The first Bandolier results are out! We are pleased to announce that alpha versions of Bandolier audit files for Siemens Power TG and Telvent OASyS DNA are now available for download. These files, which work with the Nessus vulnerability scanner, will audit and compare your deployments with an optimal security configuration. They are available to Digital Bond site subscribers, and remember Bandolier is funded by a Department of Energy research contract.

We are calling these alpha versions because our vendor and asset owner partners and the Digital Bond team are likely to add a few audit checks to the audit files and because the documentation for each check in the report file will include more information in the beta and final versions. That said, each alpha audit check has been tested and there are a large number of audit checks for each system. They are ready for use so try them out and give us some comments.

If you are already familiar with Nessus and the policy compliance plugins, you can simply download the audit files and run them against your system. If you’re new to this process, a good place to start is the Bandolier User Guide for Nessus.

The first package is for Siemens Spectrum Power TG systems and includes the following audit files:

• Spectrum Power TG 8.2-SCADA Host Server-Linux-App Checks.audit
• Spectrum Power TG 8.2-SCADA Host Server-Linux-OS Checks.audit
• Spectrum Power TG 8.2-SCADA Workstation-Windows XP-App Checks.audit
• Spectrum Power TG 8.2-SCADA Workstation-Windows XP-OS Checks.audit
• Spectrum Power TG 8.2-Web Host-Windows Server 2003-Apache-App Checks.audit
• Spectrum Power TG 8.2-Web Host-Windows Server 2003-OS Checks.audit

The second package is for the Telvent OASyS DNA product. It includes these audit files:

• OASyS DNA 7.5-Engineering Station-Windows Server 2003-App Checks.audit
• OASyS DNA 7.5-Engineering Station-Windows Server 2003-OS Checks.audit
• OASyS DNA 7.5-Historical Server-Windows Server 2003-App Checks.audit
• OASyS DNA 7.5-Historical Server-Windows Server 2003-OS Checks.audit
• OASyS DNA 7.5-RealTime Server-Windows Server 2003-App Checks.audit
• OASyS DNA 7.5-RealTime Server-Windows Server 2003-OS Checks.audit
• OASyS DNA 7.5-XOS Workstation-Windows XP-App Checks.audit
• OASyS DNA 7.5-XOS Workstation-Windows XP-OS Checks.audit

You will notice that the checks for each application component are split between two files. One file contains checks that are more application specific while the other contains general operating system security checks. They are designated with the label App and OS, respectively. The App file is where we reach into the application level and inspect settings but it also includes security guidance spelled out by the vendor or checks for supporting application such as web servers. The OS files are based on existing best practice standards but, in many cases, are modified to ensure that the settings they audit function well with control system application. They are also easily modified for site-specific security policy or requirements.

You can run one or both of the applicable audit files in Nessus in one audit, in fact Nessus supports up to 5 audit files run simultaneously. Our feeling was some asset owners may have a standard OS build and were more interested in control system specific audit checks. We were also concerned that the audit reports might become too large for some asset owners if all the OS checks were included. Comments?

Nessus generates a report from each scan. Sample reports are available to site subscribers here . You will notice that some of the checks include a URL that links to a supporting documentation page. Eventually each application check will have a supporting documentation page–here is a sample.  The best way for subscribers to see all of the application audit checks in these alpha releases is to look at the audit check tables on the Bandolier download page.

We expect that these files will grow and be improved upon over time but wanted to makes them available as soon as possible. We look forward to hearing from you regarding how the audit files are working at your site. Please send any feedback to info@digitalbond.com.