Skip to content

Latest commit

 

History

History
37 lines (26 loc) · 3.74 KB

README.md

File metadata and controls

37 lines (26 loc) · 3.74 KB

ICS Configurations

Developed as a community asset

Common Files or Extensions

Note, if you find ICS-relevant file extensions that are not listed in the above list, please submit a pull to contribute those to the TSV's in this project.

Default Password Lists

IDS Signatures / Scripts

  • Quickdraw Snort - mirror: v4.3.1 - The Quickdraw IDS signature download includes the Modbus TCP, DNP3, EtherNet/IP, and ICS Vulnerability signatures. Each category is in its own rules file, and Digital Bond recommends only adding the signatures appropriate for your control system. See the pcap quickdraw section for test pcaps.
  • Quickdraw Suricata Signatures for EtherNet/IP - A set of EtherNet/IP IDS rules for use with Suricata.
  • RAPSN SETS - RAPSN SETS (Recognizing Anomalies in Protocols of Safety Networks: Schneider Electric‘s TriStation) is a set of rules for the Intrusion Detection System (IDS) Snort. They have been developed for Schneider Electric‘s proprietary TriStation protocol and are published under Mozilla Public License Version 2.0.
  • Cisco Talos Snort IDS Rules - These are a handful of community rules that correspond to the SCADA Strangelove default credentials. More community rules are available here
  • ARMORE - ARMORE was developed to be an open-source software solution that will aid asset owners by increasing visibility, securing communications, and inspecting ICS communications for behavior that is not intended. Built around Bro and Linux.
  • EDMAND - EDMAND Anomaly detection framework. Built around Bro.
  • AIUS - AIUS Repository (EDMAND/CAPTAR combination). Built around Bro.
  • ML NIDS For ICS - Machine learning techniques for Intrusion Detection in SCADA Systems.

Recommended Best Practices

  • Security Technical Implementation Guides (STIG) - The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.

(creative commons license)