On Wed, Mar 17, 2004 at 03:53:45PM -0500, Ido Dubrawsky wrote: > On Wed, Mar 17, 2004 at 04:30:36PM -0500, dave@private wrote: > > Hello, > > > > I am interested in writing security checks for SCADA specific applications and protocols. Since there are a number of applications nad protocols for power, hvac and water systems, I wanted to see if anyone on the list would be interested in collaborating on this. If so, please let me know. > > > > -dave > > > Dave, > > What specifically are you checking for? I'd be interested in this. > My initial thoughts on this are checks to see if a SCADA environment is somehow reachable from a corporate network. Considering that a Nessus scan takes places in the corporate environment, if a SCADA specific plugin fires, the recommendation would be something to the effect of: "SCADA applications are present. Ensure proper ACLs restrict access into your SCADA environment...etc." This, I feel would be a good starting point. -dave _______________________________________________ Nessus mailing list Nessus@private http://mail.nessus.org/mailman/listinfo/nessus
This archive was generated by hypermail 2b30 : Wed Mar 17 2004 - 13:06:38 PST