We had all our asset owner and vendor partners in the Dept. of Energy research project rightly say we need names for the forthcoming tools. So let us introduce the first: Bandolier.
Bandolier will be a set of security audit templates that you will run on Nessus and other popular vulnerability scanners to compare control system […]

A few friends have pointed out we need to come up with a project name or acronym for our DoE research contract project. Suggestions would be welcome. There are three parts to this project, and all are described in more detail in the Project Narrative.
Part 1 - Compliance Auditing with Nessus
The Nessus Vulnerability Scanner […]

We mentioned AppID’s in our introduction of the OPC Security .audit files for use in compliance testing with the Nessus Vulnerability Scanner.
While it is not difficult to find the AppID for your OPC server, we have started a SCADApedia page with the AppID’s to help you out. A lot of this information came from Lluis […]

Part 3 of the recently released OPC Security whitepaper series provided step by step instructions for implementing the available security measures for OPC clients and servers. It is complex, and we wondered if there was a simple way to audit OPC servers compliance with Part 3. We still are wondering, but we have a partial […]

This is an interesting case study post for most readers and important for ICCP users.
In 2006, Matt Franz at Digital Bond discovered a vulnerability in the SISCO stack used in a large percentage of ICCP servers. Following our responsible disclosure process, we reported this to the vendor and US-CERT /CERT. On January 17, 2007, US-CERT […]

I was interviewed yesterday by Ron Gula about SCADA security issues, active and passive scanning of control systems, and the SCADA plugins for Nessus.
Download and listen to the MP3 interview
Check out the Tenable Network Security Blog for the latest tips on how to use Nessus.

Digital Bond has spent the last few months developing SCADA plugins for the very popular Nessus vulnerability scanner in a research project funded and assisted by Tenable Network Security. We are proud to announce the first set of plugins is now released and available in Tenable’s Direct Feed.
Tenable Network Security has a detailed blog entry that […]

Similar to my 2nd blog on Nessus ICCP Checks, here are some screen shots from the OPC checks we’ve been developing with Tenable for Nessus 3.
The first shows the output of the base OPC Detection plugin that identifies OPC applications and CLSIDs installed on the host. The security note would show up along side any […]

A while back I blogged a bit about one of the plugins we wrote for for Nessus. Here I’ll add some screenshots that better show how it might be used.
By clicking port 102 we can quickly see all the ICCP server on our network and which have security holes and notes. We can then drill […]

Although we showed screenshots several weeks back, we haven’t showed any scan output yet for the SCADA Nessus Plugins we’ve been developing with Tenable.
For this one I’m just running this from the command line, but this is what would show up the Nessus Scan report if the ICCP Server detection plugin successfully found an ICCP […]