This time around, we thought we’d offer up a couple of infosec tricks and treats for your browsing pleasure. Around MSI, we LOVE Halloween! We dress up like hackers, bees and hippies. Of course, we do that most other days too… 🙂
Here are a couple of tricks for you for this Halloween:
Columbia University gives you some good tricks on how to do common security tasks here.
University of Colorado gives you some password tricks here.
and The Moneypit even provides some tricks on cheap home security here.
And now for the TREATS!!!!!
Here are some of our favorite free tools from around the web:
Wireshark – the best network sniffer around
Find your web application vulnerabilities with the FREE OWASP ZED Attack Proxy
Crack some Windows passwords to make sure people aren’t being silly on Halloween with Ophcrack
Actually fix some web issues for free with mod_security
Grab our DREAD calculator and figure out how bad it really is.. 🙂
Put those tricks and treats in your bag and smile. They won’t cause cavities and they aren’t even heavy enough to keep you from running from the neighborhood bully looking to steal your goodies!
Thanks for reading and have a fun, safe and happy Halloween!
This time the question comes from an online forum where we were approached about the MSI Expert’s Opinions on an interesting topic. Without further ado, here it is:
Question: In your opinion, what is the single most important question that security teams should be discussing with SCADA asset owners?
Adam Hostetler (@adamhos) replies:
Do your SCADA managers and IT have a culture of security? It’s still found that many SCADA industries still have a weak culture. This needs to be changed through ongoing education and training (like the DHS training). This will help engineers and IT develop and deploy stronger network architectures and technologies to combat increasing SCADA risks in the future.
John Davis also weighed in:
I would say the most important question to discuss with SCADA asset owners is this: do you have short term, mid term and long term plans in place for integrating cyber-security and high technology equipment into your industrial control systems? Industrial concerns and utilities have been computerizing and networking their SCADA systems for years now. This has allowed them to save money, time and manpower and has increased their situational awareness and control flexibility. However, industrial control systems are usually not very robust and also very ‘dumb’. They often don’t have the bandwidth or processing power built into them for mechanisms like anti-virus software, IPS and event logging to work, and these systems are usually made to last for decades. This makes most industrial control systems extremely vulnerable to cyber-attack. And with these systems, availability is key. They need to work correctly and without interruption or the consequences vary from loss of revenue to personal injury or death. So, it behooves those in charge of these systems to ensure that they are adequately protected from cyber-attack now and in the future. They are going to have to start by employing alternate security measures, such as monitoring, to secure systems in the short term. Concerns should then work closely with their SCADA equipment manufacturers, IT specialists, sister concerns and information security professionals to develop mid term and long term plans for smoothly and securely transitioning their industrial control systems into the cyber-world. Failure to do this planning will mean a chaotic future for manufacturers and utilities and higher costs and inconveniences for us all.
What do you think? Let us know on Twitter (@microsolved) or drop us a line in the comments below.