In this work I recommend a new DNPSec framework to enable confidentiality, integrity, and authenticity (CIA) placed directly in the DNP3. Such a framework requires some modifications in the data structure ofthe DNP3 Data Link layer. My main goal is to address the threats related to CIA in the DNP3 as part of SCADA architecture, with a minimum performance impact on the communication link; and without requiring modification to the much more expensive Master and Substation devices and the applications supporting them. Also, and as part of this work, I develop a proof of concept for the DNPSec framework byconducting simulation studies to measure the performance impact by adding DNPSec functionality on the communication links and end nodes. One other recommendation in my work is to enable authorization services by the usage of the Role-Based Access Control (RBAC) model to define the users, security roles, permissions, authorization, and role hierarchy as one measure to access the SCADA system. Achieving the desired level of authorization and access control will involve integrating the security system with SCADA operations and building RBAC capabilities in the application level.
The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities. Metasploit: The Penetration Tester‘s Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security. The book begins with the basics of information security and Metasploit, then proceeds to general and advanced techniques for penetration testing, including network reconnaissance and enumeration, server- and client-side attacks, devastating wireless attacks, and even targeted social engineering attacks. Whether readers are looking to secure their own networks or discover holes in others’, Metasploit is the definitive guide to penetration testing with this dynamic and flexible framework.
The Ethical Hack: A Framework for Business Value Penetration Testing lays out the underlying methodologies and concepts required for performing successful and valuable penetration testing. The author discusses the process of penetration testing from a consultative point of view to ensure that the true value of the test is realized. He supplies a technical perspective of the common tools and exploits used by attackers along with the rational for why they are used and the information they provide the attacker. Finally, the text brings it all together in the form of attack scenarios to show the complete cycle of the attack from the hacker’s perspective to the client’s.
Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.
The Internet has given rise to new opportunities for the public sector to improve efficiency and better serve constituents in the form of e-government. But with a rapidly growing user base globally and an increasing reliance on the Internet, digital tools are also exposing the public sector to new risks.
An accessible primer, Cybersecurity: Public Sector Threats and Responses focuses on the convergence of globalization, connectivity, and the migration of public sector functions online. It identifies the challenges you need to be aware of and examines emerging trends and strategies from around the world. Offering practical guidance for addressing contemporary risks, the book is organized into three sections:
Global Trends—considers international e-government trends, includes case studies of common cyber threats and presents efforts of the premier global institution in the field
National and Local Policy Approaches—examines the current policy environment in the United States and Europe and illustrates challenges at all levels of government
Practical Considerations—explains how to prepare for cyber attacks, including an overview of relevant U.S. Federal cyber incident response policies, an organizational framework for assessing risk, and emerging trends
Also suitable for classroom use, this book will help you understand the threats facing your organization and the issues to consider when thinking about cybersecurity from a policy perspective.