We routinely use file content checking to retrieve and evaluate configuration settings for the Bandolier security audit files. This is a function of the Compliance Checks plugins for Windows and Unix. It works well as long as the file name is known. What if you want to search for specific content but do not know [...]

I’m at the AREVA User Group meeting in Seattle this week. Good event, great crowd. The attitude and honesty at User Groups is very practical and refreshing. There is a lot of good security information both from the vendor and users, but it is not public so …
The main reason I’m here is to announce [...]

More security audit files are now available from Bandolier, a Digital Bond project funded by the US Department of Energy. We are pleased to announce a beta release package for the following AREVA e-terra components:

e-terraplatform 2.5 (Windows 2003 Server)
e-terraplatform 2.5 (Red Hat Linux 5.3)
e-terrabrowser 3.5 Web Display Server (Windows 2003 Server / IIS)
e-terrabrowser 3.5 Web [...]

UPDATE: Thanks to all those who joined us on the live webinar. We had some great questions and discussion about using the Bandolier security audit files with Nessus to audit your control system applications. For those interested in the slides, you can download them here. If you missed the webinar, it is available for replay. [...]

Sometimes security and functionality are a trade-off. But what about when different aspects of security are at odds? There’s one less of those cases to worry about thanks to a feature that Tenable added to Nessus recently.
The Windows Remote Registry service, as the name implies, allows remote calls to the registry. The service is required [...]

Part of Digital Bond’s Bandolier project involves converting the Nessus security audit files into XCCDF and OVAL for use in other security tools. I had the opportunity this week to attend a class put on by MITRE that covers the standards and applications available for developing security benchmarks. It was very informative for helping distill [...]

I’m presenting Bandolier to a NERC CIP audience in Dallas on Wednesday. We’ve never sold Bandolier as a NERC CIP solution, but it does have a lot of potential for assessment, reporting and audit evidence for several important requirements. There are a couple of SCADApedia articles related to this topic:
1.) Bandolier and NERC CIP: This [...]

Tenable CEO Ron Gula and I will discuss Bandolier in an upcoming webinar. If you have questions about Bandolier, have been waiting to find out more, or are just interested in safely scanning control systems, this event is for you. In addition to the discussion, we’ll actually show some Nessus policies set up for control [...]

The 2009 IEEE International Conference on Technologies for Homeland Security (HST 2009) is happening this week in the Boston, MA area. I’ll be presenting on Bandolier in the “Cyber Infrastructure Architecture and Experience” track.
Many of the topics discussed will be from a broader homeland security perspective than I typically deal with. (Example: there’s a poster [...]

Some observations after going through the tedious process of creating and modifying Windows service policy checks for an upcoming Bandolier release…
1.) The value of the OS-level audit files is different than I first thought.
I blogged about this last year after recognizing that I had mistakenly underestimated the value of the Bandolier OS-level files. The blog [...]