Search Engine Identifies Vulnerable SCADA Systems - New Challenge for Information Security Experts
Recently, the Computer Emergency Response Team (CERT) reported that SHODAN, a search engine is capable of discovering vulnerable SCADA systems connected to Internet.
The report was based on the findings by independent information security professionals.
The revelation puts numerous computer systems across critical industries vulnerable to hacking attacks.
The search engine scans different ports for devices connected to the Internet.
The search even reveals information such as HTTP server responses, get responses, FTP and Telnet service banners, SSH banners and communication between client and servers during login attempts.
Ironically, the revelation comes at a time, when information security professionals are grappling with the challenges posed by the Stuxnet cyber weapon targeted primarily at industrial installations.
The identified systems have weak authentication mechanisms.
Most of the systems were primarily designed for monitoring purposes.
The revealed systems are susceptible to brute force attacks.
Further, the use of default username and passwords for authentication make the systems vulnerable to remote access.
The revelation reflects the negligence by the concerned security administrators despite the heightened cyber security risk.
Employees must be encouraged to use strong passwords instead of the default passwords, a fundamental aspect of the cyber security regime.
As the SCADA systems are likely to contain sensitive information and databases, it is important to incorporate multi-factor authentication system to restrict easier access to critical files.
The revelations necessitate the use of secure networks for remote access and monitoring by different users of the critical systems.
The exposure emphasizes the importance of ethical hacking to find vulnerabilities for strengthening the defenses of the information technology infrastructure.
Further, there must be adequate monitoring of third-party access to the systems.
The disclosure makes it vital for security administrators to place emphasis on employee awareness and cultivate secure IT practices.
The report was based on the findings by independent information security professionals.
The revelation puts numerous computer systems across critical industries vulnerable to hacking attacks.
The search engine scans different ports for devices connected to the Internet.
The search even reveals information such as HTTP server responses, get responses, FTP and Telnet service banners, SSH banners and communication between client and servers during login attempts.
Ironically, the revelation comes at a time, when information security professionals are grappling with the challenges posed by the Stuxnet cyber weapon targeted primarily at industrial installations.
The identified systems have weak authentication mechanisms.
Most of the systems were primarily designed for monitoring purposes.
The revealed systems are susceptible to brute force attacks.
Further, the use of default username and passwords for authentication make the systems vulnerable to remote access.
The revelation reflects the negligence by the concerned security administrators despite the heightened cyber security risk.
Employees must be encouraged to use strong passwords instead of the default passwords, a fundamental aspect of the cyber security regime.
As the SCADA systems are likely to contain sensitive information and databases, it is important to incorporate multi-factor authentication system to restrict easier access to critical files.
The revelations necessitate the use of secure networks for remote access and monitoring by different users of the critical systems.
The exposure emphasizes the importance of ethical hacking to find vulnerabilities for strengthening the defenses of the information technology infrastructure.
Further, there must be adequate monitoring of third-party access to the systems.
The disclosure makes it vital for security administrators to place emphasis on employee awareness and cultivate secure IT practices.