Page 774 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 774
There are a few drawbacks of multilayer protocols:
Covert channels are allowed.
Filters can be bypassed.
Logically imposed network segment boundaries can be
overstepped.
DNP3
DNP3 (Distributed Network Protocol) is primarily used in the
electric and water utility and management industries. It is used to
support communications between data acquisition systems and the
system control equipment. This includes substation computers,
RTUs (remote terminal units) (devices controlled by an embedded
microprocessor), IEDs (Intelligent Electronic Devices), and SCADA
master stations (i.e., control centers). DNP3 is an open and public
standard. DNP3 is a multilayer protocol that functions similarly to
that of TCP/IP, in that it has link, transport, and transportation
layers. For more details on DNP3, please view the protocol primer
at
https://www.dnp.org/AboutUs/DNP3%20Primer%20Rev%20A.pdf.
TCP/IP Vulnerabilities
TCP/IP’s vulnerabilities are numerous. Improperly implemented
TCP/IP stacks in various operating systems are vulnerable to buffer
overflows, SYN flood attacks, various denial-of-service (DoS) attacks,
fragment attacks, oversized packet attacks, spoofing attacks, man-in-
the-middle attacks, hijack attacks, and coding error attacks.
TCP/IP (as well as most protocols) is also subject to passive attacks via
monitoring or sniffing. Network monitoring is the act of monitoring
traffic patterns to obtain information about a network. Packet sniffing
is the act of capturing packets from the network in hopes of extracting
useful information from the packet contents. Effective packet sniffers
can extract usernames, passwords, email addresses, encryption keys,
