Penetration testing professional ethics : a conceptual model and taxonomy

In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.

A taxonomy of penetration testing ethics

In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.

Cone penetration testing to assess slope stability in the 1979 Nice landslide area (Ligurian Margin, SE France)

In the landslide-prone area near the Nice international airport, southeastern France, an interdisciplinary approach is applied to develop realistic lithological/geometrical profiles and geotechnical/strength sub-seafloor models. Such models are indispensable for slope stability assessments using limit equilibrium or finite element methods. Regression analyses, based on the undrained shear strength (su) of intact gassy sediments are used to generate a sub-seafloor strength model based on 37 short dynamic and eight long static piezocone penetration tests, and laboratory experiments on one Calypso piston and 10 gravity cores. Significant strength variations were detected when comparing measurements from the shelf and the shelf break, with a significant drop in su to 5.5 kPa being interpreted as a weak zone at a depth between 6.5 and 8.5 m below seafloor (mbsf). Here, a 10% reduction of the in situ total unit weight compared to the surrounding sediments is found to coincide with coarse-grained layers that turn into a weak zone and detachment plane for former and present-day gravitational, retrogressive slide events, as seen in 2D chirp profiles. The combination of high-resolution chirp profiles and comprehensive geotechnical information allows us to compute enhanced 2D finite element slope stability analysis with undrained sediment response compared to previous 2D numerical and 3D limit equilibrium assessments. Those models suggest that significant portions (detachment planes at 20 m or even 55 mbsf) of the Quaternary delta and slope apron deposits may be mobilized. Given that factors of safety are equal or less than 1 when further considering the effect of free gas, a high risk for a landslide event of considerable size off Nice international airport is identified

A proposed Australian industrial control system security curriculum

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

DNP3 network scanning and reconnaissance for critical infrastructure

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols to control national infrastructure. The move from point-to-point serial connections to Ethernet-based network architectures, allowing for large and complex critical infrastructure networks. However, networks and con- figurations change, thus auditing tools are needed to aid in critical infrastructure network discovery. In this paper we present a series of intrusive techniques used for reconnaissance on DNP3 critical infrastructure. Our algorithms will discover DNP3 outstation slaves along with their DNP3 addresses, their corresponding master, and class object configurations. To validate our presented DNP3 reconnaissance algorithms and demonstrate it’s practicality, we present an implementation of a software tool using a DNP3 plug-in for Scapy. Our implementation validates the utility of our DNP3 reconnaissance technique. Our presented techniques will be useful for penetration testing, vulnerability assessments and DNP3 network discovery.

Quaternary geology of the German North Sea and Western Irish Sea Mud Belt: revised stratigraphies, geotechnical properties, sedimentology and anthropogenic impacts

The climatic development of the Mid to Late Quaternary (last 400,000 years) is characterised by fluctuation between glacial and interglacial periods leading to the present interglacial, the Holocene. In comparison to preceding periods it was believed the Holocene represented a time of relative climatic stability. However, recent work has shown that the Holocene can be divided into cooler periods such as the Little Ice Age alternating with time intervals where climatic conditions ameliorated i.e. Medieval Warm Period, Holocene Thermal Optimum and the present Modern Optimum. In addition, the Holocene is recognised as a period with increasing anthropogenic influence on the environment. Onshore records recording glacial/interglacial cycles as well as anthropogenic effects are limited. However, sites of sediment accumulation on the shallow continental shelf offer the potential to reconstruct these events. Such sites include tunnel valleys and low energy, depositional settings. In this study we interrogated the sediment stratigraphy at such sites in the North Sea and Irish Sea using traditional techniques, as well as novel applications of geotechnical data, to reconstruct the palaeoenvironmental record. Within the German North Sea sector a combination of core, seismic and in-situ Cone Penetration Testing (CPT) data was used to identify sedimentary units, place them within a morphological context, relate them to glacial or interglacial periods stratigraphically, and correlate them across the German North Sea. Subsequently, we were able to revise the Mid to Late Quaternary stratigraphy for the North Sea using this new and novel data. Similarly, Holocene environmental changes were investigated within the Irish Sea at a depositional site with active anthropogenic influence. The methods used included analyses on grain-size distribution, foraminifera, gamma spectrometry, AMS 14C and physical core logging. The investigation revealed a strong fluctuating climatic signal early in the areas history before anthropogenic influence affects the record through trawling.

Empirical evaluation of multi-device profiling side-channel attacks

Side-channel analysis of cryptographic systems can allow for the recovery of secret information by an adversary even where the underlying algorithms have been shown to be provably secure. This is achieved by exploiting the unintentional leakages inherent in the underlying implementation of the algorithm in software or hardware. Within this field of research, a class of attacks known as profiling attacks, or more specifically as used here template attacks, have been shown to be extremely efficient at extracting secret keys. Template attacks assume a strong adversarial model, in that an attacker has an identical device with which to profile the power consumption of various operations. This can then be used to efficiently attack the target device. Inherent in this assumption is that the power consumption across the devices under test is somewhat similar. This central tenet of the attack is largely unexplored in the literature with the research community generally performing the profiling stage on the same device as being attacked. This is beneficial for evaluation or penetration testing as it is essentially the best case scenario for an attacker where the model built during the profiling stage matches exactly that of the target device, however it is not necessarily a reflection on how the attack will work in reality. In this work, a large scale evaluation of this assumption is performed, comparing the key recovery performance across 20 identical smart-cards when performing a profiling attack.

INFO2009 Group 17 - Team Scopophobia - Security

This is the INFO2009 project for group 17 Our topic is Security. Our resource is a website that contains links to different questionnaires we created to help educate people in various subtopics of Security

Segurança estrutural de uma ponte ferroviária em concreto armado sobre o rio Mãe Maria

O estudo do comportamento de pontes ferroviárias vem tomando grande destaque na área experimental, devido muitas das vezes haver a necessidade de um aumento dessas cargas móveis. A companhia VALE a partir de um convênio estabelecido com a UFPA (Universidade Federal do Pará), buscou realizar estudos das capacidades resistentes das pontes ferroviárias, que compõem a Estrada de Ferro Carajás (EFC), para futuros casos de carregamentos que passarão de 32 tf para 40 tf, o que provoca mudanças consideráveis no comportamento da estrutura. A falta de manutenção ou uma manutenção irregular das pontes de concreto armado podem resultar em manifestações patológicas que podem comprometer a segurança e ao risco de intervenção do escoamento. Dentre as OAE’s (Obras de Arte Especial) já analisadas, encontra-se a ponte sobre o Rio Mãe Maria localizada no município de Marabá, estado do Pará, transpondo o rio Mãe Maria, identificada como OAE 50A, apresenta um traçado retilíneo executada em concreto armado moldada “in loco”, é constituída por dois vãos hiperestáticos, totalizando 64,20 m, transpondo o leito do rio em dois vãos de 20 m e com seção transversal oferecendo a largura de 5,85 m. Com isso tornou-se indispensável para avaliação de sua integridade física a monitoração com extensômetros elétricos de resistência (EER) dos elementos (laje, longarina, blocos, encontros e tubulões) que compões a estrutura durante a passagem dos trens carregados de minério. Além da monitoração, foram realizados ensaios não-destrutivos como: dureza superficial através da esclerometria e a estimativa do cobrimento da armadura e localização da mesma por meio da pacometria, ensaios destrutivos como: extração de corpos-de-prova para determinar a compressão diametral e o módulo de elasticidade do concreto e a resistência a penetração através do teste de carbonatação inerentes a questão de durabilidade do mesmo, que serão comparados com a memória de cálculo e com os modelos computacionais tridimensionais desenvolvidos via “software” comercialSAP2000® (COMPUTERS AND STRUCTURES), que utiliza o método dos elementos finitos (MEF). O MEF foi utilizado para obtenção dos esforços permitindo as verificações de segurança de acordo com as recomendações normativas, tais análises comparativas são apresentadas e discutidas para a conclusão do comportamento das longarinas. Conhecendo com precisão a capacidade estrutural da ponte e a sua vida útil, pode-se assegurar o tráfego de composições com maior segurança.

(Figure 2) Suspended sediment concentration profiles from samples in the outer harbor of Emden, Germany

One particularly complex phenomenon is the episodic, tidally driven variation of navigable depth level as a result of fluid mud settlement. This paper presents results from dynamic cone penetration testing with pore pressure measurement (CPTU) as a nonacoustical, direct device to support surveying and management of these areas. The new technique is modular and uses a disk configuration for fluid mud detection. Both disk resistance and pore pressure measurements accurately identify suspended matter concentrations of 90 g/L or more, and the transition from fluid mud to consolidating mud once concentrations exceed 150 g/L. Hence, the procedure attests the potential for rapid, reliable assessment of a fluid mud layer and concurrent characterization of the underlying consolidated sediment by monitoring the pore pressure and strength changes during penetration.