Re: SCADA plugins for nessus

From: dave@private
Date: Wed Mar 17 2004 - 13:44:15 PST

  • Next message: dave@private: "[Plugins-writers] Re: SCADA plugins for nessus"

    On Wed, Mar 17, 2004 at 03:53:45PM -0500, Ido Dubrawsky wrote:
    > On Wed, Mar 17, 2004 at 04:30:36PM -0500, dave@private wrote:
    > > Hello,
    > > 
    > > I am interested in writing security checks for SCADA specific applications and protocols. Since there are a number of applications nad protocols for power, hvac and water systems, I wanted to see if anyone on the list would be interested in collaborating on this. If so, please let me know.
    > > 
    > > -dave
    > > 
    > Dave,
    > 
    >   What specifically are you checking for?  I'd be interested in this.
    > 
    My initial thoughts on this are checks to see if a SCADA environment is somehow reachable from a corporate network. Considering that a Nessus scan takes places in the corporate environment, if a SCADA specific plugin fires, the recommendation would be something to the effect of: "SCADA applications are present. Ensure proper ACLs restrict access into your SCADA environment...etc." This, I feel would be a good starting point.
    
    -dave
    _______________________________________________
    Nessus mailing list
    Nessus@private
    http://mail.nessus.org/mailman/listinfo/nessus
    



    This archive was generated by hypermail 2b30 : Wed Mar 17 2004 - 13:06:38 PST