Bandolier

From SCADApedia

Bandolier helps asset owners and vendors identify and audit optimal security configuration for control system servers and workstations. In this Department of Energy funded project, Digital Bond partners with leading control system application vendors to establish practical security configuration guidance for SCADA, DCS, and other industrial control system components. Digital Bond then creates and distributes specialized security audit files that can be used with the Nessus vulnerability scanner. Bandolier, in conjunction with Nessus, is the most widely used security tool in industrial control systems.

1 Benefits
2 How it Works
3 Development Approach
4 See Also
5 External Links

[edit]

Benefits

For asset owners and operators, the Bandolier security audit files provide a way to verify that their systems are in an optimal, vendor-supported security configuration – both at the time of delivery to hold the vendors accountable and for ongoing, routine security auditing. In addition, the Bandolier reports provide valuable evidence for NERC CIP and other regulatory compliance requirements. The audit files make it possible to identify if anything has changed from the optimal, vendor-supported security configuration.

Vendors like Telvent, AREVA, and OSIsoft are using Bandolier to help deliver hardened systems. Some are using the security audit files during the acceptance testing process to validate that internal standards are followed. Others are using it for internal patch and update testing to verify that the update doesn't change the security configuration of the system.

[edit]

How it Works

Traditional vulnerability scanning has been dangerous in control system environments due to aging devices, fragile protocol stacks, and poor development practices. Nessus credentialed scanning and Bandolier offers a safe and effective way to assess the security posture of these applications. It does this by making an authenticated connection to the server or workstation. Since the Nessus policy compliance plugins use built-in operating system functionality, there is no client software, service, or agent to install. For Windows, the authentication works with SMB. For Linux and Unix, the authentication works over SSH.

Once Nessus makes the authenticated connection, it simply reads the security configuration values defined in the Bandolier security audit file and compares each one against the current configuration of the machine it is auditing. Each configuration item's status is recorded as a pass or fail. These are then compiled in the report.

Bandolier and Nessus Policy Compliance Process

[edit]

Development Approach

Digital Bond works with control system application vendors to define the optimal security configuration for their application and each one of its server or workstation components. Optimal security configuration is defined as the best possible security configuration that still allows the application to function as designed. Digital Bond helps the vendor identify key security configuration settings at three levels:

Operating System -- Traditional IT security guidance for operating systems rarely works with in control systems without significant modification. Digital Bond goes through a customization process with the vendor, identifying settings such as approved services and operating system permissions.

Supporting Applications -- Third party applications such as web servers and database servers are often found in control systems. Digital Bond identifies security configuration settings at this level, starting with industry guidance where it exists, and customizing for use with the specific control system application components.

Control System Application -- The SCADA or DCS application itself has settings that affect security. Examples include OS-level permissions of key application files, log and audit configuration, and application-level authentication and authorization.

Digital Bond and the control system vendor then test the configuration to verify that the recommended settings do not cause problems with application functionality. Digital Bond then develops the security audit files for each server or workstation component of the control system application.

[edit]