With the familiarization of the penetration testing, more and more companies look for professionals in penetration testing to perform a penetration test. While professional skills are required in order for the test to be effective, certification of the penetration tester or penetration team is required and is more and more demanded. This paper suggests a methodology in choosing a penetration tester or a penetration testing team, and a brief certification listing is given.
A research on current condition and problems of critical infrastructures and critical information infrastructures is described in this paper. This article includes issues, the discussion of problems and comments about each of the common Critical Infrastructures from an international, national, local and individual perspective. There are many threats to these infrastructures. And it remains a challenge to the society to deliver solutions to problems such as these. Also the situation in Korea on each sector of Critical Infrastructure is considered in the article.
Data security plays a crucial role in modern times most business is transacted over the internet and even to wireless devices. This paper presents the vulnerabilities found in VPN using IPsec and suggested a set of Policy as a Defensive measure. Such policy suggested applies to implementations of VPN that are directed through an IPsec concentrator and to all company’s employee, contractors, consultants, temporaries and other workers including all personnel affiliated with the third parties utilizing VPNs to access the company’s network.
In SCADA systems, Communication is very important. In communication, protocols are needed to be implemented to avoid some problems. In the current state of SCADA communication, two protocols are widely used, the T101 or IEC 60870-5-101 (IEC101) and the DNP3 (Distributed Network Protocol). In this paper, we present each protocol and discuss the specifications of T101 and DNP3. This can help SCADA operators to select which protocol is suited for the operations of their SCADA systems.