December 13th, 2006, 09:02 PM
SCADA plugins for Nessus 3
Tenable released 32 Nessus plugins specific to SCADA this week. It used to be that using the name Nessus (or any vulnerability scanning/systems mapping solution) in the same sentence as SCADA was sacrilegious. Civil Engineers quake and cower at the possibility of TCP packet mangling anywhere near their SCADA systems.
(I have a funny story from a colleague who, during a PCI assessment of a large fruit producer in SoCal, accidentally scanned one of the irrigation control systems and caused havoc for a couple of hours, until they figured out the root cause.)
These plugins are as always provided on the same basis as any other plugin from Tenable. They may prove to be useful if you find yourself in need of assessing the state of a network with SCADA technologies. However, I will suggest that you do not use these plugins if you don't know what you are doing (or Nessus for that matter), and further suggest you not try to scan anything that even remotely resembles a SCADA environment without all the usual explicit approvals, consents, permissions, and get-out-of-jail-free cards. (This is known as my Caveat h4x0r.)
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore