Starting with the easy part, it is a 1 time scan once the deployment has been completed.
QUESTION: does the AI/ML requires a recurring scan over the same network?
In any case, as you have mentioned, it will be interesting for us to have your consultancy services in order to produce a more consistent report.
Thanks for the document provided with the scan profiles outline. However, Profile 10 only mentions SCADA ICS PLC, so I am not sure if this is applicable for our WAN Gateways.
QUESTION: how does this profile apply to IoT networks if it refers only to SCADA?
The demanded solution has are many different components. There are mainly different systems to be deployed under one big project/RFQ: public digital signage points, public WiFi hotspot, BLE beacons, environmental sensors, public web portal ...
All the systems will require an on-premise management software installed in a virtual machine. So we will have management machines with public and local interfaces. I will try to represent it:
+--------+-----------------------+------+ +------------+ +----------+-------------+----------+----------+
| | | | | +--------+ | | | +----------+| | |
| | WiFi Controller | | | | | | | | | ||Layer 2 | |
| <------> Manager <-------------------------------------------------->Access ||(WiFi) <-> Clients |
| | Radius Server | | | | | | | | | Points || | |
| | | | | | | | |Private IP| +----------+| | |
| |-----------------------|Public| | |Mobile | | |(from +-------------+----------+----------+
| LAN | |IP | | |3G/4G | | |carrier) | +----------+| | |
| <-----> Sensors Management <-------------------------------------------------->WAN ||Layer 2 <-> Sensors |
| | | | | | | | | | | Gateways ||(WAN) | |
| | | | | | | | | | +----------+| | |
| |-----------------------| | | +--------+ | +----------+-------------+----------+----------+
| | Web portal | | | Internet | | |
| <-----> <-------------------------------------------------------------------------> Clients |
| | | | | | | |
+--------+-----------------------+------+ +------------+ +----------+
We could target servers (LAN and public sides), but we do not know how to proceed with field elements as Access Points and WAN Gateways, as the will be inside the 3G/4G carriers network.
Also, we can conduct some kind of WiFi pentesting (QUESTION: you have a product for WiFi, isn't it?) but we do not have a clue how to pentest WAN Layer 2.
So, let me know how you think we could approach this project. It is not specified that you must pentest "all" the elements in "all" interface, so let us know what it makes sense to propose.
Reply:
QUESTION: does the AI/ML requires a recurring scan over the same network?
Answer: It does not necessarily require a recurring scan, but the precision of false positive detection grows as the number of scans grows too.
A more consistent report can be achieved with a human analyses, and we will be apply to provide you with our consultancy service.
QUESTION: how does this profile apply to IoT networks if it refers only to SCADA?
Answer: This profile is especially designed for SCADA systems, distributed systems for monitoring and supervising physical systems, but is also applicable to IOT, where the monitoring system is built in the physical (monitored) system.
THE HARD QUESTION: we do not know how to proceed with field elements...
I must suppose that the Penetrator is NOT located in any part of this network architecture, otherwise there would be no problem scanning IPs in the same LAN. In this case, the Penetrator can only scan what is "visible" through a public IP address. If the request is to assess the vulnerability of network components that are not exposed on the Internet, the only possible answer is that those elements are not vulnerable. A different approach could assume that a hacker has penetrated the publc IP and has gained control over one of the network components, and from there is trying to take control over the other components. In this case, the penetration test must be conducted from inside the LANs, so the Penetrator must be physically located in the LANs or in a VPN with the LANs. This must be done on the left side (management side) and on the right side (user side), so the pentest should be performed in 2 separate sessions.
QUESTION: you have a product for WiFi, isn't it?
We have a product for pentesting WiFi networks via the WiFi Pen testing module.
Comments
0 comments
Please sign in to leave a comment.