Chapter 9: Scanning ICS/SCADA Systems
Industrial Control System (ICS)/Supervisory Control and Data Acquisition (SCADA) systems are part of the critical infrastructure found in power plants, chemical factories, oil refineries, and other large complexes. As the monitoring technology has matured, networking capabilities aimed to improve connectivity among components have introduced a new type of risk: network attacks. To make it worse, systems believed to be in isolated networks have been found connected to the internet and completely accessible remotely. Unfortunately, the number of critical systems found online has been growing steadily, and still to this day it is very common to find organizations with interconnected networks that allow access to network segments where the ICS/SCADA systems are.
It has been proven by security researchers that many ICS/SCADA protocols and products are extremely vulnerable as many were built without security. Nmap needs to be used carefully when scanning...