Penetration Testing mailing list archives
Re: Risk/Threat Assessments for Utility specific software/hardware
From: "Kurt Seifried" <bt () seifried org>
Date: Wed, 22 Jan 2003 01:43:51 -0800
Go find a company that writes process control software (preferably the one they plan to use) and talk to them. Ditto goes for SCADA systems, many of which have tcp-ip capabilities, with many now having capabilities such as emailing reports, directly from RTU's!. Generally speaking the security on this stuff is bad, the primary method being to seperate it heavily, which may or may not work (dialup, VPN's, etc.). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Risk/Threat Assessments for Utility specific software/hardware Kurt Seifried (Jan 23)