Tools to Support Test and Development and Production Environments, Auditing

Product List by Product and Date Posted
Product Date Posted

DHS ICS-CERT Cyber Security Evaluation Tool (CSET)

Software
test_dev_1

CSET is a free tool that can be used by any organization and has the DoD RMF process built-in to create the network architecture diagram, has a plug-in to import GrassMarlin network discovery and inventory files, and creates a Security Plan. 

May 2018

SamuraiSTFU

Software and Guidance

SamuraiSTFU is a COTS product (free) can be used by any organization and is a penetration testing tool. Any organization can use the tool to perform the full range of traditional IT penetration tests, but Samurai is specifically design for OT penetration testing capabilities in support of the EPRI Smart Grid and Smart Meter Penetration Testing Guides. The tool runs on VMWare. 

May 2018

Kali Linux

Software

Kali is a COTS product (free) can be used by any organization and is a penetration testing tool. Any organization can use the tool to perform the full range of traditional IT penetration tests, and it also now has several OT penetration testing capabilities. The tool runs on VMWare. 

May 2018

Belarc Advisor

Software

The tool is a data gathering and analysis tool for IT systems. The tool can be used in the Test and Development Environment to establish the preliminary Functional-Mission Capability Baseline and should be included on the Jump-Kit Rescue CD (if required).

May 2018

MalwareBytes

Software

MalwareBytes is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

OSForensics

Software

OSForensics is COTS product (free and purchase versions) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

FireEye Redline

Software

FireEye Redline is COTS product (free) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Microsoft SysInternals Suite

Software and Guidance

The suite of tools can be used by any organization to evaluate OS and system performance and search for malware and isolate process and threads. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Host-Based Scanning System (HBSS) /Assured Compliance Assessment Solution (ACAS) Tools

Software

HBSS and ACAS are components of the DISA Endpoint Security Solutions (ESS) suite which is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DOD networks. The FRCS designer, construction and systems integrators will not typically have access to HBSS ACAS; CIO and DISA typically deploy the tools to the new systems being added to the DoD network.

May 2018

Avast

Software

Avast is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

QualSys SSL Client and Browser Tool

Software

This free online service performs a deep analysis of the configuration of any SSL/TLS web server on the public Internet, and client browsers. This tool should be used to conduct security audits. 

May 2018

Security Onion

Software

Security Onion is a free Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

May 2018

VirusTotal

Software

VT is a free tool that can be used by any organization to analyze suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Wireshark

Software

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark Packet Captures (pcaps) are used to analyze network (wired and wireless) traffic.  BACnet and Modbus pcap files can be used in the TDE for training and practice to detect and contain malware. 

May 2018

WhiteScope

Software

WhiteScope is a free service that compares file contents and file hashes with "known good" files from ICS/SCADA installation media. This service is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Yara

Software

Yara is a free tool that can be used by any organization which allows for quick, effective, and automatic YARA signature creation from a number of malicious filetypesi (Executables, Office, PDF, Java, HTML, and more). DHS ICS-CERT issues Alerts and Advisories of malware with a Yara signature. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures.

May 2018

Nomoreransomware

Web Site

The website provides general guidance about ransomware  www.nomoreransom.org and a list of decrypted ransomware and intructions on how to recover systems  https://www.nomoreransom.org/en/decryption-tools.html.

Jun 2018

Glasswire

Software

Glasswire is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful network, firewall, application, alerting and logging tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

Jun 2018
Share