LoRa vs NB-IoT, What is the difference between the two LPWAN technologies?
The proliferation of interactive data requires the support of corresponding network technologies, and the network technologies applied at this stage are not yet able to meet the needs of long-distance and narrow-bandwidth communication scenarios, in such a context, the Internet of Things was born. The low-power network, as an important technology for IoT, is developing at the fastest pace.
LTE-M vs NB-IoT technology, who is the mainstream LPWAN technology?
NB-IoT is also known as LTE Cat-NB, and other terms such as LTE Cat- NB1 and Cat N1 also apply to the NB-IoT specification released in 2016. Today, there are also Cat N2 or Cat NB2 devices using the later enhanced NB-IoT specifications, which are now moving towards commercialization. So, what are the results of LTE-M vs NB-IoT?
Below are the 10 comparison results of LTE-M vs NB-IoT.
ALPHA Intelligence is the exclusive agent of CORPRO anti-UAV system, which can do detecting and jamming of drones/UAV. frequency can be customized. welcome to contact Sophie for more technical details.
After the read, you will learn about what is NB-IoT, What are the features of NarrowBand-IoT, what are the NB-IoT applications.
What is NB-IoT?
NB-IoT (NarrowBand Internet of Things) is an emerging technology IoT based on the narrowband cellular things, support low-power device is connected to the cellular WAN data, is also known as a low-power wide-area network ( LPWA).
NB-IoT consumes only about 180KHz band can be deployed directly to the GSM network, UMTS network, or an LTE network supporting short standby time, the network connection device requires a high connection efficiency.
What is narrowband internet of things technology? Why is the narrowband internet of things technology emerging?
What is narrowband internet of things technology?
NB-IoT refers to NarrowBand Internet of Things (Narrowband-IoT) technology. Different IoT services have different requirements for data transmission capability and real-time performance.
Depending on the transmission rate, IoT services can be differentiated into high, medium, and low speed:
This article is about the comparison of 5 kinds of wireless communication technologies, namely Zigbee, Bluetooth, UWB, Wi-Fi, NFC technology.
ZigBee technology in wireless communication technologies
Bluetooth technology in wireless communication technologies
UWB technology in wireless communication technologies
Wi-Fi technology in wireless communication technologies
NFC technology in wireless communication technologies
The relationship of the 5 wireless communication technologies
LoRa vs NB-IoT, What is the difference between the two LPWAN technologies?
The proliferation of interactive data requires the support of corresponding network technologies, and the network technologies applied at this stage are not yet able to meet the needs of long-distance and narrow-bandwidth communication scenarios, in such a context, the Internet of Things was born. The low-power network, as an important technology for IoT, is developing at the fastest pace.
LTE-M vs NB-IoT technology, who is the mainstream LPWAN technology?
NB-IoT is also known as LTE Cat-NB, and other terms such as LTE Cat- NB1 and Cat N1 also apply to the NB-IoT specification released in 2016. Today, there are also Cat N2 or Cat NB2 devices using the later enhanced NB-IoT specifications, which are now moving towards commercialization. So, what are the results of LTE-M vs NB-IoT?
Below are the 10 comparison results of LTE-M vs NB-IoT.
ALPHA Intelligence is the exclusive agent of CORPRO anti-UAV system, which can do detecting and jamming of drones/UAV. frequency can be customized. welcome to contact Sophie for more technical details.
After the read, you will learn about what is NB-IoT, What are the features of NarrowBand-IoT, what are the NB-IoT applications.
What is NB-IoT?
NB-IoT (NarrowBand Internet of Things) is an emerging technology IoT based on the narrowband cellular things, support low-power device is connected to the cellular WAN data, is also known as a low-power wide-area network ( LPWA).
NB-IoT consumes only about 180KHz band can be deployed directly to the GSM network, UMTS network, or an LTE network supporting short standby time, the network connection device requires a high connection efficiency.
What is narrowband internet of things technology? Why is the narrowband internet of things technology emerging?
What is narrowband internet of things technology?
NB-IoT refers to NarrowBand Internet of Things (Narrowband-IoT) technology. Different IoT services have different requirements for data transmission capability and real-time performance.
Depending on the transmission rate, IoT services can be differentiated into high, medium, and low speed:
This article is about the comparison of 5 kinds of wireless communication technologies, namely Zigbee, Bluetooth, UWB, Wi-Fi, NFC technology.
ZigBee technology in wireless communication technologies
Bluetooth technology in wireless communication technologies
UWB technology in wireless communication technologies
Wi-Fi technology in wireless communication technologies
NFC technology in wireless communication technologies
The relationship of the 5 wireless communication technologies
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDijngnjournal
In the near future, current mobile communication networks will converge towards an All-IP network in order to provide richer applications, stronger customer satisfaction, andfurther return on investment for the industry. However, such a convergence induces a strong level of complexity when handling interoperability between different operators and different handset vendors. In this context, the 3GPP consortium is working on the standardization of the convergence, and IMS is emerging as the internationally agreed upon standard that is multi-operator and multi-vendor. In this paper, we shed further light on the subtleties of IMS, and we delineate a blueprint for the implementation of a real-world
IMS testbed. An open source Presence Server is deployed as well. The operation of the IMS testbed and the Presence Server are checked to assess their conformance with 3GPP standards. A simple third party application is developed on top the IMS testbed to further assess its operation.
Evolution driven by business demands or technology constraints?
Following our presentation on IoT Summit in Warsaw, we would like to welcome you to more detailed discussion on IoT challenges. We will be pleased to share more on the role of Telecom operators, how to they can help the vertical markets in IoT technologies introduction by IoT Services Enablement / Provisioning.
Gives an insight into the transition of mobile technology and the manner in which the technology has evolved. Highlights the transition from 2G to 3G to 4G to 5G. Looks into the points of difference between the generations. Evolution of mobile handsets and advancement in speed.
This paper clarifies the standards defined around LTE network security by standard development organizations including 3GPP, ITU, ETSI, and industry group NGMN. It also examines the different security borders of the mobile network, and delves deeper into the requirements of the Mobile Access Border - the border between the RAN and the core (S1).
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...journalBEEI
There are many platforms in licensed and license free spectrum that support LPWA (low power wide area) technology in the current markets. However, lack of standardization of the different platforms can be a challenge for an interoperable IoT environment. Therefore understanding the features of each technology platform is essential to be able to differentiate how the technology can be matched to a specific IoT application profile. This paper provides an analysis of LPWA underlying technology in licensed and unlicensed spectrum by means of literature review and comparative assessment of Sigfox, LoRa, NB-IoT and LTE-M. We review their technical aspect and discussed the pros and cons in terms of their technical and other deployment features. General IoT application requirements is also presented and linked to the deployment factors to give an insight of how different applications profiles is associated to the right technology platform, thus provide a simple guideline on how to match a specific application profile with the best fit connectivity features.
LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.
Today, we talk about something about NB-IoT which you may not know.
What is NB-IoT?
NB-IoT refers to Narrow Band - Internet of Things (IoT) technology, which focuses on the Low Power Wide Area (LPWA) Internet of Things (IoT) market and is an emerging technology that can be widely used around the world.
NB-IoT uses the License band and can be deployed in three ways: in-band, protected-band, or an independent carrier, coexisting with existing networks.
NB-IoT is an emerging IoT technology that has attracted much attention because of its low power consumption, stable connection, low cost, and excellent architecture optimization, etc. Huawei, as the domestic leader in developing NB-IoT technology, has also attracted considerable attention from the technology community.
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly.
In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDijngnjournal
In the near future, current mobile communication networks will converge towards an All-IP network in order to provide richer applications, stronger customer satisfaction, andfurther return on investment for the industry. However, such a convergence induces a strong level of complexity when handling interoperability between different operators and different handset vendors. In this context, the 3GPP consortium is working on the standardization of the convergence, and IMS is emerging as the internationally agreed upon standard that is multi-operator and multi-vendor. In this paper, we shed further light on the subtleties of IMS, and we delineate a blueprint for the implementation of a real-world
IMS testbed. An open source Presence Server is deployed as well. The operation of the IMS testbed and the Presence Server are checked to assess their conformance with 3GPP standards. A simple third party application is developed on top the IMS testbed to further assess its operation.
Evolution driven by business demands or technology constraints?
Following our presentation on IoT Summit in Warsaw, we would like to welcome you to more detailed discussion on IoT challenges. We will be pleased to share more on the role of Telecom operators, how to they can help the vertical markets in IoT technologies introduction by IoT Services Enablement / Provisioning.
Gives an insight into the transition of mobile technology and the manner in which the technology has evolved. Highlights the transition from 2G to 3G to 4G to 5G. Looks into the points of difference between the generations. Evolution of mobile handsets and advancement in speed.
This paper clarifies the standards defined around LTE network security by standard development organizations including 3GPP, ITU, ETSI, and industry group NGMN. It also examines the different security borders of the mobile network, and delves deeper into the requirements of the Mobile Access Border - the border between the RAN and the core (S1).
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...journalBEEI
There are many platforms in licensed and license free spectrum that support LPWA (low power wide area) technology in the current markets. However, lack of standardization of the different platforms can be a challenge for an interoperable IoT environment. Therefore understanding the features of each technology platform is essential to be able to differentiate how the technology can be matched to a specific IoT application profile. This paper provides an analysis of LPWA underlying technology in licensed and unlicensed spectrum by means of literature review and comparative assessment of Sigfox, LoRa, NB-IoT and LTE-M. We review their technical aspect and discussed the pros and cons in terms of their technical and other deployment features. General IoT application requirements is also presented and linked to the deployment factors to give an insight of how different applications profiles is associated to the right technology platform, thus provide a simple guideline on how to match a specific application profile with the best fit connectivity features.
LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.
Today, we talk about something about NB-IoT which you may not know.
What is NB-IoT?
NB-IoT refers to Narrow Band - Internet of Things (IoT) technology, which focuses on the Low Power Wide Area (LPWA) Internet of Things (IoT) market and is an emerging technology that can be widely used around the world.
NB-IoT uses the License band and can be deployed in three ways: in-band, protected-band, or an independent carrier, coexisting with existing networks.
NB-IoT is an emerging IoT technology that has attracted much attention because of its low power consumption, stable connection, low cost, and excellent architecture optimization, etc. Huawei, as the domestic leader in developing NB-IoT technology, has also attracted considerable attention from the technology community.
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly.
In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.
Inductive Automation’s Co-Director of Sales Engineering Kevin McClusky (presenter) and Chief Strategy Officer Don Pearson (moderator) discusses a prevention-focused approach that encompasses physical security as well as cybersecurity. As you’ll learn, an effective SCADA security plan doesn’t just safeguard the platform itself but also each network, device, and database connection.
Learn more about:
- Phishing and other common attack vectors
- Guarding against internal threats
- Locking down your operating system
- Leveraging encryption effectively
- Using Java safely
- Applying security guidelines in the Ignition industrial application platform
- And much more
Inductive Automation’s Co-Director of Sales Engineering Kevin McClusky (presenter) and Chief Strategy Officer Don Pearson (moderator) discusses a prevention-focused approach that encompasses physical security as well as cybersecurity. As you’ll learn, an effective SCADA security plan doesn’t just safeguard the platform itself but also each network, device, and database connection.
Learn more about:
- Phishing and other common attack vectors
- Guarding against internal threats
- Locking down your operating system
- Leveraging encryption effectively
- Using Java safely
- Applying security guidelines in the Ignition industrial application platform
- And much more
Automotive Cyber-Security Insights learned from IT and ICS/SCADAGilad Bandel
The thesis presented here is that we can look back at three (not so) very different computing and network environments, study and analyze their histories and deduct what is expected to come in an unrelated field. Specifically, we shall review the analogies between the IT (Information Technologies) networks, OT (Operational Technologies) – ICS (Industrial Control System)/SCADA (Supervisory Control and Data Acquisition) and the automotive cyber–security protection solutions trying to anticipate the future of the automotive cyber–security market based on similarities from the IT and ICS/SCADA behavior.
The claim is that history will repeat itself and we can safely investigate the distant past of the IT world, the more recent ICS/SCADA field, review the status of the automotive cyber-security and anticipate the future of things to come in this field. Furthermore, the trends predicted here will be probably valid for additional emerging fields such as other transportation fields (railways, maritime and aviation), IoT (Internet of Things) IIoT (Industrial Internet of Things), smart cities, building management systems, etc.
The lecture will try to assist automotive cyber security decision makers to direct their efforts in the most effective and efficient fashion, evade mistakes that can be avoided. Audience will be provided with the technological and perspective from several points of view, comparing the IT, ICS/SCADA and automotive industries, trying to guide the automotive cyber-security direction for best course of action based on past history, current situation and future prediction.
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
Cloak your critical industrial control systems before they get hackedTempered
Learn how cloaking allows you to safely connect your ICS networks and SCADA systems with end to end encryption. Easy to deploy, manage and maintain--without IT security skills.
Marcellus Buchheit (Wibu-Systems) and Terrence Barr (Electric Imp) talk about how to secure IIoT endpoints, why they are so vital to secure, and how the Industrial Internet Security Framework (IISF) can help. This talk was given during a webinar as part of the #IICSeries, a continuous series of webinars on the industrial internet hosted by the Industrial Internet Consortium.
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies.
In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities.
In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers.
In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.
This white paper examines how the Payment Card Industry Data Security Standard (PCI DSS) relates to IBM i servers and highlights when the PowerTech products can provide a solution to specific PCI requirements.
Similar to Apresentação Técnica - Infecções por Malware no Brasil (20)
Em 2020 o mundo experimentou uma situação inédita para a maioria dos seres humanos: uma pandemia global, provocada por um vírus desconhecido, que gerou mudanças significativas na vida de todos. No universo das empresas, foi observado um movimento de intensa digitalização de processos e adequação ao distanciamento social. Muitas delas, inclusive as indústrias, adotaram o trabalho remoto para seus colaboradores. Conforme as empresas adaptaram as suas operações, os criminosos também estabeleceram mudanças. São facilmente encontradas notícias relativas a golpes por email, WhatsApp e telefone. E com “chave de ouro”, 2021 foi aberto com o mega (ou seriaTera?) vazamento de dados de brasileiros, o que fornece mais combustível para esses golpes. O ICS-SOC (Centro de Operações de Segurança Cibernética Industrial, localizado no Rio de Janeiro) da TI Safe protege seus clientes contra ataques cibernéticos que possam afetar suas operações, fundamentais para a população e a cadeia de suprimentos do Brasil.Os dados de (milhões de) ataques de 2020, relativos a projetos desenvolvidos pela empresa, foram analisados para entender o aumento dos ataques em relação a 2019. Por uma questão de privacidade dos dados dos clientes, as informações serão apresentadas em percentuais.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Apresentação Técnica - Infecções por Malware no Brasil
1. Recent malware infections on control
system networks in Brazil
Marcelo Branquinho
ACS Conference – Washington DC
September of 2011
TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
2. Don´t need to copy... just download it
http://www.tisafe.com/recursos/palestras/
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
3. TI Safe at Twitter
• Follow us at Twitter - @tisafe
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
4. About Myself
Marcelo Branquinho
Marcelo.branquinho@tisafe.com
• Electrical Engineer who specializes in computer systems, and who has an MBA in
business management, is one of the founders of the ISACA chapter in Rio de Janeiro.
• A member of ISA International, and currently the director of TI Safe, where he serves as
the head of security for industrial automation systems.
• With extensive experience gained over 12 years in the field of critical infrastructures and
government agencies in Brazil, Marcelo is coordinating the development of the Security
Automation Training , the first Brazilian in this segment.
• Actually is a collaborator of the WG5 TG2 Gap Analysis Task Group that is revising the
ANSI/ISA-99 standard.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
5. Agenda
• Malware Infections on control system networks in Brazil
Study Case 1: Automation Plants of Steel Industry “A”
• Network Architecture
• Automation Systems Composition
• Policies
• Installed defenses
• About the AHACK worm
• Malware Infection
• Implemented Countermeasures
Study Case 2: Power Plant of Steel Industry “B”
• Network Architecture
• Automation Systems Composition
• Policies
• Installed defenses
• Malware Infection
• About the Conficker worm
• Implemented Countermeasures
• Conclusion and Challenges
* Due to confidentiality agreements, the Steel Industries names and all possible
references to their plants were removed from the presentation slides
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
6. Study Case 1
Automation Plants of Steel
Industry “A”
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
7. About Steel Industry “A”
• Steel Industry “A” is one of the largest producer of steel in the Americas, with
major steel mills in Brazil and a total capacity of about 10 million metric tons
of steel per year.
• The company accounts for about ¼ of total steel output in Brazil.
• The company also operates in the logistics sector through a stake in local
brazilian logistic companies.
• Started operations in 1964.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
8. Network Architecture
• 5 Automation Networks (one for each automation area)
• No documentation:
There isn´t a complete inventory for automation networks, these networks simply grew-up acoording to the
business needs without a consistent planning
There aren´t network diagrams for each area
• IT network connected to the Internet. There are firewalls protecting this connection
• No network segmentation
No Firewalls or VLANs separating automation and IT networks
Any automation network can access another automation network
All main services are at IT servers
Any computer at the corporate network have read/write access to any PLC at the automation networks
• No Windows Domain
SCADA Servers (windows based) doesn´t have login (run automatically after reboot)
• Remote acess (Internet based) is spreadly used by collaborators and third party to
access SCADA
A single Username/Password for ALL remote users
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
9. Automation Systems Composition
• Main applications:
Siemens STEP7, DCOM and OPC Client
Siemens Wincc FlexOPC Server
SCADA FactoryLink
ElipseFactory Link and DCOM
Oracle 10g and Message Queue
DEC Basestar, Cimfast and Rally
• Main SCADA Servers
DEC VAX and Alpha (many servers), all running Open VMS
Windows servers running Windows 2003 and 2008 (just a few)
Some Windows servers still running very old operating systems like WINDOWS 95
and WINDOWS NT
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
10. Policies
• There´s an IT Security Policy based on ISO27001/27002 that is implemented at the IT
Network
IT and Automation Network teams don´t talk to each other
• Automation and control systems aren´t compliant with international standars like ANSI /
ISA TR-99
• No specific Automation Security Policy
There are some few written procedures where the users assume all responsability in case of security incidents.
They just sign a single term and are allowed to do whatever they want at the automation networks (attach
laptops, USB Sticks, Modems, etc).
• There are some manual backups to tapes, but nobody never tested if they will correctly
restore data when necessary
• Passwords
When exist, are weak and largely divulgated – The main idea is that systems can´t stop due to strong or
unknown passords
Password are never changed on automation systems and sometimes are hard coded (for database
connections, for example)
Very frequently, passwords are equal to the application name (for example, if the Database is ORACLE, the
password is ORACLE)
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
11. Installed Defenses
• At most of the SCADA servers, system updates are deactivated
• No Service Packs or Patches have been installed for years
In fact they have been completely ignored (nobody changes systems that are in production due to the fear of
stopping them)
• There´s a Symantec Endpoint Protection suite installed in the IT network and some
automation network computers, what causes a false sense of security
• There aren´t Firewalls separating automation and IT networks
• There aren´t IPS in the whole network (including IT network)
• There aren´t Security Logs and Security Monitoring
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
12. About the AHACK worm
• AHACK Worm is a worm that can secretly get into systems and steal sensitive
information
• If a computer was infected by Ahack Worm, the following problems may happen:
Computer instant shutdown
Bundled Trojan
System32 error
.dll errors, .exe errors and runtime errors
Computer slow performance
Degraded system running speed
Driver updated failure
Program uninstall failure
Blue Screen of Death errors
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
13. Malware Infection
• Date it was discovered at the plant: June/2008
• Malware: AHACK Worm
• Where: Power and Blast Furnace Plant
• Consequences:
The worm spreaded over all the power plant automation network
It has flooded the network with unwanted packages and made instable the
communication between PLCs and supervision stations, compromising the plant
supervision
In some machines, the worm paralised some important services of the Windows
Operation System
This lack of supervision has occasioned some stops and restarts at the SCADA
systems, generating loss of production and financial injuries
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
14. Implemented Countermeasures
• Some less critical computers and SCADA Servers were disinfected with the
worm removal kit
• For about 3 critical SCADA servers that couldn´t have been stopped, the
automation team wrote an internal document explaining:
What to do when the worm activates (and how to identify the activity of the worm)?
Which applications and services should be restarted?
Who they should call in case the procedure fails (perhaps god ☺)?
• All computers and Pen Drives now have to be scanned on a clean machine
before they are inserted at the automation network.
• G3 Modems were banned from the automation network
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
15. Implemented Countermeasures (cont.)
• A distributed Microsoft Active Directory domain was created to attend the 5 automation
networks. This domain is composed of users and groups totally different from the
corporate domain.
• The domain was created in 5 different domain controllers (one for each automation
area) and configured on a redundant schema where each change on user or policy is
automatically replicated for all domain controllers.
• To login, a user may use any of the 5 domain servers to log, in a transparent way, or
even log offline if outside the automation network.
• A Security policy was configured for this domain with some important GPOs like:
Turn off Autoplay
Account Lockout after 3 attempts (Locks for 1 minute before new attempt)
Prohibit new task creation
Prohibit user installs
Remove Task Manager
Prohibit access to the Control Panel
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
16. Study Case 2
Power Plant of Steel Industry “B”
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
17. About Steel Industry “B”
• Steel Industry “B” products are
high-quality steel slabs, which are
processed in European and US
plants.
• The Power Plant has installed
capacity of 550 MW to produce
energy from converter gas, blast
furnace and coke plant steam.
• Started operations in 2009.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
18. Network Architecture – Power Plant
• Approximately 180 computers compose the plant (workstations +
servers). All running Windows OS.
• Documentation
There is a complete inventory of the power plant network, documented in an excel
worksheet
There are some network diagrams for the plant
• About the power plant automation network
Existing Firewalls: Cisco 800 and Hirschmann Egle
No Wireless Networks communicating to this plant
DHCP and DNS servers are inside the IT Plant
Connection with unsecure third party networks
OPC data exchange with other automation plants inside the complex
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
19. Network Architecture – Power Plant (cont.)
• No Windows Domain
SCADA Servers (all windows based) doesn´t have login (run automatically after
reboot)
• Remote Access through the Internet for control and monitoring
Authentication through username and password.
There´s just a single username and password for all remote users.
• Governance and Monitoring
Plant has geographically distant locations without very difficult access to the RTUs
Firewall and network logs are not analyzed
There´s an updated McAffee Antivirus running inside the automation plant, but it
didn´t stop the infection or avoided it to spread
Windows Servers doesn´t have updated patches and service packs
SCADA applications not patched (manufacturers charge and take a long time to
execute this service)
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
20. Automation Systems Composition
• Main Systems:
ALSPA P320 PLC
ABB EGATROL
ABB MicroSCADA
ABB 800xA System, version 5.0 Rev D.
TDMS
Siemens PCS7 WinCC
Siemens STEP7 S7-400
Intouch
• Main SCADA Servers
The plant has only 2 years of operation and all systems are based on Windows
Servers running Windows 2003 R2 SP2
• All Workstations running Windows XP SP2
• Main OPC Servers
OPC – Energy Management System – KepServer 5
OPC Matrikom - OPC Explorer version 3.5.0.0 / OPC Explorer version 3.2.1.150
OPC – PI OSI
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
21. Policies
• There´s an IT Security Policy based on ISO27001/27002 that is not fully
implemented at the IT Network
IT and Automation Network talk to each other.
Teams are very small for the size of the plant and security tasks have very low priority.
• Automation and control systems aren´t compliant with international standars
like ANSI / ISA TR-99
• No specific Automation Security Policy
Free use of laptops, removable USB medias and G3 Modems inside the automation networks
and even directly connected to SCADA servers
Automation team never had automation security trainings
• No Backup Policy.
There are some manual backups to external Hard Disks managed through an Excel Worksheet.
• Passwords
When exist, are weak and largely divulgated – The main idea is that systems can´t stop due to
strong or unknown passords
Password are never changed on automation systems and sometimes are hard coded (for
database connections, for example). Very frequently, passwords are equal to the application
name
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
22. Malware Infection
• Date it was discovered: 02/06/2011
• Malware: Conficker
• Where: Power Plant
• What happened:
In 02/06/2011 the ALSPA System stopped. After check was identified virus (Conficker) in all machines (ALSPA
System).
• The worm spreaded over the whole power plant automation network (and probably in other automation
networks, but the investigation was limited to the power plant due to lack of budget)
• It has flooded the network with unwanted packages and made instable the communication between PLCs
and supervision stations, freezing most of the supervision systems.
– WYSINWYG (What you see in NOT what you get ☺ )
The automation team cleaned the infected machines, but the worm infected the machines again.
The Alston team installed the Windows Service Pack II in all machines (only in ALSPA System), cleaned them
and the system returned to work well, disconnected from PI.
The worm infected the PI machine and the “SGE” network, but was removed without problems.
All Systems returned to work well while the external networks are disconnected. When these networks are
reconnected, the malware “wakes up” and increases the network traffic, freezing the supervision station
screens. Due to this, the automation team decided to keep these external networks disconnected.
• Since the infection began the company is paying monthly fines to government because some important
reports (such as environmental control, for example) are not being sent.
• Internal reports for production planning are being prejudicated
• Chaos is stablished always when it happens – operator loose control of the plant
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
23. How Conficker spreads?
Due to self-propagation mechanisms, the worm uses the
following vectors and probably are infected when in contact
with infected hosts:
USB removable media like hard
drives, USB flash drives, DVDs,
CDROMs, etc.
Network hosts with out of date
pathes or without antivirus
Other network hosts correctly
patched and with AV, but with weak
or default passwords
Other networks that
communicate with the power plant
(via OPC, for instance)
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
24. Conficker Variants
Var Detect
ian ion Infection vectors Update propagation Self-defense End action
t date
HTTP pull:
-Downloads from
NetBIOS: Exploits MS08-067
A 11/08
vulnerability in Server service
trafficconverter.biz None
Updates self to Conficker B, C or D
- Downloads daily from any of 250
pseudorandom domains over 5 TLDs
- NetBIOS: Exploits MS08-067
vulnerability in Server service. - HTTP pull: Downloads daily from any
- Dictionary attack of 250 pseudorandom domains over 8
-Blocks certain DNS lookups
B 12/08
on ADMIN$shares[32]
TLDs
Updates self to Conficker C or D
- NetBIOS push: Patches MS08-067 to
- Removable media: Creates - Disables AutoUpdate
open reinfection backdoor in Server
DLL-based AutoRun trojan on service
attached removable drives
NetBIOS: - HTTP pull: Downloads daily from any
- Exploits MS08-067 of 250 pseudorandom domains over 8
vulnerability in Server service TLDs
-NetBIOS push: - Blocks certain DNS lookups
C 02/09 - Dictionary attack
-Patches MS08-067 to open reinfection Updates self to Conficker D
on ADMIN$shares
backdoor in Server service - Disables AutoUpdate
•Removable media: Creates - Creates named pipe to receive URL
DLL-based AutoRun trojan on from remote host, then downloads from
attached removable drives URL
-Blocks certain DNS lookups: Does an in-memory patch
- HTTP pull: Downloads daily from any of DNSAPI.DLL to block lookups of anti-malware
500 of 50000 pseudorandom domains related web sites
D 04/09 None over 110 TLDs - Disables Safe Mode - Downloads and installs Conficker
- P2P push/pull: Uses custom protocol - Disables AutoUpdate E
to scan for infected peers via UDP, - Kills anti-malware: Scans for and terminates processes
then transfer via TCP with names of anti-malware, patch or diagnostic utilities
at one-second intervals
- Updates local copy of Conficker C
- HTTP pull: Downloads daily from any to Conficker D
- Blocks certain DNS lookups
500 of 50000 pseudorandom domains - Downloads and installs malware
- Disables AutoUpdate
E 07/09 NetBIOS: Exploits MS08-067 over 110 TLDs
- Kills anti-malware: Scans for and terminates processes
payload: Waledac spambot,
vulnerability in Server service - P2P push/pull: Uses custom protocol SpyProtect 2009 scareware
with names of anti-malware, patch or diagnostic utilities
to scan for infected peers via UDP, - Removes self on 3 May 2009 (but
www.tisafe.com then transfer via TCP
at one-second intervals
leaves remaining copy of Conficker
D)
TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
25. Antivirus diagnostic is not precise..
• Antivirus doesn´t tell which variant of Conficker is infecting the plant
• Antivirus doesn´t guarantee that this is really a Conficker infection (may be
stuxnet)
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
26. Conficker or Stuxnet?
Similar attack vectors
It is speculated that the latest variants of Conficker have been the
first variants of Stuxnet
Exploit the same vulnerability (even if coded differently)
Some similar symptoms
Both advanced cyberweapons
Conficker is sometimes regarded as proof-of-test Stuxnet
You need a diagnosis oriented Stuxnet to differentiate one from the
other malware
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
27. Persistence
o
Conficker “kills” anti-virus or anti-malwares that hasn´t detected it so
they won´t receive new signatures and will never detect it.
The worm tries to spread to other machines at the network and keep
an internal protocol that advises other peers when it is being
exterminated, so these peers will reinfect the host – This causes the
increase of network traffic
Turn patched machines vulnerable by corruping the server service of
the machine.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
28. Countermeasures (under deployment)
c) Board Security
b) Cleaning
Desinfection Cycle
a) Malware d) Systems and
Isolation and Connectivity restore
Diagnose
Start: Automation
Security Training (20hs)
e) Governance
and Monitoring
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
29. Malware Isolation and Diagnose
• Identification of all points of infection and contamination
vectors using nmap and other tools
• Checked that the attacker is the Conficker worm.
• Identified which variant of Conficker that is attacking the
plant.
• Identified the “Mark 0” of the infection.
• Disconnected all external networks that communicate with
the power plant.
• Removed all computers that were not part of the power
plant automation network (including third parties
and consultants).
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
30. Cleaning
• Tested the effectiveness of current Antivirus
• For SCADA Servers:
• Triggered the manufacturer to install the MS08-067
patch.
• Turned autorun off.
• Disconnected service that listens on port 445 (will
loose file sharing)
• For other hosts:
• Disinfected using steps above and applied the
same solutions used to clean SCADA servers without the
need of wait for manufacturers.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
31. Network Security - Implemented Solutions
• IBM-ISS NIPS GX4004 (for board security of automation network)
2 GX4004 configured on critical communication paths to the corporate
network, working together with Firewalls that already existed at the
infrastructure and that were hardened
SiteProtector console configured at the CMI
• TOFINO (for internal security of the automation network and also OPC
Enforcing)
9 Tofino Argon Security Appliances configured with SAM, Firewall and
OPC Enforcer LSMs
Tofino Argon Central Management Platform configured at the CMI
• IBM TSM (Automated Backup)
Agents installed at the main servers of the power plant
Incremental Backup to Server Tape
Management Console installed at CMI
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
32. Systems and Connectivity restore
• Hardened all SCADA and OPC Servers of the power plant
• Performed a complete and clean backup of the plant.
• Turned IBM-ISS NIPS mode to block and log Conficker attacks.
• Reconnected one by one all external networks.
• Checked if the Conficker attack (or any other attack) was
coming from the external networks that were reconnected.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
33. Governance and Monitoring
• Develop and implemented an specific security policy according to
ANSI/ISA-99 best pratices, that includes:
• Access control policy for critical network devices such as PLCs
and RTUs
• VPN external access with strong passwords and independent
users
• Internal training and Endomarketing
• Created an automation domain based on Microsoft Active Directory
• Added machines and users to this domain and
implemented transparent logon on stations, when applicable
• Configured GPOs for USB and Logical port control
• Built an internal monitoring station (CMI)
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
34. The CMI – “Central de Monitoramento Interna”
• Central server for security monitoring
• Installed inside the automation network and managed by
the automation team
• Integration point between the customer security team and
TI Safe remote support team (24 X 7)
• Through the CMI are monitored and managed:
IBM-ISS NIPS
Tofino Appliances
IBM TSM Automated Backup
Existing Firewalls
UPSs
Environment variables of main servers (Processor, Memory, Disk, etc)
Network traffic
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
36. Conclusion and Challenges
On both study cases, we are not talking about Stuxnet. I don´t have knowledge of any
comproved case of a Stuxnet infection in a Brazilian automation plant (what doesn´t mean
that it could not exist in Brazil because industries may take too long to detect they are
infected and commonly hide those facts).
Common worms that have very low impact on home computers or IT networks can
completely paralise automation networks causing financial loss and exposing human lifes
to risk.
The ANSI/ISA-99 Zones and Conduit model has never been deployed on an automation
plant in Brazil.
Is very hard for a company to implement this model after the plant is on production. Who would
change the network architecture of a plant in production?
In this case the ANSI/ISA-99 is unuseful because it doesn´t mention a subset of best pratices for
the ones who cannot apply the defense-in-depth model to their networks. With the confusion,
automation managers get lost.
ANSI/ISA-99 is not clear on the indication of security solutions.
How can a user know which security solution should be used in each specific situation.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
37. Conclusion and Challenges (cont.)
Anti-Virus on automation networks generate a false sense of security
They are not ready for Cyberweapons
They dont protect computers with old operating systems
In some cases they don´t determine the worm variant and confuse users
In other worst cases, they indicate the contamination of a wrong malware
They are not able to detect some SCADA Malware developed on 2 stages (Tests using
Metasploit on TI Safe Labs – check video at http://www.youtube.com/watch?v=DmHxFiCivi8 )
Correctly diagnose an infection is hard and must be done by experts
It´s fundamental to know who are we fighting against
It´s very important to discover the mark zero of the infection
SCADA application patching is a problem because the manufacturers take too long to
patch
Operating Systems updates are frequently disabled on SCADA servers, whate leads to
na insecure environment.
There isn´t a ceritified methodology to help industries to recover infected automation
networks. Security managers use what they think is the best countermeasure and
frequently believe that they cleaned the plant, but the malware reappears.
There are other automation plants contaminated in Brazil.
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.
38. Thank You!
Marcelo Branquinho
marcelo.branquinho@tisafe.com
+55 21 2173-1159 / +55 21 9400-2290
www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2010.Todos os direitos reservados.