Last week, I discussed the updates to the active profiles and port ranges within rules features. Today, I wanted to talk about a couple encryption and authorization features. Specifically, the ability to dynamically create encryption tunnels and manage the users/computers that can and cannot communicate to the firewalled network service.
The dynamic encryption feature [...]

Recently, I was onsite at a vendor’s office as part of the Bandolier project and ran into a situation where the Win2k3 firewall was not enabled or configured. After the onsite visit and a little Firewall enabling, I started to think about how much the Windows Firewall has changed since WinXP/Win2k3. Specifically, I [...]

When stories about Internet based attacks on control systems, like the 60 Minutes story, appear on sites like Slashdot, most people question the need to attach the control network to  another network.  In my previous position at a National Laboratory, I have seen proper network segregation implemented successfully, though at times it can be a [...]

First – Don’t forget to get your abstracts in to present a paper at S4 2010 in January in beautiful Miami Beach. The deadline for submission is Sept 15th, and we have some papers already accepted so don’t miss your chance.
This weeks online paper from past S4 events is from Ludovic Piètre-Cambacédès and Pascal Sitbon [...]

Many of us in the Control System community feel pretty secure in the belief that our critical networks are not directly connected to the internet, and as such are insulated from attack. Apparently (and as oft has been stated) this is not sufficient protection, if the control systems communicates with a network that does have [...]

I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on.
That said, there are definitely some interesting things going on with the [...]

I’ve talked to a few people recently who have control system security responsibility but are on a very tight or non-existent budget. Some things, like the network taps that we discussed recently, do have significant cost but there are many basic security steps that can be taken with little or no capital expense. We’ll identify [...]

Richard Bejtlich asks the question “Why Network Taps?” over at the TaoSecurity blog this week. I’m a huge fan of network taps for IDS, general monitoring and troubleshooting. It’s hard to beat the visibility a tap provides at your network entry and exit points. Bejtlich spells out several reasons why taps are a good idea [...]

It’s a busier day than usual in regards to network security, and a couple of those events are worth noting here.
For starters it looks like some malware delivery website(s) are targeting industrial control software.  An older vulnerability in an ActiveX control included with ICONICS OPC-enabled visualization tools is being actively exploited by at least one [...]

If the “holy grail” for an hacker is to execute a vulnerability that allows for the installation of a payload (rootkit) that provides control of a remote system, how do defenders prevent this?
Experience has shown that new vulnerabilities arise at a fairly rapid rate and that there is often a lag between the discovery of a vulnerability and the implementation of [...]