[Plugins-writers] Re: SCADA plugins for nessus

From: David Kyger (dave@private)
Date: Thu Mar 18 2004 - 11:50:17 PST

  • Next message: David Kyger: "Re: SCADA plugins for nessus"

    On Thu, Mar 18, 2004 at 10:04:23AM -0500, Scott Lovrien wrote:
    > > Hello,
    > >
    > > I am interested in writing security checks for SCADA specific applications
    > and protocols. Since there are a number of applications nad protocols for
    > power, hvac and water systems, I wanted to see if anyone on the list would
    > be interested in collaborating on this. If so, please let me know.
    > >
    > > -dave
    > 
    > Dave
    > 
    > I have been following this string with a fair amount of interest as I have
    > performed more than a few Risk Assessments for Utilities (water, gas,
    > electric) companies utilizing SCADA.  It has always been assumed by these
    > companies that the separation between their SCADA systems and corporate
    > networks was clearly delineated.
    > 
    > Not so. As a member of the ISA (Instrumentation, Systems and Automation
    > Society) I have been lending a hand writing the SP-99 SCADA IT Security
    > Standard and see the gap in my SCADA-specific testing with regards to
    > Nessus.
    > 
    > Corporate and SCADA systems are now more fully intertwined than ever.  With
    > the proliferation of Ethernet-based SCADA networks (and WIRELESS) - I would
    > like to see plugins that start out by testing for banners on SCADA servers
    > and target specific SCADA-based port utilization on the firewalls and
    > routers.  Once that first step is taken, it should open up other plugin
    > opportunities.
    > 
    > I am not a programmer, but perhaps I can help with insights and
    > requirements.
    > 
    
    Scott,
    
    thanks to you and everyone else who e-mailed me directly expressing interest in this topic.
    
    I've put together a short list of goals and requirments. This will hopefully be improved
    if it is received well by the community. 
    
    ------------
    
    Overview:
    
    In many instances, the isolation of a SCADA system to the a corporate network
    is determined from interviews with IT administrative staff and other personnel. This interview
    based approach leaves too much room for error. For ease management, it is also becoming more 
    common for administrators to establish portals from the corporate network into the SCADA 
    environment. Given this, and the transition of SCADA proprietary protocols to Ethernet, 
    SCADA systems will become more exposed to threats commonly reserved for corporate networks.
    
    
    Goals:
    
    Initial - Warn when SCADA specific applications and protocols are enumerated from a corporate environment.
    
    Future - Enhance Nessus in order to provide a more complete picture of any assessed SCADA environment. In
    	this regard, customize a SCADA plugins FAMILY that will serve to map, non-aggresively, 
    	applications and protocols in use within a SCADA environment
    
    
    Requirements:
    
    1) Who's needed:
        a. individuals who work with SCADA systems closely on a day-to-day basis
        b. individuals proficient with coding nessus security checks
        c. individuals with tech writing experience to help coalesce any threads regarding this topic
           and any other documentation which may emerge from this project
    
    2) What's needed:
        a. methods for enumerating SCADA specific protocols
        b. banners and descriptions for SCADA specific applications 
        c. a mapping of *well-known-ports* for SCADA specific applications
        d. risks associated with SCADA applications that can be incorporated into plugin findings and solutions 
    
    -------------
    
    This document will be maintained as is currently posted here:
    
    http://www.norootsquash.net/cgi-bin/scada.pl
    
    I invite everyone who is interested in this topic to participate. If anyone foresees a need or
    requirement that is not included in this list, please e-mail your suggestions.  
    
    cheers,
    -dave
    
    
    
    
    
    
    
    
    
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    



    This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 11:12:08 PST