More security audit files are now available from Bandolier, a Digital Bond project funded by the US Department of Energy. We are pleased to announce a beta release package for the following AREVA e-terra components:

• e-terraplatform 2.5 (Windows 2003 Server)
• e-terraplatform 2.5 (Red Hat Linux 5.3)
• e-terrabrowser 3.5 Web Display Server (Windows 2003 Server / IIS)
• e-terrabrowser 3.5 Web Display Server (Red Hat Linux 5.3 / Apache)
• e-terrabrowser 3.5 Client (Windows XP SP2)

This release brings the total number of application components with Bandolier security audit files to 23, with even more on the way.

We are particularly excited about this release. AREVA provided their top security talent to help develop this set of audit files and we have gone through a painstaking review and test of every setting at both the application and operating system levels. AREVA was already following the CIS security benchmarks–this gave us a huge head start. We customized those checks and in some cases went way beyond the CIS recommendations.

This release contains over 1800 checks spread across the five application components. If you take just one server or workstation of each type for (App, Web, and Client), here are the number of checks for each platform:

• Windows: 676
• Linux: 1337

Add in redundant servers and additional operator stations and you end up with thousands of security settings to audit. Who wants to do that by hand?

If you have a current e-terra maintenance contract, you can download the files from the AREVA customer support portal. If not, they are available here:

AREVA e-terra Release Package

To get started with the Nessus compliance checks, check out this SCADApedia article: Bandolier User Guide for Nessus.

We would like to extend a special thanks to Sharon Xia and all the AREVA team members who helped make this possible. In case you missed it, you can hear Sharon talk about Bandolier in this podcast.

As always, we appreciate any feedback you have.