Blog Category: Industrial Security
This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com.
In Part 1 of this series I explained what "state" means in network communications and the hazards of stateless security. Part 2 detailed the behavior of a stateless firewall and included a demonstration of me attacking one. In this closing article, I describe stateful inspection and its importance in securing ICS and SCADA systems.
Read More >>
Posted by: Eric Byres on May 10, 2012
This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com. In Part 1 of this series I explained what "state" means in network communications and the hazards of stateless security. Part 2 detailed the behavior of a stateless firewall and included a demonstration of me attacking one. In this closing article, I describe stateful inspection and its importance in securing ICS and SCADA systems.
Read More >>
Stateful Firewall, Stateless Firewall, SCADA Security, Joel Langill, SCADA Firewall, Spoofing, Stateful Inspection, Tofino Modbus TCP Enforcer
| Comments (0) | Post a Comment |
Blog Category: Industrial Security
This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com.
In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security. In this article I will show you just how dangerously insecure these devices are.
Setting Up the Stateless Firewall
Let's consider a simple session where a client computer issues a request to a web server using the HTTP protocol as shown in the figure below. As defined in the IETF specifications, this message will contain the IP addresses of both computers ("src.ip" and "dst.ip"in Figure 1). It will also contain the number 80 in the destination port ("dst.port") field to indicate that the TCP packet contains a message for a HTTP server.
Read More >>
Posted by: Eric Byres on April 25, 2012
This article is a collaboration between Joel Langill and Eric Byres. Joel is the CSO at SCADAhacker.com. He can be reached at joel@scadahacker.com. In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security. In this article I will show you just how dangerously insecure these devices are.
Setting Up the Stateless Firewall
Let's consider a simple session where a client computer issues a request to a web server using the HTTP protocol as shown in the figure below. As defined in the IETF specifications, this message will contain the IP addresses of both computers ("src.ip" and "dst.ip"in Figure 1). It will also contain the number 80 in the destination port ("dst.port") field to indicate that the TCP packet contains a message for a HTTP server.
Read More >>
Stateful Firewall, Stateless Firewall, SCADA Security, Joel Langill, SCADA Firewall, Spoofing, Stateful Inspection, Tofino Modbus TCP Enforcer
| Comments (0) | Post a Comment |
Post a Comment