An interesting tech segment on Pauldotcom podcast, episode 110 at 21:00. They compare the design and engineering priorities for an inline IPS and IDS.
Inline IPS Priorities

1. Stability - at all costs stay up and don’t take down the network
2. Performance - don’t slow down the network traffic
3. No false positives - don’t block legitimate network [...]

If the “holy grail” for an hacker is to execute a vulnerability that allows for the installation of a payload (rootkit) that provides control of a remote system, how do defenders prevent this?
Experience has shown that new vulnerabilities arise at a fairly rapid rate and that there is often a lag between the discovery of a vulnerability and the implementation of [...]

We have written quite a bit about intrusion detection and developed SCADA signatures to detect attacks on the SCADA or DCS IP networks and associated DMZ’s, but let me introduce another buzzword to the community: extrusion detection.
The idea behind extrusion detection is you watch what is leaving your network to detect an attacker who has [...]

It seems like there is always one S4 paper that is a technical challenge for me to understand the full impact. This year it is Julian Rrushi and Roy Campbell’s paper, “Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings”. You may remember Julian from last year when as a graduate [...]

The stereotypical behavior of control systems has always seemed like a great opportunity to use anomaly detection to identify cyber attacks. We have considered research in this area but have passed because there wasn’t a good underlying engine to test hypothesis that we could add to. DHS funded two HSARPA projects a few years ago [...]

Not like it’s a topic that needs any more attention, but I thought I would share some opinions from some attendees who gave me a call right after the talk was over with. Within the first two minutes Ganesh and Tipping Point/3Com revealed that they would not be releasing the tool as it would “make [...]

It’s that time of year again where the interesting topics that will be presented at Blackhat, Defcon, and the CCC Camp start popping up. One particular topic at Defcon (other than the hypervisor rootkit stuff) titled “Unraveling SCADA Protocols: Using Sulley Fuzzer” by Ganesh Devarajan of 3Com/Tipping Point caught my eye. This particular line:
…
Once [...]

We have created a SCADApedia entry on Secure DNP3 as a companion to the recent podcast with Grant Gilchrist. We should have a DNP3 entry up in the next day or so for those new to the protocol.
Also don’t forget the DNP3 IDS signatures that have been deployed in many of the commercial IDS and [...]

So Justin Weddington posted some comments in response to Landon’s blog entry on patch proxies that are blogworthy in and of themselves and are relevant to some soul searching we’ve doing here at Digital Bond about the level of detail that is appropriate to be released about SCADA Vulnerabilities that we might happen to discover.
As [...]

Tenable Security, the folks that provide Nessus and the Nessus feed, recently added support for Digital Bond’s SCADA IDS signatures. There approach is a bit different than a typical IDS.
Tenable calls their product a Passive Vulnerability Scanner (PVS) which is a sniffer that finds data similar to a Nessus vulnerability scan, but entirely through direct [...]