On Thu, Mar 18, 2004 at 10:04:23AM -0500, Scott Lovrien wrote:
> > Hello,
> >
> > I am interested in writing security checks for SCADA specific applications
> and protocols. Since there are a number of applications nad protocols for
> power, hvac and water systems, I wanted to see if anyone on the list would
> be interested in collaborating on this. If so, please let me know.
> >
> > -dave
>
> Dave
>
> I have been following this string with a fair amount of interest as I have
> performed more than a few Risk Assessments for Utilities (water, gas,
> electric) companies utilizing SCADA. It has always been assumed by these
> companies that the separation between their SCADA systems and corporate
> networks was clearly delineated.
>
> Not so. As a member of the ISA (Instrumentation, Systems and Automation
> Society) I have been lending a hand writing the SP-99 SCADA IT Security
> Standard and see the gap in my SCADA-specific testing with regards to
> Nessus.
>
> Corporate and SCADA systems are now more fully intertwined than ever. With
> the proliferation of Ethernet-based SCADA networks (and WIRELESS) - I would
> like to see plugins that start out by testing for banners on SCADA servers
> and target specific SCADA-based port utilization on the firewalls and
> routers. Once that first step is taken, it should open up other plugin
> opportunities.
>
> I am not a programmer, but perhaps I can help with insights and
> requirements.
>
Scott,
thanks to you and everyone else who e-mailed me directly expressing interest in this topic.
I've put together a short list of goals and requirments. This will hopefully be improved
if it is received well by the community.
------------
Overview:
In many instances, the isolation of a SCADA system to the a corporate network
is determined from interviews with IT administrative staff and other personnel. This interview
based approach leaves too much room for error. For ease management, it is also becoming more
common for administrators to establish portals from the corporate network into the SCADA
environment. Given this, and the transition of SCADA proprietary protocols to Ethernet,
SCADA systems will become more exposed to threats commonly reserved for corporate networks.
Goals:
Initial - Warn when SCADA specific applications and protocols are enumerated from a corporate environment.
Future - Enhance Nessus in order to provide a more complete picture of any assessed SCADA environment. In
this regard, customize a SCADA plugins FAMILY that will serve to map, non-aggresively,
applications and protocols in use within a SCADA environment
Requirements:
1) Who's needed:
a. individuals who work with SCADA systems closely on a day-to-day basis
b. individuals proficient with coding nessus security checks
c. individuals with tech writing experience to help coalesce any threads regarding this topic
and any other documentation which may emerge from this project
2) What's needed:
a. methods for enumerating SCADA specific protocols
b. banners and descriptions for SCADA specific applications
c. a mapping of *well-known-ports* for SCADA specific applications
d. risks associated with SCADA applications that can be incorporated into plugin findings and solutions
-------------
This document will be maintained as is currently posted here:
http://www.norootsquash.net/cgi-bin/scada.pl
I invite everyone who is interested in this topic to participate. If anyone foresees a need or
requirement that is not included in this list, please e-mail your suggestions.
cheers,
-dave
_______________________________________________
Nessus mailing list
Nessus@private
http://mail.nessus.org/mailman/listinfo/nessus
This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 11:12:32 PST