-
Wednesday, May 18, 2011
Achilles Level 2 Certification and ISASecure
Achilles Level 2 Certification and ISASecure
In a previous post, we described Level 2 Certification, explained how it differs from Level 1 Certification and presented reasons to get Achilles Level 2 Certified. Among those reasons was “Vendors can satisfy additional emerging standards and requirements such as ISASecure because Level 2 Certification meets the ISASecure Communication Robustness Testing requirements.” In this week’s post, we will explain more about ISASecure and Level 2. What is ISASecure ISASecure is a set of certification specifications based on the ISA99 Standards Roadmap. It was developed by the ISA Security Compliance Institute (ISCI) ...
Read full story
-
Wednesday, April 06, 2011
Achilles Satellite Developer's Corner: EtherNet/IP
The Satellite development team has recently been focusing their efforts on writing tests for EtherNet/IP and using the tests to successfully uncover vulnerabilities in various control devices. Ethernet / Industrial Protocol (EtherNet/IP) is an industrial application layer protocol operating over Ethernet that allows industrial devices to exchange time-critical application information. EtherNet/IP encapsulates Control and Information Protocol (CIP) packets and transports them over TCP or UDP. It allows application information to be sent from a single sending device to multiple receiving devices. The Achilles tests examine the EtherNet/IP implementation as defined in ODVA's The CIP Networks Library Volume 2: EtherNet/IP ...
Read full story
-
Friday, March 25, 2011
Achilles Satellite Developer's Corner: Achilles Fuzzers and Grammars
In a follow up to last week's post about user-defined tests, this week's blog describes Achilles fuzzers and grammars. The Satellite's multi-pronged test approach consists of several test categories. Profiling: Achilles scans simulate port-scanning tools that are often included in standard IT security procedures on IT and public networks. Scans are one of the first tools an attacker uses to gather information about a system in order to exploit it. As more control systems become connected to networks or (indirectly) to the Internet, it is important that devices can withstand such scans. The information gathered by Achilles scans, ...
Read full story
-
Monday, March 21, 2011
Wurldtech is Hiring!
To ensure that we can continue to maintain our leadership position,
realize our strong growth expectations and capitalize on the current
expansion of the industrial cyber security market, Wurldtech is looking for two senior sales executives to drive sales activities for key strategic accounts and develop new business from a list of target prospects in North America and Europe. The Senior Sales Executive will be responsible for selling the entire suite of Wurldtech's solutions to current and potential customers and will have various responsibilities such as: All sales-related activities for key strategic accounts and target prospects to grow net revenue, new bookings....
Read full story
-
Thursday, March 17, 2011
Achilles Satellite Developer's Corner: Achilles User-Defined Tests
If you have been reading our Developer's Corner blogs, you will know that the Achilles tests examine the implementation of common industrial protocols and available proprietary protocols on a control device to determine how the device handles high-rate and malformed traffic. In this way, the tests are used to verify the communications robustness of the device. The Satellite development team communicates with the automation industry and regulatory bodies to ensure that our tests are current, relevant and thorough. The team continuously develops new tests to expand the depth of coverage and range of protocols that are examined. However, there may ...
Read full story
-
Tuesday, March 08, 2011
Achilles Satellite Developer's Corner: Achilles Satellite Reports
There is a natural workflow when using the Achilles Satellite; you set
up the device that you want to test, configure the network settings, and
choose the monitors to use and the tests to run. Once the tests have
executed, you can examine the test results to find out what happened
when unusual traffic was sent to the device. The final, optional step
in the workflow is the generation of a PDF report detailing all this
information. The report is a useful 'takeaway' that can be distributed
amongst management or other testers, or filed for testing and auditing
records. The development team has been working on improving the
reporting ...
Read full story
-
Monday, February 14, 2011
Achilles Satellite Developer's Corner: Linux System Monitor
The Satellite has several types of monitors that observe the behavior of a device in real time during testing. This week we will look at the Linux System Monitor, which is used to observe system performance. By watching this monitor, you can examine resource usage and task count to determine the extent to which device performance is affected under normal and abnormal operating conditions. Of course it is expected that performance will be affected during testing, but you might discover that it is affected more extremely than you had anticipated. The Linux System Monitor is required for Achilles Level 1 ...
Read full story
-
Monday, February 07, 2011
Achilles Satellite Developer's Corner: Achilles Communications Certification Level 1 vs. Level 2
In late 2010, the Wurldtech Services team expanded its Achilles Communications Certification (ACC) Program and now offers an Achilles Level 2 Certification. This week, we will take a look at the differences between the existing Level 1 Certification and this new Level 2 Certification, and some advantages of Level 2. A Quick Overview of Achilles Level 1 Lets begin with a look at Level 1 Certification. During Level 1 testing, Achilles tests and monitors are used to conduct a detailed examination of the Ethernet, ARP, IP, ICMP, TCP and UDP implementations on the tested device. In order to attain Level ...
Read full story
-
Monday, January 31, 2011
Achilles Satellite Developer's Corner: Achilles Fault Isolation
The latest version of the Achilles Satellite (3.3) was released in December 2010. If you aren't familiar with the Satellite, check out the Satellite Overview page here for a description of this cyber security test tool for automated systems. This week's blog describes fault isolation, just one of the many capabilities of the Satellite. Before we begin, there are two terms that need explaining: anomaly and subtest. In Achilles-speak, an anomaly is any unusual device behavior that is detected by the Achilles monitors during execution of a test case. The important point to note is that the Satellite does not ...
Read full story
-
Monday, October 04, 2010
Emerson’s Smart Wireless Gateway Is Achilles Certified
Following on the heels of last week’s announcement regarding the successful certification of the MicroNet Plus from Woodward, the Wurldtech certification team announced this week the 24th industrial control system to be awarded the Achilles CertifiedTM designation for system robustness – The Smart Wireless Gateway from Fisher Rosemount. This is the second system from Emerson Process Management to reach the internationally recognized benchmark for communications robustness and is the first system categorized under the ISA SP99 framework as a "network component" to be Achilles Certified™. "From the start, security has been a top priority for Emerson Smart Wireless solutions. ...
Read full story