Scada System Penetration Tests

Scada system; Distributed Control Systems (DCS), which collects continuous and real-time field data from various devices such as I/O Systems and smart sensors, covers automatic control, monitoring and reporting of results of all units, from control of all equipment to production planning, from environmental control units to auxiliary enterprises, and provides information to the user when necessary. It is a remote monitoring system that gives early warning. The functions of Scada systems are monitoring, control, data collection and recording of data.

Segmentation Analysis

Monitoring and controlling network system communications by dividing the existing network into subnets ensures that possible cyber attacks can be easily managed and the effects of cyber attacks can be reduced. If one of the hosts in the network segment is compromised, a reduced attack surface is created so that it can pivot. Common attack vectors such as LLMNR and NetBIOS poisoning can be partially mitigated by proper network segmentation because they only operate on the local network. In the segmentation test, field inspections are carried out and penetration tests are carried out with passive or active analysis over the existing network topology, and segmentation details and possible security risks are reported.

Visibility Analysis

Logs of control systems are monitored and visibility analysis is reported with data from field testing.

Authentication Infrastructure Analysis

It is the stage where the information obtained is reported by analyzing whether the authentication methods are secure or not, checking the accessibility of authorized accounts in case of any cyber attack.

Patch Analysis

In patch analysis, updates and patch management of the operating system and applications are checked and the obtained data is reported.

Remote Access Analysis

It covers the detection and reporting of possible security vulnerabilities by determining the reliability of remote access methods and when access is provided.

Anti-Malware Analysis

It is checked whether a solution has been developed to prevent the execution of malicious software and the obtained data is reported. 

Cyber Incident Monitoring and Response Analysis

Cyber incident policies and procedures should specify who will intervene and how in the event of a cyber attack. It is reported whether the log record is recorded in any log system and whether there is a response plan to the cyber attack.

Penetration Tests

Penetration testing is the process of simulating cyber attacks by cyber security experts in order to identify possible vulnerabilities and take precautions by performing various tests on companies' network infrastructures, hardware, software and applications, and reporting the test results. Penetration tests can be examined in three groups. There are three types of penetration tests: Whitebox Penetration Test, Blackbox Penetration Test and Greybox Penetration Test.

• Whitebox Penetration Test

In this method, the test expert is given information about the entire system by authorized persons and the damages that people who have previously worked or are currently working in the company can cause to the system are simulated. It is the type of penetration test that has the least risk of damaging the system.

• Blackbox Penetration Test

It is when the tester simulates the attack by pretending to be a hacker without any knowledge.

• Greybox Penetration Test

It is the simulation of the damage caused by an unauthorized user in the internal network by the tester.

Stages of Penetration Testing

• Planning

This is the stage where the scope and objectives of the penetration test (type of test, date and time to be performed, people who will perform the test) are determined.

• Data collection

It is the active or passive collection of information from the system to be tested for penetration. Active information collection is information collection done by communicating directly with the target system. Passive information collection is the collection of information over the internet without communicating with the target system.

• Scanning and Discovery

It is done to understand how the system will react to attack attempts. It is divided into two: static analysis and dynamic analysis. Static analysis is predicting the behavior of the application by examining the application code. Dynamic analysis is to check the code that is running.

• Gaining Access

It is the stage where access to the system is gained by using the vulnerabilities detected during scanning and discovery.

• Ensuring Access Continuity

This is the stage in which the authority is increased after the system is infiltrated and the access is made permanent.

• Analysis & Reporting

This is the stage where all transactions made, detected vulnerabilities and accessible sensitive data are analyzed and presented to the company.

Penetration Test Types 

• External Network Penetration Test
• Local Network Penetration Test
• Web Application Penetration Testing
• Wireless Network Penetration Testing
• Mobile Application Penetration Testing
• Social Engineering
• DDOS Tests