Comments on: DoE Project Part 1 – Auditing with Nessus http://www.digitalbond.com/index.php/2007/10/30/doe-project-part-1-auditing-with-nessus/ This Month in Control System Security Fri, 10 Sep 2010 08:43:22 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Ron Southworth http://www.digitalbond.com/index.php/2007/10/30/doe-project-part-1-auditing-with-nessus/comment-page-1/#comment-8868 Ron Southworth Wed, 31 Oct 2007 14:13:40 +0000 http://www.digitalbond.com/index.php/2007/10/30/doe-project-part-1-auditing-with-nessus/#comment-8868 Hi Dale, Sounds like an interesting project and every success with the outcomes. Are you considering an initial non-intrusive enumeration as part of the compliance approach, using SMART or something similar to validate the documented system architecture / information flow diagrams. I do like the output from Nesus3 in the feature of checking the "hardening" of the devices of interest. Like you I do have some reservations that even this type of activity can effect legacy systems to varying degrees. I recall Tenable does have some passive software tools hopefully you guys will develop something levering this knowledge. A project name - for the sake of some humor - Marangue - when on top makes PI taste better! Hi Dale,

Sounds like an interesting project and every success with the outcomes.

Are you considering an initial non-intrusive enumeration as part of the compliance approach, using SMART or something similar to validate the documented system architecture / information flow diagrams.

I do like the output from Nesus3 in the feature of checking the “hardening” of the devices of interest. Like you I do have some reservations that even this type of activity can effect legacy systems to varying degrees. I recall Tenable does have some passive software tools hopefully you guys will develop something levering this knowledge.

A project name

- for the sake of some humor –

Marangue – when on top makes PI taste better!

]]>