“The ICS-CERT has recently received several reports from multiple independent security researchers who have employed the SHODAN search engine1to discover Internet facing SCADA systems using potentially insecure mechanisms for authentication and authorization. The identified systems span several critical infrastructure sectors and vary in their deployment footprints. ICS-CERT is working with asset owners/operators, Information Sharing and Analysis Centers (ISACS), vendors, and integrators to notify users of those systems about their specific issues; however, due to an increase in reporting of these types of incidents, ICS-CERT is producing a more general alert regarding these issues.”The information provided by the SHODAN search engine can provide information that could make it easier for an attacker to gain access to the identified systems. Two earlier ICS-CERT publications describe how this information could be used to gain access to, or control of, these systems.
Mitigation
ICS-CERT recommends:
• Placing all control systems assets behind firewalls, separated from the business network,I recall seeing this briefly discussed on the SCADASEC List earlier this week, but I cannot find a copy of discussion.
• Deploying secure remote access methods such as Virtual Private Networks (VPNs) for remote access,
• Removing, disabling, or renaming any default system accounts (where possible),
• Implementing account lockout policies to reduce the risk from brute forcing attempts,
• Implementing policies requiring the use of strong passwords; and
• Monitoring the creation of administrator level accounts by third-party vendors.
No comments:
Post a Comment