Προστασία SCADA βιομηχανικών συστημάτων ελέγχου με μια ευέλικτη αρχιτεκτονική λύση ανοιχτού κώδικα
Protection of SCADA Industrial Control Systems using a flexible open source architectural solution
KeywordsSCADA ; Industrial control systems ; Industrial security ; OSSEC ; ICS ; Kibana ; Conpot ; PLC
The automated configuration of Conpot SCADA Honeypot architecture, presented in this thesis, is designed for operation inside an internal network and it is able to simulate a SCADA/ICS system. Today a part of business innovation which delivers efficiency and accuracy, is to connect SCADA systems to the internet, either directly or through internal networks. The internet connection for these systems is important because a process can be established for remote system maintenance, control and production data analysis. Hence considering the exposure of these systems to threats is enormous and accordingly the business risk for critical infrastructures. Hence for these reasons the need of securing the SCADA ICS devices is critical. One way is to learn from attackers directly by using SCADA honeypots. However as the concept of SCADA honeypot is well known in this thesis an innovation has been presented; an automation method to create and configure SCADA honeypots inside the internal network from a single web page. Thus an administrator can start and configure ad hoc honeypots. Moreover integration has been used with a well-known monitoring tool, OSSEC in order for the administrator to check and been informed of real time attacks in the honeypot systems with a variety of ways of through a modern Kibana console using ELK stack. Furthermore the chapter eight starts with the architecture design and information regarding all the open source programs that have been used and the workflow of the implementation. Firstly the solution starts with the steps used to implement the Fabric tool so as to be connected with all servers alongside with python code for the functions used for automation. Next instruction is given on the setup of OSSEC server and how the deployment created alongside with installation of agents and configuration of security policies and reports. Also in the end a wide demonstration of the solution is presented in two phases. First by showing the capabilities of Fabric and secondly how the architecture works when a honeypot is under attack. The proposed architecture is compatible with the majority of SCADA protocols, but in this thesis the most important is the Modbus protocol which is the key of this solution as this is the most popular in PLC implementation. Moreover, SNMP service on the honeypot is active as it is widely used in real SCADA environments. The solution this thesis proposes can add significant value to corporates because offers a whole system that can provide protection against PLC attacks. Besides that this system can hold many improvements for example can be trained in order to identify security patterns during an attack and provide the PLC administrators on time alerts.