Archive for 'Bandolier'
Bandolier Course Outline
We are offering our Advanced Training Course on April 5th in San Antonio to make it convenient for those attending ICSJWG’s Spring Meeting on April 6 – 8. The afternoon module is on using and customizing our SCADA IDS preprocessors, plugins and signatures developed with funding from a DHS S&T contract.
The morning module will [...]
Author: Dale Peterson
Posted: March 9th, 2010 under Bandolier, IDS / IPS.
Comments: none
Customize Bandolier to Get 100% Audits
When we are working with asset owner clients I often find myself thinking or saying, “If I was responsible for the security of this control system I would …” These are usually related to issues of implementing and maintaining an acceptable security posture over time. Customizing Bandolier Security Audit Files would be high on my [...]
Author: Dale Peterson
Posted: February 23rd, 2010 under Bandolier.
Comments: none
Using Bandolier and Nessus for CIP-007 R1 Testing
Testing has always been part of making changes to a control system. When a change is made (e.g. new component, upgrade, patch), we have to know if everything is still going to work. Progressive asset owners have incorporated a security element into their functional testing for a while now. Some would even argue that it’s [...]
Author: Jason Holcomb
Posted: February 19th, 2010 under Assessment Tools, Bandolier, NERC CIP.
Comments: none
Advanced Security Training Pre-ICSJWG
Digital Bond’s class, Using and Customizing SCADA Security Tools, was a sellout when first offered the day prior to S4 last month. It teaches advanced students how to use and customize the Bandolier Security Audit Files and the SCADA IDS preprocessors, plugins and signatures. The goal is to help asset owners and vendors take [...]
Author: Dale Peterson
Posted: February 15th, 2010 under Assessment Tools, Bandolier, DHS Research Project.
Comments: 1
Credentialed Scanning Video
This is timely considering my post about credentialed scanning earlier this week… Paul Asadoorian over at Tenable posted a video today that demonstrates Nessus credentialed scanning. You can get a look at how to set up a patch audit and netstat port scan, where to put the credentials, etc…
Another important thing Paul covers is setting [...]
Author: Jason Holcomb
Posted: January 27th, 2010 under Assessment Tools, Bandolier, Security Tools.
Comments: none
3 Reasons You Should Be Using Credentialed Scanning
Scanning with credentials has opened a new frontier for security assessment. Here’s an analogy: traditional vulnerability scanning is like a mechanic evaluating a car just by looking at the outside and listening to the motor run. It’s useful but there is so much more information available by looking under the hood and plugging into the [...]
Author: Jason Holcomb
Posted: January 25th, 2010 under Assessment Tools, Bandolier.
Comments: 2
Nessus Gets an Extreme Makeover
Tenable officially released Nessus 4.2 today. I’ve been using a beta copy for a few weeks now so I thought I’d weigh in with my initial observations.
First, I’m going to recognize a certain bias here. I’ve done thousands of scans over the last couple of years with the Nessus client that, aesthetically and functionally, hasn’t [...]
Author: Jason Holcomb
Posted: December 1st, 2009 under Assessment Tools, Bandolier.
Comments: none
Auditing Event Logs with Nessus and WMI
Recently Digital Bond colleague, Jason Holcomb, posted an example of how to use WMI to ensure that only approved Windows services are running on your system. Below is another example of how to use WMI to assess your known good configuration and shorten your custom audit files.
Example: How can you check that your Application/System/Security event [...]
Author: Marco Cajina
Posted: November 19th, 2009 under Assessment Tools, Bandolier.
Comments: 2
Auditing Approved Services with Nessus Policy Compliance and WMI
With the Nessus policy compliance plugins you can check settings for password policy, auditing, logging, file permissions, services, and a host of other items through configuration files and registry keys. This type of authenticated scanning is the the technology that makes Bandolier possible.
A key part of configuration auditing and host hardening is verifying that a [...]
Author: Jason Holcomb
Posted: November 2nd, 2009 under Assessment Tools, Bandolier.
Comments: none
Database Auditing for Control System Applications
Whether it’s for real-time, historical, or some other purpose, there are databases of all shapes and sizes in control systems. Two questions regarding these databases:
1.) How do we verify that they are in a secure state?
2.) Can we learn or measure anything about the application security from the data inside them?
Tenable added database audit capability [...]
Author: Jason Holcomb
Posted: October 14th, 2009 under Assessment Tools, Bandolier, Security Tools.
Comments: 1