Bandolier: Auditing Control System Security with the Nessus Vulnerability Scanner

Similar documents

Cybersecurity for Energy Delivery Systems 2010 Peer Review. Dale Peterson Digital Bond, Inc. Bandolier and Portaledge

How To Test A Control System With A Network Security Tool Like Nesus

Nessus Agents. October 2015

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Security Event Management. February 7, 2007 (Revision 5)

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Ecom Infotech. Page 1 of 6

Design Document. Team Members: Tony Gedwillo James Parrott David Ryan. Faculty Advisor: Dr. Manimaran Govindarasu

Vulnerability analysis

How To Improve Nasa'S Security

Audit Tools That Won t Break the Bank

Implications of Security and Accreditation for 4DWX (Information Assurance) By Scott Halvorson Forecasters Training 26 February 2009

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Patch Management Integration

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

An Evaluation of Security Posture Assessment Tools on a SCADA Environment

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Client Security Risk Assessment Questionnaire

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Vulnerability Assessment Lab

SCP - Strategic Infrastructure Security

Jumpstarting Your Security Awareness Program

without the fixed perimeters of legacy security.

OPC UA vs OPC Classic

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

IDS and Penetration Testing Lab ISA656 (Attacker)

Automated Patch Management Service

Protecting Critical Infrastructure

Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide. July 16, 2014 (Revision 2)

4. Getting started: Performing an audit

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Nessus and Mobile Device Scanning. November 7, 2014 (Revision 12)

EAC Decision on Request for Interpretation (Operating System Configuration)

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

Security: A Pillar of Wonderware Products and Support Services. By Rashesh Mody, Chief Technology Officer & Vice President of Product Definition

CloudPassage Halo Technical Overview

CloudPassage Halo Technical Overview

nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection

Nessus Cloud User Registration

SANS Top 20 Critical Controls for Effective Cyber Defense

Post Exploitation. n00bpentesting.com

Invensys Security Compliance Platform

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

1. How many user roles are to be tested in Web Application Penetration testing? Provide the approx. no. of input fields in the web application?

TRIPWIRE NERC SOLUTION SUITE

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Cyber Essentials. Test Specification

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

SecurityCenter 5.1 with Nessus Agent Support. October 22, 2015

Vendor System Vulnerability Testing Test Plan

Complete Patch Management

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

IDS and Penetration Testing Lab ISA 674

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

SecurityCenter 4.4 Administration Guide

Breakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager

Ovation Security Center Data Sheet

rating of 5 out 5 stars

Lifecycle Vulnerability Management and Continuous Monitoring with Rapid7 Nexpose

HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

IBM Security QRadar Vulnerability Manager Version User Guide

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Log Correlation Engine 4.6 Quick Start Guide. January 25, 2016 (Revision 2)

Operating System Security Hardening for SAP HANA

CRYPTUS DIPLOMA IN IT SECURITY

2. Installing GFI LANguard Network Security Scanner

Nessus Credential Checks for Unix and Windows

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Bode Collection Point Electronic DNA Sample Information Program Technical Specifications

Using Nessus In Web Application Vulnerability Assessments

eeye Digital Security Product Training

Goals. Understanding security testing

Policy Compliance. Getting Started Guide. January 22, 2016

IT Security and OT Security. Understanding the Challenges

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Web Application Vulnerability Testing with Nessus

LogRhythm and NERC CIP Compliance

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

24/7 Visibility into Advanced Malware on Networks and Endpoints

Nessus Compliance Checks

Vulnerability management lifecycle: defining vulnerability management

Using PowerBroker Identity Services to Comply with the PCI DSS Security Standard

How To Secure Your System From Cyber Attacks

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

NeWT 2.1 User Guide. (December 2004)

Transcription:

Bandolier: Auditing Control System Security with the Nessus Vulnerability Scanner

DOE Roadmap Vision In 10 years control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. Goals: Measure and assess security posture Develop and integrate protective measures Detect intrusion and implement response strategies Sustain security improvements 2

DOE Roadmap and Bandolier Goal Measure and Assess Security Posture Milestones Helps meet all mid-term milestones for goal: Challenge Asset owners performing self-assessments of control systems Metrics available for benchmarking security Asset owners performing compliance audits of control systems Addresses the Roadmap challenge of limited ability to measure and assess cyber security posture and partially addresses the challenge of no consistent cyber security metrics. 3

Identifying the Problem How do we establish an optimal / best possible secure configuration for our control system servers and workstations? How do we verify that this configuration has not changed over time? Can we do this using existing security tools at a low or no additional cost? 4

5 The Solution: Bandolier

Nessus Compliance Checks Safer than traditional scanning Secure management connection, not a scan Evaluates the known good rather than the known bad Customizable for local security policy Exporting to OVAL/XCCDF for use in other vulnerability scanners and security tools 6

7 Multiple Levels of Testing

Audit File Structure Customizable for site-specific policies Each application component has two files Baseline OS File Application-specific File Can be used individually or in tandem 8

Example: Baseline Operating System Checks <item> name: "Minimum password length value: 8 </item> <custom_item> type: FILE_CHECK description : "Permission and ownership check /etc/passwd file: "/etc/passwd owner: "root group: "root mode: "644 </custom_item> 9

Example: Application Specific Checks <custom_item> type: FILE_CONTENT_CHECK description: "Determine if permissions are set correctly for the RealTime Server (bobjacknowledge)" value_type: POLICY_TEXT value_data: "c:\program files\controlsystemapp\config\realtime.cfg" regex: "bobjacknowledge.*" expect: "bobjacknowledge, Permission - Control_SCADA" </item> <custom_item> type: FILE_CONTENT_CHECK description: "Verify that interactive logins are disabled for the ems user file: "/etc/passwd expect: "ems:x:0:15:scada Super User:/lg/:.* regex: "ems:x:0:15:scada Super User:/lg/:/sbin/nologin </custom_item> 10

Bandolier Audit Files: Alpha Release TelventOASyS DNA 7.5 Engineering Station (Windows Server 2003) Historical Server (Windows Server 2003) RealTime Server (Windows Server 2003) XOS Workstation (Windows XP) Siemens Spectrum Power TG 8.2 SCADA Host Server (Linux) SCADA Workstation (Windows XP) Web Host (Windows Server 2003) 11

Bandolier Audit Files: Coming Soon Audit Files for These Control System Applications ABB Ranger AREVA e-terra Emerson Ovation Invensys Wonderware Matrikon OPC Server OPC Foundation UA Server OSIsoft PI SNC-Lavalin ECS GENe 12

Using the Bandolier Audit Files for Nessus Prerequisites Digital Bond Site Subscription ($100/year) Nessus Professional Feed Subscription ($1,200/year) Many organizations already have a Nessus subscription Operational Requirements UNIX/Linux Hosts SSH Connection (TCP Port 22) root account or set of credentials that can use su or sudo Windows Hosts SMB Connection (TCP Port 445) Administrator credentials 13

Interpreting the Audit Results Nessus Scan Results Non-compliant Inconclusive Compliant Additional Information Severity Rating Category (based on ISA99 Foundational Requirements) Link to page on Digital Bond site More documentation Validation and remediation information 14

15 Report Example

Summary Establishes optimal security configurations for control system servers and workstations Allows an asset owner or operator to verify the secure configuration has not changed over time Delivers at least twenty audit files for use in Nessus and other scanners Alpha release audit files available 16

SCADApedia Articles www.scadapedia.com More Information Digital Bond Website and Blog www.digitalbond.com Contact Us info@digitalbond.com 17

Questions? Jason Holcomb Security Consultant and Researcher Digital Bond, Inc. holcomb@digitalbond.com 18