RPC Security

VTScada security is application based. Usernames and passwords are held by an application and are used to authorize the actions that a user can perform. RPC security is system based and is concerned with ensuring that RPC communication between VTScada servers is secure.

Inter-server communication security can be sub-divided into two parts:

• Security of data. This pertains to the protection against modification or discovery of system data.
• Security of system. This pertains to the protection of the system against malicious network traffic and unauthorized hands-on modification of the system or the plant it controls.

Research shows the latter to be the area of almost all reported vulnerabilities of SCADA systems. The vulnerabilities cause loss of service, a crash or other catastrophic failure of the SCADA system. Discovery of these vulnerabilities is usually made in an environment other than a production environment (i.e. someone has a copy of the software and sets out to break it in a lab environment) and, therefore, physical access to the system is not implemented.