Asset identification is an important task for ICS asset owners. It’s the first step towards securing those assets. You can’t secure what you cant measure. There are many commercial tools that can do this task for you. However, I want to share with you free tools that can help you with this task. There are many guides on this I know, but the goal of this post is to share with you the wisdom of using scanning tools in an OT environment.
There are two categories of scanning tools based on potential impact, safety or risk:
- Safe , quiet and friendly [ arping , arp-scan ,tcpdump … etc]
- Risky and noisy [ nmap , hping3 , mergecap … etc]
Always consider these tips when performing scans:
- Perform scanning in a testing environment , and avoid live production assets. The goal is to find out if it causes any problems.
- Make an action plan, just in case something goes wrong like a disruption of a process.
I hope I saved you time and money to do your asset identification , and most of all the ICS precautions that most IT professionals or the new comers are not aware of. The list of tools here are only examples, because they are popular. Feel free to suggest other free tools that you find useful by sending me a tweet. Stay safe.