Tag Archives: security



It is very hard to protect your control systems if you don’t know what to protect. Even though you may have idea about what you have, the visibility problem goes beyond asset management issues. You need to have visibility not only in OS, firmware, software but also in network communications in the environment. On top of that you cannot use regular IT tools i.e. nmap to scan your control systems safely. You need to use passive methodologies that are safe for the control environments.


GRASSMARLIN is an open-source software tool that provides a method for discovering and cataloging Supervisory Control & Data Acquisition (SCADA) and Industrial Control System (ICS) hosts on IP-based networks. GRASSMARLIN uses a variety of sources to generate this data, including PCAP files, router and switch configuration files, CAM tables, and live network packet captures. The tool can automatically determine the available networks and generate the network topology as well as visualize the communication between hosts.

GRASSMARLIN is not an analysis tool. GRASSMARLIN exists to facilitate further analysis by a system administrator, auditor, or other individual. The focus is not on drawing conclusions from data, but on organizing large sums of data to allow people to quickly make informed decisions.

Supported Platforms

Microsoft Windows (64-bit 7, 8, and 10)
Fedora (23)
Ubuntu (14.04, 15.10, and Security Onion)
Kali 2.0
CentOS (6, 7)
Debian (8)

How To Set Up

I used Kali to install the tool. You can download debian .deb package and install it by following command:

$dpkg -i FileName.deb

After you install it you can open it


After grassmarlin starts we will see its beautiful interface:)

The Logical Graph shows Nodes for distinct IP addresses with Edges representing packets sent between them. This graph is built from packet metadata, normally provided through Pcap or Bro2Conn files.

GrassMarlin has a poweful fingerprinting function:

Let’s import some ICS pcaps. We can use File->Import File feature. You can find some examples of ICS packets at



We can group the nodes by network, country, MAC, Manufacturer, MODBUS Role etc…


We can click View->Logical Nodes Report and get the asset inventory  as a CSV file:


Grassmarlin provides a way for us to get visibility into ICS environments. We can know asset types, communication protocols, end points’ relationships etc… Next step should be analyzing this traffic in snort, or Kibana to find out any malicious activity in the network.


How to make iPad Secure?

The iPad has been a very popular new device sold by Apple. But the iPad isn’t really enterprise ready, in terms of manageability and security. IT organizations are buckling under pressure to support the iPad, even though the iPad wouldn’t have passed last year’s enterprise security requirements. If you use this device you may be concerned about the iPad security. Here is some information you might be interested in.

Although Apple has an enviable reputation for producing secure computers, there has been many concerns expressed with the security and safety in devices like the iPad. This device uses a standard called iOS 4.

A recent report indicated that a Russian software was developed which can enable people to gain access to password protected iOS data backups.

Even more disturbing is the fact the iOS keeps virtually a complete log of everything a user types of the keyboard. This includes credit card information, account numbers, etc.

In addition these types of mobile devices require frequent updates which increase the risk of security breaches even more so.

It was reported by a French research firm called VUPEN Security that there are two major flaws which leaves iOS vulnerable. One is a memory corruption error which occurs when is processes a pdf file. And the other is an iOS kernel error.

This means that an app could get low level access to the operating system. Apple has tried to prevent this through the use of private API’s. However this has had questionable benefit.

How to Secure IPad?

AT&T has confirmed that the e-mail addresses of over 100,000 iPad 3G owners using its 3G network have been exposed. According to the carrier, it first learned of the issue on June 7 and resolved it on June 8.

Admittedly, AT&T’s security breach isn’t all that groundbreaking. If only e-mail addresses were stolen, it’s not the end of the world, since that wouldn’t be enough to use to steal more private information.

But that doesn’t mean it’s the end of the story. The iPad is just like any other computer, complete with the potential to access sensitive information. Realizing that, it’s incumbent upon iPad owners to engage in practices and use software that will make it easier for them to keep their private data secure.

Unfortunately, no product is safe from the crosshairs of malicious hackers. Try as consumers might to use products that will keep them secure, all it takes is one mistake or a network flaw beyond their control to wreak havoc on their personal lives. Let’s take a look at some things that iPad owners can do to keep their data private and secure.

1. Keep syncing

It might sound rather simplistic, but users should keep syncing their iPads with their computers as often as possible. The reason why is twofold. For one, the desktop computer acts as a removable storage device for the data on the tablet. Secondly, Windows machines or Mac OS X computers have better security controls than the iPad. If data is extremely important and consumers want to keep it away from prying eyes, having it in a more secure environment is always preferable.

2. Use security apps

The iPad runs iPhone OS. In other words, all the security tools that are available in Apple’s App Store that are designed for the iPhone will also work with Apple’s tablet. In some cases, the security tools aren’t all that useful, so exercising some vigilance before downloading certain applications is a good idea. But there are other apps that monitor network connections, keep passwords safe and much more. Although it’s easy to only browse iPad apps, some iPhone security apps will come in quite handy.

3. Work on trusted WiFi networks

Any iPad owner should be positive that the WiFi network he or she is on is trusted and safe. In far too many cases, WiFi connections on unprotected networks just aren’t as safe as they should be. And although it’s more difficult for folks to access information on an iPad than on, say, a Windows PC, sending sensitive information over that network can be dangerous, to say the least. Once again, the iPad is little more than a newly designed computer. Owners must always keep that in mind.

4. Stay off 3G wherever possible

Although AT&T’s 3G network has enjoyed relative security thus far, iPad owners should keep their tablets off the network as much as possible. When connecting over 3G, users are at the mercy of the network. They don’t necessarily know that it’s secure at all times, and they need to rely on the quality of AT&T’s service. But when surfing the Web on a WPA (Wi-Fi Protected Access)-protected router in their homes or organization, they have more control over security settings and what can be done to keep data secure. Little changes like that can go a long way in keeping iPad data safe and secure.

5. Remember Windows rules apply

iPads may not be running Windows, but some of the lessons learned in the PC ecosystem still apply in the iPad world. For instance, surfing to unknown, untrusted sites is never a good idea. Users should also refrain from opening attachments sent by people they don’t know. Unfortunately, these simple rules just aren’t followed by many iPad owners because they believe they’re safe. As AT&T’s network snafu has shown, there is no one who is absolutely safe from danger. Maintaining vigilance when using the iPad is the most important component of keeping it secure.

6. Physical security matters too

Physical security doesn’t always get the kind of play that network security does, but it’s arguably more important. If users really want to keep their sensitive information private, they need to be more careful with the iPad. They shouldn’t leave it on the table at a Starbucks when they pick up their drink at the counter. They also shouldn’t leave it lying around in plain view in the office for anyone to pick up. Those who want to steal sensitive information would rather have the device in hand than connect to it from other parts of the world.

7. Trust is a dangerous thing

Trust can wreak havoc on a person’s life when it comes to computer security. There’s little debating that there are few, if any, Websites that should be absolutely trusted. Not even e-mails from friends can be trusted, especially if they include unexpected attachments. In too many cases, Web users believe that simply because they have been to a site each and every day for the past three years, they will remain safe on that site. That’s a faulty belief. With some simple phishing scams or spoofing, all kinds of trouble can erupt. Don’t trust anything—even when using the iPad.

8. Passwords mean everything

Passwords are extremely important. With strong passwords, users can have a little more peace of mind if an iPad is stolen and is in the hands of a malicious hacker. Too often, folks use the same passwords for all their different online identities. The password someone uses to log in to Gmail is the same password he uses for online banking. The password he inputs to tweet with friends is the same as the code he uses when he needs to pay down his credit card balance. That’s not a good thing. As soon as attackers have one password, they will try it everywhere else. At the same time, the difficulty of breaking a password must always be kept in mind. iPad owners can’t use “1234″ for a password. They should be using alphanumeric passwords that have capital letters and symbols. It might sound like a pain to type in such passwords every time, but owners will be happy they did so if the iPad is stolen.

9. Lock it down

The iPad comes with password protection. And anyone who wants to keep data safe should lock it down with a strong password. In the iPad’s settings menu, owners can opt to turn on the device’s passcode lock. Once this has been done, every time the screen is turned on, users will be required to input a password to access the iPad’s home page. Again, it’s a pain for those who don’t want to have to input a passcode each time. But when it comes to security and the safety of private data, it’s arguably one of the best things a user can do.