Do you have HVAC systems on your internal network?

by Ron Gula on February 10, 2014

If you have not heard the news yet, Brian Krebs has reported that the recent Target breach occurred when hackers broke into the network of a company that managed the company's heating, ventilation and air conditioning (HVAC) systems. The intruders leveraged the trust and network access granted to them by Target and then from these internal systems broke into the point of sale (POS) systems and stole credit and debit card numbers, as well as other personal customer information. We can learn a lot from this incident. In this blog, we will discuss Tenable's approach to identifying HVAC systems,...

Are you sure you don’t have a control system on your network?

by Ron Gula on July 22, 2013

This blog entry describes many of the recent advances Tenable has made with active and passive detection of SCADA and ICS devices on networks. There has been a dramatic increase in devices and applications that control power, industrial processes, and even our homes. With almost 600 public SCADA vulnerabilities, 214 of them disclosed in 2012, Tenable has kept pace with these advances by developing new forms of detection for Nessus and the Passive Vulnerability Scanner.

Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor

by Paul Asadoorian on May 14, 2012

Embedded Device Security Woes Having researched embedded device security for quite some time, it never ceases to amaze me how manufacturers present vulnerabilities in their products. While I do not want to start picking on specific manufacturers (as the development process is not as easy as one might think), RuggedCom's Rugged Operating System (ROS) recently had a vulnerability disclosed. According to their website: "RuggedCom [a Siemens business unit] designs and manufactures rugged communications equipment for harsh environments." They produce a full product suite, from Ethernet switches to wireless networking, aimed at industrial (SCADA) usage. A recent vulnerability detailed how remote management services, including TELNET and SSH on select firmware versions, contained a factory backdoor. The username of "factory" and a password derived from the MAC address could be used to log into the device. The MAC address for the devices is displayed in the login banner before entering the username and password. A post to the Full Disclosure mailing list on April 23, 2012, revealed this vulnerability to the public. Scanning Your Network For The Vulnerability

New SCADA Plugins for Nessus and Tenable PVS

by Paul Asadoorian on January 31, 2012

Assessing the security of SCADA devices has always been a challenging task. SCADA devices are used in several critical infrastructure industries, including power plants, manufacturing, chemical processing, and nuclear reactors. Thus, the high availability and security of these devices are of the utmost importance. The challenge lies in assessing the security of SCADA devices without causing any adverse effects. The special purpose-built systems often operate within a limited scope and use protocols that are specific to the tasks being performed, such as Modbus, OPC, and DNP3. In 2006, Tenable Network Security released the first Nessus® vulnerability scanner and Tenable Passive Vulnerability Scanner (PVS) SCADA plugins (you can read the original release notes for PVS in a post titled " SCADA Network Monitoring " and the original release for Nessus titled " SCADA Checks For Nessus 3 "). In April 2011, a new round of SCADA plugins were released for Nessus (covering devices from Movicon, 7-Technologies, and more). Tenable is now pleased to announce the availability of additional SCADA plugins for Nessus ProfessionalFeed, Tenable SecurityCenter, and PVS users. Tenable's research team worked alongside SCADA experts from Digital Bond to test and identify a wide variety of common SCADA devices. The plugins were announced at Digital Bond’s S4 Conference on SCADA security held on January 19, 2012. Note: Digital Bond’s Dale Peterson joined us on the Tenable Network Security podcast episode 110 and spoke about the new plugins and SCADA security. Below is a sample of some of the new SCADA plugins:

Tenable Releases New SCADA Plugins

by Brian Martin on April 1, 2011

Supervisory Control And Data Acquisition , or SCADA, generally refers to the computers that control industrial and infrastructure systems. These include systems found in power plants, nuclear reactors, commercial buildings and more. The last few weeks have seen another serious blow to the perception of SCADA security. On March 21 st , Luigi Auriemma posted to the Full-Disclosure mail list announcing his research and vulnerability findings in SCADA products from vendors such as Siemens, Iconics, 7-Technologies and DATAC. Auriemma’s post included links to 34 advisories ranging from overflows to denial of service. Due to the sensitive nature of SCADA systems and the resources they control, his research made the news . A day later, Ruben Santamarta (aka reversemode) announced the availability of vulnerability information in SCADA vendors including Advantech/BroadWin and CSE-Semaphore. The next day, US-Cert issued an advisory about SQL injection vulnerability in Ecava IntegraXor , another SCADA system.