Archive for 'Anti-Virus'
S4 Preview: An Analysis of White Listing Security Solutions and Their Applicability In Control Systems
I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]
Author: Dale Peterson
Posted: November 19th, 2009 under Anti-Virus, S4.
Comments: 2
NERC CIP and Application Whitelisting Redux
My recent blog post on application whitelisting, and specifically the Bouncer solution, sparked a lot of offline discussion. One of those conversations was with someone who has a significant stake in NERC CIP and agreed to let me post his comments. I try not to get too involved in hair-splitting discussions about standards compliance but [...]
Author: Jason Holcomb
Posted: October 23rd, 2009 under Anti-Virus, NERC CIP.
Comments: 9
Conficker beFUDdlement
I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on.
That said, there are definitely some interesting things going on with the [...]
Author: Daniel Peck
Posted: April 1st, 2009 under Anti-Virus, Authentication, Firewall / Perimeter, Security Tools.
Comments: 5
Finding The Fox In The Hen House – Practical Tips
Let’s face it, no matter how hard we try, or how elaborate the defense, sometimes the fox gets in the hen house (Or sometimes it just eats at McDonald’s). When I was in college taking a computer systems design course my professor stated that computer technology is invented in fits and starts. For [...]
Author: Paul Asadoorian
Posted: December 2nd, 2008 under Anti-Virus, Bandolier, IDS / IPS, Portaledge, Quickdraw.
Comments: 2
More Thoughts on Application Whitelisting
Let’s get this out of the way — application whitelisting does not equal perfect security. But neither do any of the other host-based security products that are competing to get on your control system servers and workstations. The bloated AV programs that do signature-based scanning, heuristics, packet filtering, and intrusion prevention can’t even solve all [...]
Author: Jason Holcomb
Posted: December 2nd, 2008 under Anti-Virus, Security Tools.
Comments: 3
Reexamining AV in the control system
Antivirus is one of those things that is a standard recommendation on almost any assessment you’ll find, but maybe this is something we need to start rethinking. We all know that for the most part the current AV model is an arms race that’s not very functional, and I think it may be even more [...]
Author: Daniel Peck
Posted: November 24th, 2008 under Anti-Virus, Calculating Risk, SCADA Architecture.
Comments: 1
Does application whitelisting have a chance in control systems?
Last month I ran across the CoreTrace booth at the ISA Expo. Ever since that happenstance introduction, their name and the concept behind their Bouncer product keep popping up in conversations, news feeds, and even Google advertising — mostly in the context of solving SCADA security and compliance issues. Control system server and workstation security [...]
Author: Jason Holcomb
Posted: November 18th, 2008 under Anti-Virus, Security Tools.
Comments: 12
Anti-Virus Rife with Vulnerabilities
Sergio Alvarez and Thierry Zoller of nruns gave an interesting presentation at Hack.lu 2007 on vulnerabilities in anti-virus software (hat tip: Pauldotcom podcast Episode 93, 1:21). One of the main problems is anti-virus software takes in just about every file format and attempts to parse and process it. If the software developer makes a mistake [...]
Author: Dale Peterson
Posted: January 7th, 2008 under Anti-Virus, Security Vendor.
Comments: 7
Tainted Powerpoint the Culprit in Recent Utility Hack
Brian Krebs at the Washington Post’s Security Fix has more detail on a recent utility hack and some grim predictions for 2007 Microsoft Office.
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that [...]
Author: Dale Peterson
Posted: January 8th, 2007 under Anti-Virus, Vulnerability Disclosure.
Comments: none
SCADA and Zotob Worm
Now that the dust has settled a bit a few comments on the worm and how it impacts SCADA.
1) The time between the vulnerability being made public an exploit was five days. Even if a patch is available on the day the vulnerability is released, it is difficult for a SCADA vendor to run regression [...]
Author: Dale Peterson
Posted: August 21st, 2005 under Anti-Virus.
Comments: 1