SCADA网络FUZZING测试及防护
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;"><span style="color:#777777;font-family:宋体;">使用工控漏扫对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">SCADA</span><span style="color:#777777;font-family:宋体;">系统的各个组成模块进行安全检查,会让整个工控网络的安全风险无处遁形;通过对部分未公开漏洞的工控机的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzzing</span><span style="color:#777777;font-family:宋体;">测试,可以较为准确的发现这些未公开漏洞的工控机存在的安全风险;针对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">SCADA</span><span style="color:#777777;font-family:宋体;">系统的安全防护系列手段,在电力、烟草、油化、铁路等众多涉及国计民生的关键生产领域都具有一定的适用性,能主动减轻攻击者针对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">SCADA</span><span style="color:#777777;font-family:宋体;">网络造成的破坏和影响。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">编者注:该篇文章将刊登到</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://www.nsfocus.com.cn/About_NSFOCUS/publication.html"><span lang="EN-US" style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:宋体;padding:0cm;"><span lang="EN-US">绿盟科技技术刊物</span></span></a></span><span style="color:#777777;font-family:宋体;">。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">SCADA</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">中的</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">FUZZING</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">测试</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">使用工控漏扫</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ICSscan</span><span style="color:#777777;font-family:宋体;">可以较为准确的发现</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">SCADA</span><span style="color:#777777;font-family:宋体;">系统中各个组成部分存在的安全隐患,尤其是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">PLC</span><span style="color:#777777;font-family:宋体;">等工控机的安全漏洞和安全隐患以及</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">windows</span><span style="color:#777777;font-family:宋体;">系统的安全风险,这给工控系统漏洞的扫描带来了极大的便利。</span><span style="color:#777777;font-family:Lato,sans-serif;"> </span><span style="color:#777777;font-family:宋体;">工控漏扫在对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IED</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">RTU</span><span style="color:#777777;font-family:宋体;">等设备进行评估时,以稳压器或者温度控制器为例,由于厂商众多,再者考虑到厂商公开漏洞的情况,很难对厂商数量繁多的稳压器或温度控制器进行标准化的漏洞扫描。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">基于这样的安全现状,可以考虑使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">测试技术来对这些未公开漏洞的厂商的工控设备进行设备健壮性的安全测试,并形成统一格式的安全报表,以解决未公开漏洞这一问题。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">小编的注释:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">可以提供一种智能方法来试图注入不规则消息内容和数据输入,以此来验证系统的可靠性。使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">系统进行测试主要有三个步骤:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">第一输入数据;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">第二输入的数据经过</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">FUZZING</span><span style="color:#777777;font-family:宋体;">系统进行变换;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">第三输出数据。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">如图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">1</span><span style="color:#777777;font-family:宋体;">所示。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">平台首先需要对被测的工控设备或系统进行配置,知道被测对象具体的型号和来自什么厂商(说哪种语言),接着建立连接(打招呼握手),选择相应测试用例集(准备交流的话题)。准备工作完成后就可以运行挖掘任务了,</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">平台除了向被测设备发送符合规范的通话报文(同一种语言),还会自动产生并发送大量变形后的报文(各种语言混杂以及不正确的语法),这个过程叫模糊测试(</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">),其目的是通过变异输入来观察被测设备是否有相应的容错能力(能否听得懂)。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">举个简单的例子:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">平台问:你是猴子派来的救兵吗</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">? </span><span style="color:#777777;font-family:宋体;">被测对象:是的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">(</span><span style="color:#777777;font-family:宋体;">正常回答</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">)</span><span style="color:#777777;font-family:宋体;">。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">平台接着问:猴子派来的救兵是你吗</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">? </span><span style="color:#777777;font-family:宋体;">被测对象:是的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">(</span><span style="color:#777777;font-family:宋体;">正常回答</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">)</span><span style="color:#777777;font-family:宋体;">。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">平台出大招:</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">You</span><span style="color:#777777;font-family:宋体;">,救兵,</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Monkey? </span><span style="color:#777777;font-family:宋体;">被测对象:</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">……(</span><span style="color:#777777;font-family:宋体;">非正常回答</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">)</span><span style="color:#777777;font-family:宋体;">。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/20151211-1.jpg"><img width="300" height="109" src="https://www.2k8.org/content/uploadfile/202211/26/38b8149c.jpg" alt="20151211-1" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">1 FUZZING</span><span style="color:#777777;font-family:宋体;">测试流程</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">使用</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">Autodafe</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">进行</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">SCADA</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Cambria,serif;font-size:18.0pt;"> </span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">测试</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Autodafe</span><span style="color:#777777;font-family:宋体;">是一个可以对程序及协议进行健壮性测试的著名的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">测试工具。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Autodafe</span><span style="color:#777777;font-family:宋体;">其实是一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span><span style="color:#777777;font-family:宋体;">框架,我们可以在</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">BT5</span><span style="color:#777777;font-family:宋体;">或者</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">kali</span><span style="color:#777777;font-family:宋体;">上安装它。然后还需要准备一台被测试的设备,被测试的设备可以是稳压器或者温度调节器,当然也可以是一台普通</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">PC</span><span style="color:#777777;font-family:宋体;">。这里我使用一台装有</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">windows</span><span style="color:#777777;font-family:宋体;">系统的普通</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">PC</span><span style="color:#777777;font-family:宋体;">进行安全测试。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">前期准备工作:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Modbus</span><span style="color:#777777;font-family:宋体;">消息:使用功能代码</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">06</span><span style="color:#777777;font-family:宋体;">的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Write</span><span style="color:#777777;font-family:宋体;">单寄存器的查询请求;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">利用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">wireshark</span><span style="color:#777777;font-family:宋体;">捕获使用功能代码</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">06</span><span style="color:#777777;font-family:宋体;">的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Modbus Write</span><span style="color:#777777;font-family:宋体;">单寄存器分组,捕获或下载分组踪迹后,在</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">wireshark</span><span style="color:#777777;font-family:宋体;">中将分组捕获导出为</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PDML</span><span style="color:#777777;font-family:宋体;">格式,并保存到</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Autodafe</span><span style="color:#777777;font-family:宋体;">目录中;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PDML2AD</span><span style="color:#777777;font-family:宋体;">实用工具将</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PDML</span><span style="color:#777777;font-family:宋体;">文件转换成</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Autodafe</span><span style="color:#777777;font-family:宋体;">脚本语言;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">输入命令</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">cat Modbus_query_write.ad</span><span style="color:#777777;font-family:宋体;">查看经过解析的文件;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">ADC</span><span style="color:#777777;font-family:宋体;">实用工具编译</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">modbus_query_write.ad</span><span style="color:#777777;font-family:宋体;">文件;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">就像在</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">NIPS</span><span style="color:#777777;font-family:宋体;">入侵防护系统上打回放包一样,我们需要把整个攻击过程进行抓包做成回放包(使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">wireshark</span><span style="color:#777777;font-family:宋体;">等抓包工具捕获操作的整个过程,通过将捕获的数据包回放到网卡上,模拟原始数据包在网络上传输情况)。这里简单来说就是先模拟一次对被测设备的控制过程,将该过程存储后扔到</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">autodafe</span><span style="color:#777777;font-family:宋体;">中进行变异,变异后再进行回放输出。当然最后输出的时候还是要用到</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">autodafe</span><span style="color:#777777;font-family:宋体;">的核心模块</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">autodafe</span><span style="color:#777777;font-family:宋体;">,</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">autodafe</span><span style="color:#777777;font-family:宋体;">是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">的核心引擎,用来解析</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">.adc</span><span style="color:#777777;font-family:宋体;">文件,生成</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">数据同时发包。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">重点语句有以下三个:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">pdml2ad –v -p modbus_query_write.pdml modbus_query_write.ad</span><span style="color:#777777;font-family:宋体;">;</span><span style="color:#777777;font-family:inherit,serif;"> </span><span style="color:#777777;font-family:宋体;">(使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PDML2AD</span><span style="color:#777777;font-family:宋体;">实用工具将</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PDML</span><span style="color:#777777;font-family:宋体;">文件转化成</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">autodafe</span><span style="color:#777777;font-family:宋体;">脚本语言,</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">-v</span><span style="color:#777777;font-family:宋体;">表示显示冗长信息,</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">-p</span><span style="color:#777777;font-family:宋体;">表示恢复协议)</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">adc modbus_query_write.ad modbus_query_write.adc</span><span style="color:#777777;font-family:宋体;">;</span><span style="color:#777777;font-family:inherit,serif;"> </span><span style="color:#777777;font-family:宋体;">(使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">ADC</span><span style="color:#777777;font-family:宋体;">实用工具编译</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">modbus_query_write.ad</span><span style="color:#777777;font-family:宋体;">文件)</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">autodafe –v –r 192.168.2.28 –p 502 modbus_query_write.adc</span><span style="color:#777777;font-family:宋体;">;</span><span style="color:#777777;font-family:inherit,serif;"> </span><span style="color:#777777;font-family:宋体;">(</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">Autodafe</span><span style="color:#777777;font-family:宋体;">命令中,</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">-v</span><span style="color:#777777;font-family:宋体;">表示显示冗余信息,</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">-r</span><span style="color:#777777;font-family:宋体;">表示远程主机。默认是</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">tcp</span><span style="color:#777777;font-family:宋体;">,如需</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">udp</span><span style="color:#777777;font-family:宋体;">,则添加</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">-u</span><span style="color:#777777;font-family:宋体;">参数)</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">如果是对一台普通</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">PC</span><span style="color:#777777;font-family:宋体;">进行安全测试,那最终使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">autodafe</span><span style="color:#777777;font-family:宋体;">的语句又会有些变化了。比如要对一台使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4000</span><span style="color:#777777;font-family:宋体;">端口和攻击机进行通信的被测</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">PC</span><span style="color:#777777;font-family:宋体;">进行安全测试。</span><span style="color:#777777;font-family:Lato,sans-serif;"> </span><span style="color:#777777;font-family:宋体;">最终要使用这样一条语句:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"> autodafe –b –vv –p 4000 –r 127.0.0.1 –P 8000 –D 192.168.0.1 ./vuln2.adc</span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">来对目标主机的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4000</span><span style="color:#777777;font-family:宋体;">端口进行测试。在图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2</span><span style="color:#777777;font-family:宋体;">中可以看到</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">不断在增加</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">变量的大小。图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">3</span><span style="color:#777777;font-family:宋体;">显示和目标主机的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4000</span><span style="color:#777777;font-family:宋体;">端口连接失败。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/20151211-2.jpg"><img width="300" height="162" src="https://www.2k8.org/content/uploadfile/202211/26/7c7e757a.jpg" alt="20151211-2" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2 fuzz</span><span style="color:#777777;font-family:宋体;">变量增加过程</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/20151211-3.jpg"><img width="300" height="162" src="https://www.2k8.org/content/uploadfile/202211/26/18bd102f.jpg" alt="20151211-3" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">3 </span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4000</span><span style="color:#777777;font-family:宋体;">端口连接失败</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">使用</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">TFTP Daemon Fuzzer</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">进行</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">SCADA</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Cambria,serif;font-size:18.0pt;"> </span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">FUZZING</span></a></span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">测试</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">TFTP Daemon Fuzzer</span><span style="color:#777777;font-family:宋体;">是另一款可以给</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">CBC</span><span style="color:#777777;font-family:宋体;">设备带来短暂中断影响的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">fuzzing</span></a></span><span style="color:#777777;font-family:宋体;">工具。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">CBC</span><span style="color:#777777;font-family:宋体;">设备和稳压器类似。从工具名可以看出,该</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">fuzzing</span></a></span><span style="color:#777777;font-family:宋体;">工具主要是针对使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">TFTP</span><span style="color:#777777;font-family:宋体;">协议的设备进行</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzzing</span><span style="color:#777777;font-family:宋体;">测试。在执行</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">TFTPfuzz</span><span style="color:#777777;font-family:宋体;">脚本之前,我们可以使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">wireshark</span><span style="color:#777777;font-family:宋体;">对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">fuzzing</span></a></span><span style="color:#777777;font-family:宋体;">过程进行抓包以查看测试过程中</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">的变化。图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4</span><span style="color:#777777;font-family:宋体;">是测试过程,图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">5</span><span style="color:#777777;font-family:宋体;">可以看出</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">fuzz</span><span style="color:#777777;font-family:宋体;">引擎在尝试不同的测试内容,</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/web-browser-fuzzing/"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">fuzzing</span></a></span><span style="color:#777777;font-family:宋体;">测试可能会对设备造成一定的影响,故在生产环境中还需要考虑测试策略。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/20151211-4.jpg"><img width="300" height="212" src="https://www.2k8.org/content/uploadfile/202211/26/fcc21ecc.jpg" alt="20151211-4" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">4 </span><span style="color:#777777;font-family:宋体;">测试过程</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/20151211-5.jpg"><img width="300" height="165" src="https://www.2k8.org/content/uploadfile/202211/26/909c4227.jpg" alt="20151211-5" style="vertical-align:middle;" /></a><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">图</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">5 </span><span style="color:#777777;font-family:宋体;">尝试不同测试内容</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">SCADA</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">网络安全防范</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">虽然无法在部署之前了解和检测所有安全漏洞,但可以肯定的是通过采用下面纵深防御措施一定可以主动地减轻攻击者对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">SCADA</span><span style="color:#777777;font-family:宋体;">网络造成的安全破坏:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">开发安全策略;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">实现</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">ACL</span><span style="color:#777777;font-family:宋体;">;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">MAC</span><span style="color:#777777;font-family:宋体;">地址过滤;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">使用</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">VLAN</span><span style="color:#777777;font-family:宋体;">分段;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">加强</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">SCADA</span><span style="color:#777777;font-family:宋体;">设备物理安全,包括警报和防撬管理;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">不允许使用第三方</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">USB</span><span style="color:#777777;font-family:宋体;">及相关存储设备;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">实现支持</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">SCADA</span><span style="color:#777777;font-family:宋体;">协议防御机制的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">NIDS/NIPS</span><span style="color:#777777;font-family:宋体;">;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">整合操作系统和固件升级(包括补丁维护);</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">实现高强度的加密功能;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">确保已经准备好二重或三重身份验证策略;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">确保计划内的内部安全评估得到如期执行;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">考虑使用工控漏扫</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">ICSscan</span><span style="color:#777777;font-family:宋体;">以及包含</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">fuzzing</span><span style="color:#777777;font-family:宋体;">测试功能的</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">ICSscan</span><span style="color:#777777;font-family:宋体;">定期对工控系统进行安全评估;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">如果可能的话,使用诸如</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">SSH</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">DNPsec</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">TLS</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">DTLS</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">SSL</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">PKI</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">IPsec</span><span style="color:#777777;font-family:宋体;">之类的保护性协议;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">如果使用的是拨号调制解调器,那么实现支持活动日志、加密、名字和口令身份验证的增强型安全措施;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">实现一套</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">SIEM</span><span style="color:#777777;font-family:宋体;">安全信息和事件管理系统来完成日志聚合、日志审查和审计分析;</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-left:51.0pt;tab-stops:list 36.0pt;text-align:left;text-indent:-18.0pt;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Symbol;font-size:10.0pt;"><span>·<span style="font:7.0pt ""> </span></span></span><span style="color:#777777;font-family:宋体;">为所有合适的防火墙、交换机、路由器、</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">NIPS</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;">NIDS</span><span style="color:#777777;font-family:宋体;">设备实现可扩展的边界网络策略。</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">参考附件:</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/2014%E7%BB%BF%E7%9B%9F%E7%A7%91%E6%8A%80%E5%B7%A5%E6%8E%A7%E7%B3%BB%E7%BB%9F%E5%AE%89%E5%85%A8%E6%80%81%E5%8A%BF%E6%8A%A5%E5%91%8A.pdf"><span style="border:none windowtext 1.0pt;color:blue;font-family:inherit,serif;padding:0cm;">2014</span><span lang="EN-US" style="border:none windowtext 1.0pt;color:blue;font-family:宋体;padding:0cm;"><span lang="EN-US">绿盟科技工控系统安全态势报告</span></span></a></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"><a href="http://blog.nsfocus.net/wp-content/uploads/2015/12/2014%E5%B7%A5%E4%B8%9A%E6%8E%A7%E5%88%B6%E7%B3%BB%E7%BB%9F%E7%9A%84%E5%AE%89%E5%85%A8%E7%A0%94%E7%A9%B6%E4%B8%8E%E5%AE%9E%E8%B7%B5.pdf"><span style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:inherit,serif;padding:0cm;">2014</span><span lang="EN-US" style="border:none windowtext 1.0pt;color:#1EAAF1;font-family:宋体;padding:0cm;"><span lang="EN-US">工业控制系统的安全研究与实践</span></span></a></span>
</p>
<p style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"> </span>
</p>
页:
[1]