Archive for 'Bandolier'
More notes on UAC, Bandolier
Following up from yesterday’s post, here are a few more notes on UAC and Bandolier.
First, my earlier post focused on Windows 7 but I probably should mention that UAC applies to 2008 server as well. The UAC implementation on the original 2008 server is similar to Vista, with 2008 R2 being more similar to Windows [...]
Author: Jason Holcomb
Posted: August 26th, 2010 under Bandolier.
Comments: none
UAC, Windows 7 and Bandolier
We’re develoing our first set of Bandolier audit files that will include Windows 7 components. The control system community, for the most part, has not embraced Windows Vista so Windows 7 is the first exposure for many to User Account Control (UAC). UAC is perhaps the most hated “feature” of Vista — the constant prompts [...]
Author: Jason Holcomb
Posted: August 25th, 2010 under Bandolier.
Comments: 4
EnergySec Agenda / Bandolier Class
EnergySec puts on a great electric sector control system security event every year, and it is a bargain at $150. The agenda is now out for this year’s event in Denver, Sept 21 and 22.
Looking at the agenda the highlight for me are presentations from James Arlen, Dave Lewis and Patrick Miller. These three always [...]
Author: Dale Peterson
Posted: August 15th, 2010 under Bandolier, Conferences.
Comments: none
Bandolier Training Class after EnergySec
We are teaching our half day training class on Auditing Control System Security Configuration With Nessus and Bandolier — this time on Sept 22nd in Denver after EnergySec. In this course you learn how to use Bandolier, customize the Bandolier Security Audit Files, and use other Nessus credentialed checks for both security and NERC CIP [...]
Author: Dale Peterson
Posted: August 9th, 2010 under Bandolier, Conferences.
Comments: none
Dept of Energy Peer Review
Last week I attended, presented and tweeted at the Dept of Energy Cybersecurity For Energy Delivery Systems Peer Review. The idea is DoE funds all these research projects, and they would like a group of owner operators and other industry guru’s to help determine if the projects will help secure the energy sector’s critical control [...]
Author: Dale Peterson
Posted: July 26th, 2010 under Bandolier, Dept. of Energy, Portaledge.
Comments: none
Learning from the Stuxnet/WinCC Malware
SCADA-targeted malware was inevitable and I suspect, despite the fact that it took this long to happen, that we haven’t seen the last of it. There’s a forest and trees lesson here that I hope we learn through this. Before we get too carried away on a specific vulnerability and throwing stones at software vendors, [...]
Author: Jason Holcomb
Posted: July 21st, 2010 under APT, Anti-Virus, Bandolier.
Comments: 3
Oracle Housekeeping
I’ve seen my fair share of Oracle databases in control systems and have been thinking more about it since working on some Bandolier Security Audit Files for a SCADA system with an Oracle component. With that in mind, here are a few bits of Oracle-related news and tips.
Oracle announced today that this quarter’s cycle includes [...]
Author: Jason Holcomb
Posted: July 13th, 2010 under Bandolier, Patching.
Comments: 1
Cisco IOS Auditing
Earlier this month Tenable released a new policy compliance plugin for Nessus that allows auditing of Cisco router and switch configuration. You don’t have to read very far on the Digital Bond blog to learn that I’m a fan of the Nessus policy compliance plugins and credentialed scanning in general. This is the technology that [...]
Author: Jason Holcomb
Posted: July 1st, 2010 under Bandolier.
Comments: 3
Auditing Oracle in Control System Applications
I’m working on a set of Bandolier Security Audit Files for a SCADA system that’s new to the project. The system includes an Oracle database so, along with the SCADA application and underlying operating systems, we are developing checks for the database server to verify that it is in an optimal security configuration. In this [...]
Author: Jason Holcomb
Posted: June 14th, 2010 under Bandolier.
Comments: 1
New and Improved Documentation Now Available for Bandolier
A typical SCADA or DCS has thousands of settings that affect security spread out over the different server and workstation components. If you’re an asset owner, how do you know that your system is delivered with a secure configuration? How can you validate that at FAT and SAT and audit the configuration periodically over time? [...]
Author: Jason Holcomb
Posted: May 25th, 2010 under Bandolier.
Comments: none