On Wed, Mar 17, 2004 at 03:53:45PM -0500, Ido Dubrawsky wrote: > On Wed, Mar 17, 2004 at 04:30:36PM -0500, [EMAIL PROTECTED] wrote: > > Hello, > > > > I am interested in writing security checks for SCADA specific applications and > > protocols. Since there are a number of applications nad protocols for power, hvac > > and water systems, I wanted to see if anyone on the list would be interested in > > collaborating on this. If so, please let me know. > > > > -dave > > > Dave, > > What specifically are you checking for? I'd be interested in this. > My initial thoughts on this are checks to see if a SCADA environment is somehow reachable from a corporate network. Considering that a Nessus scan takes places in the corporate environment, if a SCADA specific plugin fires, the recommendation would be something to the effect of: "SCADA applications are present. Ensure proper ACLs restrict access into your SCADA environment...etc." This, I feel would be a good starting point.
-dave _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
