HOW CONTROL SYSTEMS GET HACKED
Why are BAS systems common cyberattack targets?
They control critical systems and often have weak security
Which command checks if a device is reachable on the network?
ping
What tool captures live network traffic for analysis?
Wireshark
What identifier does port security use to allow or deny access?
MAC address
What does SMTP stand for?
Simple Mail Transfer Protocol
What credential issue is commonly exploited by attackers?
Default or weak passwords
Which command displays IP address, subnet mask, gateway, and DNS info?
ipconfig /all
What Trane tool captures BACnet traffic inside Synchrony?
BACnet Capture Tool
What is the default port security violation action?
Shutdown
Which port is commonly used for unencrypted SMTP?
25
Which BAS protocol is often exploited due to lack of encryption?
BACnet/IP
Which command maps IP addresses to MAC addresses?
arp -a
What tool helps locate hidden or unlabeled cables?
Tone generator
Which port security mode silently drops unauthorized devices?
Protect mode
How is SMTP used in building automation systems?
Sending alarms and reports
What is control manipulation in a cyberattack?
Changing setpoints, schedules, or disabling alarms
Which command traces the path packets take across networks?
tracert
What tool quickly scans subnets to identify devices?
Advanced IP Scanner
Why is outbound-only traffic preferred for remote BAS access?
It avoids inbound attack paths
Which email protocol leaves messages on the server?
IMAP
What did the Target breach demonstrate about BAS security?
BAS access can lead to corporate network compromise
Why should troubleshooting always start at the physical layer?
Power and cabling issues are the most common failures
Why use packet capture when devices appear online but do not respond?
To identify dropped packets or protocol errors
What firewall strategy blocks all traffic except what is required?
Default deny
What should be checked first if BAS email alarms fail?
SMTP server, port, and credentials