AAA  AAA 

Archive for 'DoE Research Project'

Linux password strength, pam_cracklib, and Nessus compliance checks

Need to update your Linux password policy for better security and/or regulatory compliance (NERC CIP-006 R5.3, perhaps)? In many Linux systems, pam_cracklib is used to enforce password strength requirements but the default settings can be a little confusing. In this post, we’ll demystify some of the options for this handy little library and show how […]

Portaledge and PI Interfaces

We will be using many different PI interfaces for data collection on the Portaledge project. OSIsoft has some excellent interfaces for IT monitoring that will be extremely helpful for attack correlation. I’ve been adding some content to SCADApedia regarding these IT interfaces. I will continue to update the site as I delve […]

Bandolier Update: Tru64 and Nessus Compliance Checks

Good news, the Nessus compliance checks work on Tru64 UNIX! Why, might you ask, does anyone care about Tru64? Well, let me tell you… even though support for the OS ends in 2011 and people are generally moving to new platforms, we continue to see Tru64 on many of our control system assessments running very […]

Identifying Security Relevant IEC 61850 Events

The widespread deployment and integration of the IEC 61850 standard in electrical substations, hydroelectric power plants, wind power plants, etc., adds a new challenge to security event analysis, namely what IEC 61850 events are to be deemed as being relevant from the security perspective.
Probably the very first data objects to look at are those which […]

Bandolier Update: The Real World

When I first got started with Bandolier, I thought the bulk of the value would be in the security checks of the control system application itself. Getting to this information involves digging into how the app works, identifying the most secure configuration, and finally writing the appropriate compliance check. What I’ve found, however, is that […]

Portaledge Part III - Security Event Tags

This is a challenge. In Part I we identified the security events we wanted to look at. In Part II we talked about the PI interfaces that can pass events from a wide variety of data sources to PI. In Part III we delve into the challenge of creating tags in PI for the various […]

Portaledge Part II - Getting Diverse Security Events Into PI

Part I covered identifying security events in a very diverse set of data sources. The next step is to get those security events into OSIsoft’s PI or other historian so we can aggregate and correlate to detect attacks. Fortunately this is an area where PI really shines through a wide variety of interfaces.
The most popular […]

Bandolier Update: Full speed ahead

Bandolier has definitely ramped up to full speed! I cannot mention names yet but the first assessments are complete and we are actively developing Nessus audit files.
One of the key parts of Bandolier is working with the vendors and asset owners to define a secured, “gold standard” system. We are looking at all levels – […]

Portaledge (PI SCADA SEM) - Part I: Overview and Identifying the Data

Our Dept. of Energy funded research project will result in a number of different tools for Digital Bond site subscribers. We have blogged on Bandolier, the development of control system security audit templates for Nessus and other vulnerability scanners. Now let me introduce you to the part of the project we are calling Portaledge.
Portaledge Overview
A […]

Bandolier Update: Sorting through the acronyms – XCCDF and OVAL

There are a number of acronyms related to various security efforts that we’ve thrown around while discussing the Bandolier project (XCCDF, OVAL, SCAP, FDCC, etc…). I thought it would help to have a brief discussion about how each of these relate to one another and Bandolier. We’ve added some SCADApedia entries for XCCDF and OVAL, […]