Main menu:

• Home
• S4 2009
• Consulting
• Research
  • Bandolier
  • Honeynet
  • ICCP Test Tools
  • IDS Signatures
  • NetDDE Exploit Tools
  • OPC Test Tools
• Events
• Subscribe
• About Us
• Resources

 

 

 

AAA  AAA 

OPC Test Tools

The OPC protocol is used in many control system industry sectors for passing information between different system or applications and a variety of other purposes. OPC clients and servers run on Windows systems and require DCOM which introduces challenges in securing these systems. In 2007, Digital Bond and Byres Research wrote a three part whitepaper series on OPC Security.

• OPC Security: Part 1 . Part 1 includes the results from an OPC security survey and an overview of the different OPC specifications such as DA, HDA and A&E.
• OPC Security: Part 2 . Part 2 describes risks and vulnerabilities in OPC clients and servers.
• OPC Security: Part 3 . Part 3 gives step by step guidance to secure OPC clients and servers.

Digital Bond has also worked with Tenable Network Security to develop SCADA plugins for the Nessus Vulnerability scanner. The combination of our work with Nessus and OPC security whitepaper led to the development of an OPC audit tool that works with the Policy Compliance Family of Nessus plugins.

The .audit files developed for OPC servers on three Windows operating systems will compare the OPC server configuration to the recommendations in Part 3 of the OPC Security whitepaper. For optimal results asset owners will need to modify the .audit file for their build and OPC server version, but modification instructions are provided in the documentation.

• OPC Server Audit Document
• OPC Server .audit file for Windows 2000
• OPC Server .audit file for Windows 2003
• OPC Server .audit file for XP