[SCADASEC] IBM is offering 'SCADA security best practices'...
Erik Hjelmvik
erik.hjelmvik at gmail.com
Wed Feb 13 09:24:44 CST 2008
I hade a very similar discussion to this one in the comments of a blog
post at Digital Bond, where we discussed whether or not Nmap
signatures for SCADA/Control System devices should be submitted to
Fyodor (the Nmap daddy).
For more details please see:
http://www.digitalbond.com/index.php/2008/02/04/introducing-bandolier-vulnerability-scanner-audit-files/
/erik hjelmvik
2008/2/9, Scada at reijers.org <Scada at reijers.org>:
> > It's like moving your SSH server on an Internet *NIX box to port 502
> > (or something other than 22) you might not be "more secure" (whatever
> > than even means) but you will definitely get less probes, connection
> > requests, brute force login attempts, and this would help you against
> > an SSH worm that on the IANA registered port. It buys you something
> > against some attackers. And I think the same is true for proprietary
> > protocols or non-Ethernet communication. Security is not an all or
> > nothing proposition.
>
> That's fine for automated attacks / scans, but doesn't help you a bit for
> somebody who targets you. And even automated tools can be scanning every
> port to see if the required service is available on any port.
>
> Doing port changes to your services is one thing to do, but do not think you
> are then secure. IMHO, this is still security through obscurity.
>
> Roeland
>
>
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
More information about the scadasec
mailing list