industrial systems audits

To complete the previous actions: intrusion tests on industrial systems allow teams (that would normally consider themselves as ‘not concerned’) to integrate cybersecurity within an industrial environment. After a phase of recognition of the industrial system as well as the discovery of active equipment (tcpdump probe, passive and active ARP scans, etc.) and services (TCP and UDP scans, etc.), the Synetis auditor identifies the key components of the industrial system such as industrial programmable logic controllers (PLCs) of RTU or PLC type, control systems (SCADA), supervision and control systems, etc. Lastly, before the manual testing phase, the auditor checks the presence of vulnerabilities through a vulnerability scanning solution and the use of categorized SCADA plugins. Other aspects can also be dealt with, such as the search for the use of default passwords, the identification of access accounts from the HTTP service of certain PLCs, etc.

The vulnerabilities generally identified on industrial information Systems are:

• Lack of management of security patches; hardware obsolescence; monitoring of vulnerabilities and threats
• Insufficient or incomplete password policies; lack of account management and authentication
• Absence of a management policy for connection interfaces (e.g. USB port); remote accesses, etc.
• Use of uncontrolled nomadic terminals
• Uncontrolled mapping (or even, absence of configuration control or absence of secure configurations)
• The use of vulnerable equipment and/or protocols
• A defect in physical access control, partitioning, remote maintenance
• Insufficient supervision of cybersecurity events (logging of security events often limited and infrequently exploited)
• Etc.