The research for the SCADA plugins has yielded four types of SCADA plugins:
- device specific checks for Modicon PLCs
- application specific checks for Windows OS based SCADA components (through Windows RPC calls)
- protocol specific checks to find COTP and Modbus
- checks for known SCADA vulnerabilities
Tenable has already implemented many SCADA protocol decodes in the Passive Vulnerability Scanner. The PVS can be placed inside or on the perimeter of a network running SCADA protocols and passively determine both SCADA specific applications and generic vulnerabilities. Tenable has a webinar about this subject this Friday at 3:00 PM EST. Tenable has also produced a white paper on protecting and monitoring SCADA networks with both active and passive vulnerability auditing.