[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Network scan tool/appliance horror stories

* Jones, Barry (BEJones at semprautilities.com) wrote:
> I can share with you several stories personnel (both IT or vendors), who have scanned Electric Utility environments with or without permission; and hence caused multiple failures - including electro-mechanical systems and related applications. Utilities typically utilize many industrial controllers - some of which many IT personnel have no knowledge, and some are not robust enough to weather the storm.
> 1. Know your environment.
> 2. Know your tools.
> 3. Communicate.

Second that. First agree on what rate they are allowed to scan your network, then let them come back with what they find before they point other tools at the found nodes. Then inform the owners of said nodes of what is going to happen.

In a previous life I found an publicly available SQL server on a network belonging to a medical institution that I was pen testing. I pointed Nessus at it and it just died...