Our SCADA Honeynet Images are now available to subscribers.
We were able to shrink the images down to 250-300MB, nearly half of our demo release.
Next week our Statistics & Reports page will start being populated with statistics from our two current SCADA Honeynet projects.
Update Dale’s Comments:
This SCADA Honeynet simulates a very popular PLC. If an adversary attacks the PLC they are likely to be fooled for a very long time and the SCADA Honeynet will capture all the attack details and alert that an attack is underway.
Capturing all details is important to help quantify and qualify risk, and is also fascinating to watch how hackers attack. The alerting makes SCADA Honeynets a realistic early warning device because any activity is unauthorized.
The PLC has a realistic set of points and data from a large electric utility and supports many Modbus TCP functions. There also is a web, ftp, telnet and SNMP interface. All with default passwords. So an attacker could see the web interface, identify the PLC, Google for the default password, login to the PLC (SCADA Honeynet), and start configuring the PLC.
I’m often asked by grad and doctoral students for ideas of SCADA security research projects. The SCADA Honeynet is one idea. You can download it, install it in a number of scenarios, track statistics and analyze attacks. You can build additional functionality into the design. We are hoping for feedback and additional capabilities as the design grows.
Two final notes – First, the SCADA Honeynet is in the Resource Section. This is where we put the SCADA IDS signatures, whitepapers and other forthcoming tools. This is a location on the site you should keep an eye on. Second, great job Landon. Landon is the project lead on the SCADA Honeynet and send your comments, suggestions and questions to firstname.lastname@example.org.