Design and implementation of EPA industrial control network security test system

0Introduction

One of the great advantages of the upstream control network based on EPA is that it integrates the EPA control system with the enterprise's e-commerce, material supply chain and ERP to form an efficient and smooth "transparent network" to improve work efficiency. However, the overall network transparency bears certain risks. Since the upstream control network based on EPA is a highly open control network, it uses the TCP/IP protocol, so it may be subject to network security threats including illegal intrusion and illegal operation by software hackers, terrorists, viruses and upstream spies. Unauthorized users may enter the process monitoring layer or management layer of the EPA upstream control network, causing security loopholes. Once the upstream control network is attacked by hackers and terrorists, it will cause huge losses to the enterprise and even threaten national public security. Therefore, the issue of network security of upstream control based on EPA is an issue that needs to be studied and solved urgently.

Practice has shown that the security of a network depends on the weakest link in the network. To find the weak links in the EPA business control network and to ensure the security of the network system to the greatest extent, the most effective method is to regularly conduct security tests and analyses on the EPA business control network, timely discover the vulnerabilities of the network, analyze the causes of these security threats, and use relevant technologies and management methods to make up for security loopholes, prevent the occurrence of security incidents, and thus strengthen the security of the EPA business control network.

1 EPA Industrial Control Network Security Testing Principles

1.1 Analysis of security threats to EPA business control networks

Combining EPA network security specifications and KIST-800 series specifications, the vulnerabilities faced by EPA business control networks are divided into the following categories:

(1) Network vulnerabilities: In complex upstream control applications, network service security vulnerabilities cannot be ignored, such as EPA equipment management services.

The EPA-based upstream control network uses Ethernet to face the threat of service fraud; placing a web server into the PLC or field equipment to achieve dynamic exchange 4_will face the threat of abuse; in addition, there are denial of service, FTP vulnerability, Telnet vulnerability and other application service vulnerabilities;
(2) System vulnerabilities: Although some field devices in the EPA upstream control network do not use any operating system, some more important upstream switches, OPC servers, configuration devices, etc. use general operating systems. These systems often have some security vulnerabilities, such as weak system passwords, etc.;

(3) Protocol vulnerabilities: Many industry communication protocols were not designed with security issues in mind. Communication is based on IP trust, so it is inevitable that it will be subject to security attacks. For example, TCP/IP protocol is vulnerable to IP spoofing, ARP spoofing and other attacks; PTP protocol used in EPA protocol is vulnerable to Bian clock spoofing attacks, etc.

(4) Strategy loopholes: Lack of or unreasonable security technology or strategy will bring great security risks to the EPA's industrial control network. For example, incorrect filtering strategies of EPA security gateways and firewalls will allow some non-secure messages to enter the control network; important communication messages transmitted in plain text will be illegally stolen, etc. The network integrates and interconnects the field control system, process monitoring layer network, and enterprise information management layer network. This flat network structure also makes the EPA's industrial control network face more and more security threats.

1.2 Functions of the EPA safety test system

Since the EPA soil control network environment is complex and has many potential security threats, security testing is generally carried out at multiple levels, such as the network layer, operating system layer, database layer, and application system layer. The security test system can not only detect security vulnerabilities in the EPA soil control network, but also provide recommended solutions in the test report, and have diagnostic and monitoring functions during the test to prevent the test from causing damage to the control system. Therefore, the EPA security test system should have the following functions:

Information detection function

In the early stage of EPA security testing, it is necessary to obtain as much information as possible through information detection (l in order to obtain the surviving equipment information of the EPA land control network to be tested). Information detection paves the way for vulnerability detection and penetration testing.

(2) Vulnerability Detection Function

Vulnerability detection is achieved by sending detection messages, then listening to the response of the detection target, querying the feature library to determine whether there are vulnerabilities in the network system, and realizing vulnerability detection at the EPA service, non-EPA service, operating system and other levels.

(3) Penetration testing function

Penetration testing simulates hacker intrusion techniques within a controllable range and launches "real" attacks on EPA's land control networks and systems to test the security of networks and systems in real application environments.

(4) Diagnostic monitoring function

Since safety testing may cause irreversible damage to the field layer of the EPA soil control network, which is time-sensitive and requires high stability, diagnostic monitoring functions are essential to ensure the controllability of safety testing.

2 EPA safety test system design and implementation

2.1 Overall design of EPA safety test system

Following the principle of low coupling and high cohesion in software development, the design of the test system adopts a modular design idea to increase the independence of each module to make the system structure clear. The EPA security test system consists of components such as the global configuration module, test engine, vulnerability library, information detection module, vulnerability detection module, penetration test module, diagnosis monitoring module, report management module, and permission management module. The relationship between the modules is shown in Figure 1. Figure 1 EYA security test system structure diagram As shown in Figure 1, the modules of the EPA security test system are relatively independent. Each independent module can be operated through the human-computer interface for separate manual testing, and the test parameters can also be configured through the global configuration module. For different test objects, users can flexibly formulate test strategies, and then schedule each test module for automated testing through the test engine. After the test, the corresponding solutions are found in the vulnerability library according to the vulnerabilities tested by each module, and the test report is published.

2.2 Design and implementation of test module

(1) Information detection module design

In the network detection module, the system uses a variety of testing methods to detect as much target information as possible, and has functions such as device discovery, open port scanning, service identification, service version, Trojan identification, and operating system detection.

Service identification: The first service identification is performed based on the open port and service mapping table. This process can identify Trojan threats on some ports. The second identification is to establish a connection with the Japanese standard system, collect the returned Banner information, and query the service feature library to roughly identify the service type, and even the name and version of the software.

Operating system detection: Use TTL flags and other means to identify the operating system of the Japanese standard system. For devices that rely on general operating systems, it is necessary to test system vulnerabilities during vulnerability detection, while for real-time operating systems such as UC/OS and EPA network devices and field devices without operating systems, system vulnerability testing can be bypassed.

(2) Design of vulnerability detection module

The vulnerability detection module mainly extracts characteristic messages from the vulnerability library for scanning and detection. It mainly detects 14 EPA application service vulnerabilities and non-EPA application service vulnerabilities, weak passwords, protocols and other vulnerabilities of EPA network devices. Specifically, the test module extracts the test characteristic fingerprint from the vulnerability characteristic library to form a test message, sends the test message to the test object, and then listens to the response of the detection target and collects information, and then combines the vulnerability characteristic library to determine whether there is a security vulnerability in the EPA network. The vulnerability characteristic library here is an abstract concept, which is actually manifested as a characteristic matching pair encapsulated in a test plug-in. The test plug-in completes the feature extraction, forms a test message, receives the return information and determines whether there is a vulnerability.

In Figure 4, the vulnerability number is the number of the vulnerability in the vulnerability database. The CVE number refers to the CVE number corresponding to the vulnerability. If the vulnerability is a vulnerability unique to the EPA protocol itself, there is no such number. In order to standardize and internationalize the security test system, the CVE number in the "Common Vulnerability List" is used as the vulnerability name. The vulnerability description is a detailed introduction to the security vulnerability. The solution is the patching method of the vulnerability. Generally, security vulnerabilities can be solved by the following methods: shutting down unnecessary network services, downloading and installing related vulnerability patches, and correctly configuring the related network services involved in the vulnerability. Additional information refers to other information besides the above information, such as patch information.

(5) Design of diagnostic monitoring module

The diagnostic monitoring module of the EPA security test system includes Ping command, Trackt command, network card traffic monitoring, EPA network message capture and analysis, EPA network traffic statistics and analysis, etc.

(6) Design of other modules

The report generation module can generate various report formats according to different needs. Test reports point out test-related information, vulnerability information and vulnerability repair methods, temporary safety emergency measures and other security suggestions to guide control system administrators to adopt safety measures to make up for the vulnerabilities.

The authority management module allocates, modifies, registers, and deletes user names and passwords for legitimate users of the security test system. At the same time, different test authorities are allocated to users according to test needs to ensure the security of the security test system itself.

The overall interface of the EPA safety test system is shown in Figure 5.

3 EPA Safety Test System Verification

In order to examine and verify the application process of the EPA security test system, a small EPA upper control network security test platform is built. The platform consists of an EPA configuration device, 2 EPA field devices, an EPA hub, a bus power supply device and an EPA security test device. The EPA security test system is run on the EPA security test device to perform security tests on the EPA control network and system.

The test results are shown in Figure 6. The EPA security test system conducted security tests on two EPA devices and one configuration device in the system. Taking the test on the configuration device as an example, two security warnings were found through the security test of the network service. These two security threats are that the configuration device has enabled useless services. This vulnerability can be remedied by closing the relevant ports.

4 Conclusion

According to the characteristics of the EPA upper industry control network and the communication characteristics of the EPA protocol, a EPA-based upper industry control network security test system was designed and implemented. The system integrates multiple test technologies from the perspective of active defense, and can automatically detect the security status of remote or local EPA network devices, discover potential security vulnerabilities, and provide solutions in the test report. According to the needs of the actual industry site, an EPA upper industry control network test platform was built to test the security of the network and verify the functions of the test system, meeting the expected requirements.