Archive for 'The Rack'
A Peek Into A Control System App Assessment, Part 1
First things first, we’ve been given the application we’re going to access, we’ve built up our testing environment, usually a virtual machine or some sort, and we’re ready to get going. The application in question serves as a SCADA server, historian, and can serve HMI displays through a native client or a web interface. Using [...]
Author: Daniel Peck
Posted: June 2nd, 2010 under The Rack, Vulnerability Disclosure.
Comments: none
A Peek Into A Control System App Assessment
We have tried to find ways to give loyal blog readers a view into how Application Assessments are done and how bad the situation is with many control system applications.
Recently Daniel spent a couple of days black box testing a widely used control system application for an in-house project, and as we were writing [...]
Author: Dale Peterson
Posted: June 1st, 2010 under The Rack, Vulnerability Disclosure.
Comments: none
FISMA / SP800-53 is not Utopia?
The first potentially successful effort in the US to have a control system security standard that had must and shall requirements and an audit plan was NERC CIP for the electric sector. The standards were first written broadly with general security requirements that could be met with a number of implementation choices that a security [...]
Author: Dale Peterson
Posted: April 26th, 2010 under Calculating Risk, NERC CIP, The Rack, US Government.
Comments: 5
Security Metrics Presentation at SANS Summit
Jason and I wrote a paper for S4 this year that attempted to create a configuration security metric for a control system component, such as a HMI, Historian, Realtime Server, … We cross referenced NIST SP800-53 against available configuration data from Bandolier to come up with a set of configuration related categories and [...]
Author: Dale Peterson
Posted: April 5th, 2010 under Calculating Risk, The Rack.
Comments: 1
File Integrity Checking with Bandolier and Nessus
We’ve covered a number of ways to safely and effectively use Nessus in control system environments, most notably using the Bandolier security audit files in conjunction with the Nessus policy compliance plugins. In my post about NERC CIP 007 R1 Testing, I alluded to file integrity checking for Linux and Unix servers. Since we haven’t [...]
Author: Jason Holcomb
Posted: March 31st, 2010 under Bandolier, The Rack.
Comments: none
See Bandolier in Action
Bandolier is our DOE-funded project where we are working with control system application vendors to define optimal security configuration for the various components (HMI’s, Historians, Realtime Servers, etc…). We then develop Nessus audit files that allow an asset owner/operator to audit their systems. Loyal blog readers have heard us discuss many facets of the project [...]
Author: Jason Holcomb
Posted: March 16th, 2010 under Bandolier, The Rack.
Comments: 1
Fuzzing, practical dumb fuzzing
We’ve had a lot of posts about fuzzing on the blog lately. We’ve looked at the latest technologies and techniques, we’ve talked about fuzzers, intelligent versus dumb, some of the tradeoffs involved with design choices, and in the future we’re going to talk some more about some of the commercial offerings in the space [...]
Author: Daniel Peck
Posted: March 3rd, 2010 under The Rack.
Comments: 1
Using Bandolier and Nessus for CIP-007 R1 Testing
Testing has always been part of making changes to a control system. When a change is made (e.g. new component, upgrade, patch), we have to know if everything is still going to work. Progressive asset owners have incorporated a security element into their functional testing for a while now. Some would even argue that it’s [...]
Author: Jason Holcomb
Posted: February 19th, 2010 under Bandolier, NERC CIP, The Rack.
Comments: none
Advanced Security Training Pre-ICSJWG
Digital Bond’s class, Using and Customizing SCADA Security Tools, was a sellout when first offered the day prior to S4 last month. It teaches advanced students how to use and customize the Bandolier Security Audit Files and the SCADA IDS preprocessors, plugins and signatures. The goal is to help asset owners and vendors take [...]
Author: Dale Peterson
Posted: February 15th, 2010 under Bandolier, DHS Research Project, The Rack.
Comments: 1
SAGE and the increasing smarts in fuzzers
Fuzzing is growing up. From the academics of the late 80s throwing random data at unix command line tools, to the early work by researchers and commercial groups in the last 90s and early 2000s, to the explosion of fuzzing topics at conferences around the world about 5 years ago its come a long way.
As [...]
Author: Daniel Peck
Posted: February 11th, 2010 under Microsoft, Security Tools, The Rack.
Comments: none