We are offering our Advanced Training Course on April 5th in San Antonio to make it convenient for those attending ICSJWG’s Spring Meeting on April 6 – 8. The afternoon module is on using and customizing our SCADA IDS preprocessors, plugins and signatures developed with funding from a DHS S&T contract.
The morning module will [...]

When we are working with asset owner clients I often find myself thinking or saying, “If I was responsible for the security of this control system I would …” These are usually related to issues of implementing and maintaining an acceptable security posture over time. Customizing Bandolier Security Audit Files would be high on my [...]

Testing has always been part of making changes to a control system. When a change is made (e.g. new component, upgrade, patch), we have to know if everything is still going to work. Progressive asset owners have incorporated a security element into their functional testing for a while now. Some would even argue that it’s [...]

Digital Bond’s class, Using and Customizing SCADA Security Tools, was a sellout when first offered the day prior to S4 last month. It teaches advanced students how to use and customize the Bandolier Security Audit Files and the SCADA IDS preprocessors, plugins and signatures. The goal is to help asset owners and vendors take [...]

This is timely considering my post about credentialed scanning earlier this week… Paul Asadoorian over at Tenable posted a video today that demonstrates Nessus credentialed scanning. You can get a look at how to set up a patch audit and netstat port scan, where to put the credentials, etc…
Another important thing Paul covers is setting [...]

Scanning with credentials has opened a new frontier for security assessment. Here’s an analogy: traditional vulnerability scanning is like a mechanic evaluating a car just by looking at the outside and listening to the motor run. It’s useful but there is so much more information available by looking under the hood and plugging into the [...]

Tenable officially released Nessus 4.2 today. I’ve been using a beta copy for a few weeks now so I thought I’d weigh in with my initial observations.
First, I’m going to recognize a certain bias here. I’ve done thousands of scans over the last couple of years with the Nessus client that, aesthetically and functionally, hasn’t [...]

Recently Digital Bond colleague, Jason Holcomb, posted an example of how to use WMI to ensure that only approved Windows services are running on your system.  Below is another example of how to use WMI to assess your known good configuration and shorten your custom audit files.
Example: How can you check that your Application/System/Security event [...]

With the Nessus policy compliance plugins you can check settings for password policy, auditing, logging, file permissions, services, and a host of other items through configuration files and registry keys. This type of authenticated scanning is the the technology that makes Bandolier possible.
A key part of configuration auditing and host hardening is verifying that a [...]

Whether it’s for real-time, historical, or some other purpose, there are databases of all shapes and sizes in control systems. Two questions regarding these databases:
1.) How do we verify that they are in a secure state?
2.) Can we learn or measure anything about the application security from the data inside them?
Tenable added database audit capability [...]