Your password is without doubt the weakest point of your system, so if you are thinking you can seal it using alternatives like the operating system password for example, it won't make a difference. You should also patch firmware attacks by adding an anti-flash workaround and disable the ICS and SCADA connections on port 23. For example, I had a Netgear router which is vulnerable to web attacks, so I added a.htaccess file to prevent direct access to the nginx web tier on port 80 over HTTP. ISet the router to send 403 forbidden on port 80 instead of displaying the normal page. For the Siemens S7 200 remote access was so easy on port 23, because there was no http server at all. It was a command line only, no login or password access. For me Siemens S7 is an open-source network analyser.
I was able to crack the Siemens domain registrar password as fast as it takes to connect to a wireless access point, this is because the system doesn’t require any authentication for those access points which work on implanting access point MAC addresses on the servers. Any access point can be an AP? And if you are working on any Siemens system, this is your stupidest mistake, Siemens being one of the largest suppliers of industrial control devices. Siemens has already been attacked several times by the same group and different countries, like Iran. Siemens SCADA is not mendesigned by hackers, but Siemens sometimes hosts some hacks, as last year they accepted a ransom amount of one million of dollars in Bitcoins to not reveal any customer data (https://www.theregister.co.uk/2011/04/13/siemens_hacked/). The username could be an important piece of information and, anyway, the Siemens developers use their own login credentials. Interesting because Siemens SCADA comes with a web interface where you can change user credentials and passwords, bypassing the need of password cracking. Nevertheless, the admin should not be OK with a company with 160,000 employees to have access to machines with its credentials. There are more important things than Siemens. d2c66b5586