A lot has been said about the effectiveness of awareness training recently. While Training and awareness are necessary to build a solid foundation, practicing with real tools and hardware elevates your knowledge and hones your craft. As part of my series about ‘The Rack‘, I cannot stress enough the importance of practice. For example, take a lineman, as a lineman you start as a journeyman. Until you have enough practice and experience then you can work your way up to become a master. You cannot simply take enough training classes to go from journeyman to master, you must learn through experience and practice.
I spent many years, all the way back to my high school years, just spending hours with tools to see how they work, and then trying them out on as much as possible. In the early years my family was most of the guinea pig. When I was playing with ettercap with in the first few times, after changing images in web pages, I took it up to doing more complex things and then one day my sister got very mad when I was replying to her AIM messages for her.
Recently I’ve been researching a lot of tools that are coming out and their applicability into control systems, at any chance I get I test, test and test until I felt comfortable with the tools. Then once given the opportunity to run the tools inside a control system lab, I have a list of everything I want to test to see how things react. This step was very educational, as it will show what you might be able to run on a production system and what you can’t.
One of the hardest parts about Control Systems assessments it the devices themselves. They are sensitive to most types of scans, with weak IP stack implementation and limited memory of the devices to maintain a large connection table just as examples.
It is very important for us to practice the tools that we use to see what the response is going to be from a device, to see what possible issues might arise, and what can be done to prevent devices from failing during an assessment. This will make your assessment go easier, and make the control system operators more comfortable with you being around.
Having a dedicated lab to practice tools is a must in this day in age. When it comes to embedded devices like PLCs these devices should be tested on by the assessment team. For a lot of consultants and people trying to get into the control system assessments this is difficult to do, as these labs are expensive to build and maintain. Most other systems can be tested in VMs as long as you can make it resemble what you will see as close as possible.