Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

SCADA search engine assists hackers in their evil exploits

Add to     Digg this story Digg this

November 3, 2010

The U.S. Computer Emergency Readiness Team (CERT) is warning that SCADA, a lesser known search engine that indexes specialized Internet devices and other complex equipment used to control power grids, refineries and even nuclear power plants is actually assisting potential hackers in discovering and accurately pinpointing critical industrial control systems that are extremely vulnerable to tampering.

In July, German power specialist Siemens said that it had discovered some critical Internet security issues in its power-grid management software and had provided its users safety patches to clear the problem. Now some security experts are saying that the patches were'nt enough since the security vulnerabilities appear to still be there.

The year-old search engine known as Shodan makes it very easy to locate Internet-facing SCADA (Supervisory Control And Data Acquisition) systems, in which some of them were designed by Siemens. As white-hat hacker and Errata Security expert Robert Graham says, the Shodan search engine can also be used to identify systems with known security vulnerabilities, which is exactly what hackers are looking for.

“The identified systems range from stand-alone workstation applications to larger wide area network (WAN) configurations connecting remote facilities to central monitoring systems and application servers in more than one data center,” CERT wrote in an advisory published late yesterday.

“These critical control and management systems have been found to be readily accessible from the Internet and with specialized tools such as Shodan, and the resources required to identify them now have been greatly reduced.”

Besides opening up industrial control systems to attacks that target unpatched security vulnerabilities, the information provided by Shodan also makes some networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults, CERT warned.

CERT advised senior system administrators to tighten security by:

  • Placing all control systems equipment and software behind strong hardware firewalls
  • Removing, disabling or renaming any default system accounts wherever possible
  • Deploying secure remote access methods such as Virtual Private Networks for remote access
  • Implementing strong account lockout policies to reduce the risk from brute force attempts
  • Implementing secure, across-the-board policies requiring the use of strong passwords
  • Daily monitoring the creation of administrator level accounts by third-party vendors
  • CERT's warning comes a few weeks after reports that a worm called Stuxnet burrowed into SCADA systems controlling nuclear power plants. The attack, which many researchers speculate was intended to disrupt Iran's nuclear aspirations, demonstrated the success in which determined hackers have in penetrating critical and (almost) national security control systems in use today.

    Short for Sentinel Hyper-Optimized Data Access Network, Shodan contains a wealth of information about network routers, switches, servers, load balancers and other specific hardware that is directly attached to the Internet.

    Its database was done by indexing metadata contained in the headers the hardware broadcasts to other devices. Various searches can be filtered by port, hostname and country. In other words, not only can it identify a Solaris server, it can in many cases identify a Solaris server located in Pakistan that still remains vulnerable to a known exploit.

    Shodan can also easily determine if the server is running Linux, Windows or any other version or type of operating system, along with about 20 other important system parameters such as how long the server has been running, if there's been any recent IP address or network changes, and when did those changes take place, etc. etc.

    Add to     Digg this story Digg this

    Source: The U.S. Computer Emergency Readiness Team (CERT).

    Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

    You can link to the Internet Security web site as much as you like.

    | Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
    Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

    Get your Linux or Windows dedicated server today.