out by private individuals as well as organized groups, so-called “hacktivists”. This book gives an overview and detailed description of the different kinds of attacks commonly used by hackers and it shows the challenges for IT security experts. In a practical application exercise, a DoS attack simulation is created by running the tool Low Orbit Ion Canon (LOIC) on the attacker side and a victim running an Apache 2 server. A Wireshark network utility tool is used to capture and analyze the difference between the traffic sent from the LOIC client and the normal user. In addition, to simulate a DDoS attack, a MeTuS Delphi 2.8 tool is used to create the botnet. The configurations required to run the MeTuS Delphi tool such as PortForwarding and setting up a Dynamic DNS Update Client are shown in detail. A SSYN attack is also carried out by using the tool itself. Finally, the different mitigation techniques such as Iptables, ModSecurity, and Mod Evasive are discussed and shown in practice.
Testing and comparing antivirus software necessitates the availability of malware samples. An efficient way to detect malware is the use of honeypots. There exist honeypots which passively wait for automated attacks in order to capture the malicious binaries. Other types of honeypots crawl the web, and, by being attacked, can identify malicious websites. The goal was to create an efficient, easily manageable and adaptable network of honeypots, distributed worldwide, which automatically collects and handles malware from the web. For this purpose, existing honeypots were investigated and compared extensively. The findings were incorporated in the design of specialized, user-friendly honeynets, capable of automatically collecting malware samples and handling already known and unknown (zero-day) attacks. Additionally, an efficient sorting mechanism for large amounts of malware files was developed in order to create useful test sets.