1
Download SCADAPack E Security Technical Reference
Transcript
Contents 3 ......................................................................................................................................... 63 7.3.10.2 Fixed AGA12-2 Parameters Vulnerabilities Addressed ......................................................................................................................................... 64 7.3.10.3 7.4 DNP3 Routing .......................................................................................................................................................... 65 7.5 Peer Com m unication, .......................................................................................................................................................... Multiple Masters, & Start-Up and Shutdow n 67 7.6 Security Considerations .......................................................................................................................................................... 68 8 Security ................................................................................................................................... Administration 69 8.1 Security File Managem .......................................................................................................................................................... ent & Counterpart Entry Managem ent 70 9 Diagnostics ................................................................................................................................... 70 9.1 DNP3 Secure Authentication .......................................................................................................................................................... Diagnostics 71 Example - No RTU Security Configured 71 9.1.1 Diagnostic ......................................................................................................................................................... Example - Incorrect Security Credentials 73 9.1.2 Diagnostic ......................................................................................................................................................... Example - Successful Critical Message Challenge 75 9.1.3 Diagnostic ......................................................................................................................................................... 9.2 AGA12 Encryption .......................................................................................................................................................... Diagnostics 77 Filtering 77 9.2.1 Diagnostic ......................................................................................................................................................... ......................................................................................................................................................... Diagnostics 78 9.2.2 Routing Rule Example - Session Open Transactions 82 9.2.3 Diagnostic ......................................................................................................................................................... Example - Session Re-establishment Transactions 89 9.2.4 Diagnostic ......................................................................................................................................................... ......................................................................................................................................................... 91 9.2.5 System Points 10 Attack................................................................................................................................... Vectors & Requirements 92 10.1 Protocol and Configuration .......................................................................................................................................................... attacks on RTU 93 10.2 Routed Com m.......................................................................................................................................................... unication to RTU & Access to Gatew ay 95 10.3 RTU Local Port.......................................................................................................................................................... Access, Netw orked Configurator & Spoofing Master Address 96 10.4 IP Netw orked.......................................................................................................................................................... RTUs & Duplicated RTU Personality 97 11 Using................................................................................................................................... AGA12 Security Components - Copyright 98 3
