| Abstract [eng] |
In this project user authorization methods and user access areas in supervisory control and data acquisition systems are reviewed. Three main software packages WinCC, InTouch and CitectSCADA are analysed. In addition, there is a review about possible attacks against SCADA system through network and explanation why most attention is given to that field. Considering that fact that the most attention is given to that field, a decision was made to analyze user authorization. The security of user authorization analysis is divided into two parts – application level, and operating system level. Not only that, but also the effect of deleting files associated with project or program executable files is checked. All research is made having only operating system administrative privileges. Analyzing security in application layer attempts were made to make it clear if it is possible to add new users, change existing user roles, or to find out user name and password while having operating system administrator privileges. Both methods, when changes were made to user data in same compute r, or when they were changed in other and then pasted were analyzed as well. It was found out that it is possible to crash the system, or make any futher work impossible when you have administrat ive privileges of the system. It is possible to add or change roles or passwords of existing users in InTouch or Citect packets, while WinCC has no such possibility – u need to copy or edit whole project. |
