* Jones, Barry ([email protected]) wrote: > I can share with you several stories personnel (both IT or vendors), who have > scanned Electric Utility environments with or without permission; and hence > caused multiple failures - including electro-mechanical systems and related > applications. Utilities typically utilize many industrial controllers - some > of which many IT personnel have no knowledge, and some are not robust enough > to weather the storm. > > 1. Know your environment. > 2. Know your tools. > 3. Communicate. >
Second that. First agree on what rate they are allowed to scan your network, then let them come back with what they find before they point other tools at the found nodes. Then inform the owners of said nodes of what is going to happen. In a previous life I found an publicly available SQL server on a network belonging to a medical institution that I was pen testing. I pointed Nessus at it and it just died... BR /Joakim
