Tuesday, April 24, 2012

Certifications for IDS, IPS, FW, Web/Email Gateway Appliances and Endpoint Devices

This post might be helpful for Administrators, persons who are actively involved in making decisions to buy Perimeter/Endpoint security devices, CSO's etc.


This article explains about different security certifications for devices like VPN, Firewalls, Intrusion Detection and Prevention Systems (IDS/IPS), Email/Web Gateways etc.

BITS
BITS initially stood for "Banking Industry Technology Secretariat" which is not acronym anymore. BITS addresses emerging threats releted to cybersecurity, fraud reduction and infrastructure protection related to financial services.

Common Criteria (CC)
Common Criteria for Information Technology Security Evaluation is a framework for Computer Security Certification. Evaluations are performed in the US, UK, Australia,Canada, France and Germany.

CESG CCTM
From CSEG website "CESG protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia.The CESG Claims Tested Mark (CCTM) scheme provides a government quality mark for the public and private sectors based on accredited independent testing, designed to prove the functionality claims made by Vendors. Testing is carried out by commercial Test Houses".

EAL
Evaluation Assurance Level is a rating given to complete development of a product. Common Criteria lists seven levels with EAL1 being most basic and cheap and EAL 7 most stringent and expensive.

FIPS
Federal Information Processing Standards are US government computer security standards for Cryptographic modules.

ICSA Labs
ICSA Labs is part of Verizon, ICSA has been providing independent third party product testing say FW, IPS etc.

IPv6 Certification
Certifies that a product includes IPv6 mandatory core protocols and interoperability with other IPv6 products.
http://www.ipv6forum.com/ipv6_education/
http://en.wikipedia.org/wiki/DoD_IPv6_Product_Certification


ISO/IEC 27001
International Organization for Standardization/International Electrotechnical Commission 27000 family of standards is an Information Security Management Systems standards.

ITSEC
Information Security Technology Evaluation Criteria is used to evaluate Products and Systems for Security weaknesses.  ITSEC is followed in Australia, France, Germany and the UK.
http://www.ssi.gouv.fr/

NSS
Leading independent security products testing organization evaluating performance, security effectiveness and usability of Endpoint and Network Security (firewall, AV, browser, UTM, IDS/IPS, WAF, SWG, VPN, encryption, SIEM, VA/VM, virtualization) appliances.

Section 508
Section 508 of the US Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.


TIC
Technology Integration Center is US Army's formal certification program.

TCSEC or Orange Book
Trusted Computer System Evaluation Criteria is a US governments DoD standards for computer security controls. Performed in US only.
http://www.fas.org/irp/nsa/rainbow/std001.htm
http://csrc.nist.gov/

VPNC
Virtual Private Network Consortium is the international trade association for manufacturers in the VPN market. VPNC does not create standards, it strongly supports the current and future IETF standards.
VPNC interoperability testing: VPNC issues logos for interoperability to VPNC member products which have successfully completed the testing. This testing is available to our IPsec and SSL members.

Anti Virus Certifications
AV's are certified by AV Comparatives, AV Test, Virus Bulletin, West Coast Labs, ICSA Labs, NSS Labs etc. Also AV's are tested against Wildlist.
http://www.av-comparatives.org/index.php
http://www.av-test.org/en/home/
http://www.virusbtn.com/index
http://www.wildlist.org/
http://www.opswat.com/

Tools
Below tools may be used for testing different Perimeter Appliances or Endpoint product.
nmap                      http://nmap.org/
Exploit DB              http://www.exploit-db.com/
tcpreplay                 http://tcpreplay.synfin.net/
tomahawk               http://tomahawk.sourceforge.net/TUTORIAL.html
Metasploit               http://www.metasploit.com/
CoreImpact             http://www.coresecurity.com/
Canvas                    http://immunityinc.com/
Breaking Point         http://www.breakingpointsystems.com/
MuDynamics           http://www.mudynamics.com/

Tuesday, April 3, 2012

Supervisory Control And Data Acquisition (SCADA ) Terminology and Protocols

Useful Terminology, Acronyms and Links related to SCADA.

AC         Alternate Current
CAN      Control Area Networks
CIP        Critical Infrastructure/Information Protection
               Common Industrial Protocol
CRC      Cyclic Redundancy Check
DC         Direct Current
DCS       Distributed Control system
DNP       Distributed Network Protocol
GOMSFE Generic Object Models for Substation and Feeder Equipment
GOOSE    Generic Object Oriented Substation Event
HCI        Human-Computer Interface
HMI       Human-Machine Interface
HVAC    High Voltage Alternate Current
ICCP      Inter-Control Center Communications Protocol
ICPS       International Communications Protocol Standard
ICS         Indistrial Control System
IEC         International Electrochemical Commission
LAN       Local Area Network
MTU      Master Terminal Unit
NERC   North American Electric Reliability Corporation
OLE      Object Linking and Embedding
OPC      OLE for Process Control
PLC       Programmable Logic Controllers
PAC       Programmable Automation Controllers
RTU       Remote Terminal/Telemetry Units
SONET  Synchronous Optical Networking
SDH       Synchronous Digital Hierarchy
SCADA  Supervisory Control And Data Acquisition
T& D      Transmission and Distribution
UCA       Universal Communications Adapter/ Utility Communications Architecture

SCADA Protocols
RTU's communicate with central SCADA station, other RTU's and networked devices.
CIP
CC-Link
DNP3
Ethernet/IP
ICCP
MODBUS(X)
Profibus/net
Fieldbus
BACnet
IEEE 60870 (IEC 60870-5-101 is an ICPS)
ASCII
S3/S5/S7
Other vendors like Allen Bradley, GE Fanuc, Siemens Sinaut, Mitsubishi, Omron, Toshiba, Westinghouse etc have proprietary SCADA Protocols

Useful Web Sites
http://en.wikipedia.org/wiki/SCADA
http://www.wurldtech.com/
http://www.plcs.net/contents.shtml
http://www.modbus.org/
http://www.cpni.gov.uk/advice/infosec/business-systems/scada/
http://www.dnp3.org/
http://www.iccp.org/
http://www.digitalbound.com/

Please leave a comment if I missed out an important acronym, protocol, link/site etc.