This week’s blog post is going to somewhat be a “geeking out” entry as I get into some of the details and performance issues associated with the design and implementation of bringing the syslog events into Portaledge. It will be somewhat trending towards geek speak, so consider yourself forewarned.
While studying to be a good little [...]

In integrating IDS events into Portalegde one question becomes paramount. Namely: “Which events do we include?” As Portaledge will perform correlation and aggregation on all of the events “fed” to it, choosing a set of events that provides critical network information, without overwhelming the administrator is important.
To include every IDS event, especially on an [...]

If a control system is hacked and there are no mechanisms in place to forensically trace the attack, you have no idea how the attack occurred and no clues on what to do to close/remediate the attack pathway. This lack of forensics leaves the system open and vulnerable to the repetition of the exact same [...]

Charles and I are currently working on adding modules into the Portaledge code base that help asset owners and operators to meet NERC CIP logging requirements (for more specifics on Portaledge and NERC CIP requirements see this previous blog post and the SCADApedia page). As part of this work I am writing a module that adds IDS [...]

After 6 years considering security for control systems I have came to the conclusion that there is very little security in control systems. Sure we can take measures to tighten up the security of the PCs and devices that compose the system, but given the number of simple exploits against the control system software, the [...]

As I have started the code for using Portaledge to meet NERC CIP requirements some other security benefits from this process have become apparent. These benefits help to improve security by; creating data redundancy, and by leveraging the log data through the Portaledge correlation process.
By using PI via Portaledge to store log events redundant copies of the log events [...]

Charles and I have generated a set of functions, scripts and documents for producing normalized Security Event Monitor (SEM) output and integrating the output with SEMs. Our target for this release was Tenable’s Security Center but the concepts and output will be similar for most SEMs. For more information see the Portaledge SEM Integration page on Digital [...]

The SheevaPlug 3.0 is a full PC in a tiny package. Featuring a 2 ghz Armada cpu, built in micro HD, usb, Wi-Fi, hi speed ethernet and blue tooth in an about 2″x3″ “plug in” form (no bigger than a lot of laptop power supplies) the SheevaPlus takes up just an outlet and a little [...]

A new video out of Rutgers University  demonstrates remote control of a rootkit infected open source Linux based smart phone that allows the attackers to use the phone as a listening device without the user being aware that the phone is communicating. While not a new concept (using a cell phone as a bug) the proliferation of [...]

The Portaledge Meta Event release is now available to Digital Bond site content subscribers. It is also recommended that all adopters of Portaledge grab the latest releases of the Availability and Enumeration packages that accompany this release.
Portaledge is Digital Bond’s security event manager (SEM) that  leverages OSIsoft’s PI ACE engine to monitor for, correlate and aggregate potential security events [...]