This presentation by Westermo’s Cyber Security Product Manager Niklas Mörth and Network Applications Expert Dr. Jon-Olov Vatn is an integral part of the Westermo cybersecurity webinar on Network segmentation and segregation: https://www.westermo.com/news-and-events/webinars/cybersecurity-fundamentals-network-segmentation
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
ith the widespread adoption of 4G cellular technology as well as the growing availability of 5G products and services for remote industrial applications around the world, it is no longer a matter of if but rather a matter of when 2G and 3G services are being turned off.
But don't panic, we are here to help. In this short webinar, technical engineers Wesley Nel and Ant Lane walk you through what the phase out of 2G and 3G cellular communications mean, and most importantly, how you can prepare for it.
Ensure that only reliable networks are set up in your systems by listening to our short Webinar teaching you all about the basics of industrial ethernet communications and computer networking. Starting from the ground up, this presentation covers the basics of how network connections work, and how one computer talks to another.
This presentation by Westermo’s Technical Lead Engineer Dakota Diehl is an integral part of the Westermo webinar held on May 28th 2020, covering best practices for computer networking solutions for energy systems. During this presentation, protocols and certifications for the energy market are discussed as well as data communication solutions for different energy segments - from generation to supply.
Tune in the webinar session here: https://www.westermo.com/news-and-events/webinars/computer-networking-solutions-for-energy-systems
Ensure continued reliable operation of industrial systems that are using legacy serial (RS-232 and RS-485) modem connections and how to migrate to a future proof IP based solution.
This presentation by Westermo’s Technical Director Ray Lock is an integral part of the Westermo webinar covering Serial to IP migration: https://www.westermo.com/news-and-events/webinars/serial-modem-to-ip-broadband-migration
Get to know the new generation of robust and reliable industrial Ethernet switches and software solutions by Westermo, including Lynx 5512, Redfox 5528 and WeOS (Westermo Operating System).
This presentation is an integral part of the Westermo webinar introducing the next generation switch platform: https://www.westermo.com/news-and-events/webinars/the-next-generation-industrial-switch-platform
ith the widespread adoption of 4G cellular technology as well as the growing availability of 5G products and services for remote industrial applications around the world, it is no longer a matter of if but rather a matter of when 2G and 3G services are being turned off.
But don't panic, we are here to help. In this short webinar, technical engineers Wesley Nel and Ant Lane walk you through what the phase out of 2G and 3G cellular communications mean, and most importantly, how you can prepare for it.
Ensure that only reliable networks are set up in your systems by listening to our short Webinar teaching you all about the basics of industrial ethernet communications and computer networking. Starting from the ground up, this presentation covers the basics of how network connections work, and how one computer talks to another.
This presentation by Westermo’s Technical Lead Engineer Dakota Diehl is an integral part of the Westermo webinar held on May 28th 2020, covering best practices for computer networking solutions for energy systems. During this presentation, protocols and certifications for the energy market are discussed as well as data communication solutions for different energy segments - from generation to supply.
Tune in the webinar session here: https://www.westermo.com/news-and-events/webinars/computer-networking-solutions-for-energy-systems
Ensure continued reliable operation of industrial systems that are using legacy serial (RS-232 and RS-485) modem connections and how to migrate to a future proof IP based solution.
This presentation by Westermo’s Technical Director Ray Lock is an integral part of the Westermo webinar covering Serial to IP migration: https://www.westermo.com/news-and-events/webinars/serial-modem-to-ip-broadband-migration
Get to know the new generation of robust and reliable industrial Ethernet switches and software solutions by Westermo, including Lynx 5512, Redfox 5528 and WeOS (Westermo Operating System).
This presentation is an integral part of the Westermo webinar introducing the next generation switch platform: https://www.westermo.com/news-and-events/webinars/the-next-generation-industrial-switch-platform
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on January 30th 2020, covering the basics of industrial networking. https://www.westermo.com/news-and-events/webinars/learn-the-basics-of-industrial-ethernet-communications
The webinar, including this presentation, aimed to teach the basics of industrial ethernet communications and computer networking. Starting from the ground up, it covered the basics of how network connections work, and how one computer talks to another.
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on February 27th 2020, covering 4 easy steps for increased cybersecurity protecting your critical industrial assets. https://www.westermo.com/news-and-events/webinars/4-easy-steps-for-increased-cybersecurity
The webinar, including this presentation, aimed to teach attendees how to improve their security posture and defend against cyber threats at the network edge.
PROFIBUS DP essentials
Typical faults which may occur
Important preparations for fault-finding
Tools and expertise needed to tackle problems
Expected PROFIBUS network quality / performance
Examples of typical analyser screen images
Preventive maintenance
What to do when the fault alarm rings!
Commissioning issues
Use test Master in place of operational PLC
Check cable connections & waveforms
Confirm slave address settings
Get slaves into data exchange : run test data
Connect PLC and confirm overall performance
SELTA develops and markets solutions Telco Operators and Service Providers Access Networks. With its technological innovations, SELTA supports operators in the modernization of network infrastructures which are increasingly service delivery oriented with a growing demand for bandwidth
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on January 30th 2020, covering the basics of industrial networking. https://www.westermo.com/news-and-events/webinars/learn-the-basics-of-industrial-ethernet-communications
The webinar, including this presentation, aimed to teach the basics of industrial ethernet communications and computer networking. Starting from the ground up, it covered the basics of how network connections work, and how one computer talks to another.
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on February 27th 2020, covering 4 easy steps for increased cybersecurity protecting your critical industrial assets. https://www.westermo.com/news-and-events/webinars/4-easy-steps-for-increased-cybersecurity
The webinar, including this presentation, aimed to teach attendees how to improve their security posture and defend against cyber threats at the network edge.
PROFIBUS DP essentials
Typical faults which may occur
Important preparations for fault-finding
Tools and expertise needed to tackle problems
Expected PROFIBUS network quality / performance
Examples of typical analyser screen images
Preventive maintenance
What to do when the fault alarm rings!
Commissioning issues
Use test Master in place of operational PLC
Check cable connections & waveforms
Confirm slave address settings
Get slaves into data exchange : run test data
Connect PLC and confirm overall performance
SELTA develops and markets solutions Telco Operators and Service Providers Access Networks. With its technological innovations, SELTA supports operators in the modernization of network infrastructures which are increasingly service delivery oriented with a growing demand for bandwidth
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
DDoS Mitigation Solution
360° Protection for Your IT Network Resources
Distributed denial of service attacks continues to evolve in scale, complexity, and sophistication: more distributed, high volumetric traffic, and intruding on the application layer.
A successful attack can potentially enhance unwanted costs on your IT setup and infrastructure. More significantly, it can lead to revenue & brand loss and can hurt customer satisfaction.
To combat these attacks from reaching the enterprise network, you need a resilient, scalable, and secure solution.
HaltDos DDoS Mitigation Solution is an artificial intelligence-based IT security solution that automatically detects and accurately mitigates cyber-attacks on websites and IT Networks in real-time. It provides round the clock multi-layered security with combined network behavioral analysis (NBA), heuristic and reputation techniques to automatically detect and accurately mitigate a wide range of network and application layer DDoS attacks without any human intervention with minimal latency.
Wifi Security for SOHOs: Cyberoam UTM CR15winiravmahida
Cyberoam CR15wi is the latest Wifi Appliance featuring Cyberoam's "Identity-based" Architecture for SOHOs. This small appliance can act as a router/firewall/antispam/antimalware/bandwidthmangement/webfilter and much more.
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
Security Plus Training Event for ITProcamp Jacksonville 2016. Helping those new to the IT Security get prepared. Understand how to complete your DOD 8570.m requirements.. Discussion about Exam Objectives
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
Entdecken Sie die Neuheiten von WeOS 5 im Vergleich zum vertrauten WeOS 4! Welche Gemeinsamkeiten und Unterschiede gibt es zwischen den beiden Betriebssystemen? Wir möchten Ihnen einen umfassenden Einblick in die aktuellen Versionen bieten und einen technischen Vergleich durchführen. Erfahren Sie mehr über den Aufbau und die Gründe für die Existenz von zwei WeOS-Betriebssystemen auf den Westermo-Geräten. Zusätzlich werden wir Ihnen einige wichtige Tipps und Tricks präsentieren.
In unserem exklusiven Webinar möchten wir Ihnen praxisnah die Betriebssysteme vorstellen, um Ihnen zu zeigen, wie Sie diese einsetzen können und welche leistungsstarken Funktionen Ihnen dabei zur Verfügung stehen.
Erhöhen Sie die Redundanz Ihres Netzwerkes mit VPN-Tunneln über das Internet oder externe Netze. Geroutete Redundanzen bieten Ihnen dabei die Flexibilität, sowohl einfache, redundante Anbindungen als auch komplexe Szenarien zu realisieren.
Egal, ob Sie eine Mobilfunk-Außenstation redundant an zwei VPN-Server anbinden möchten, ein Stich-Netzwerk über das Internet sicher zur Zentrale zurückführen wollen oder komplexe, vermaschte Netze realisieren möchten - all das ist mit Routing möglich.
In diesem Webinar präsentieren wir praxisnahe Beispiele und zeigen Ihnen, wie Sie diese Optimierungen umsetzen können und welche leistungsstarken Funktionen Ihnen dabei zur Verfügung stehen.
Source Specific Route – Eine neue Funktion von WeOS 4.33.0! Erfahren Sie in diesem Webinar die Möglichkeiten der Anwendung dieser Funktion. Weiters sprechen wir gerne über weitere Anpassungen unseres Routing-Switch Betriebsystems, wie zum Beispiel IPConfig Default Read-Only Mode. Auch das Thema WeConfig soll in der neuesten Version nicht zu kurz kommen. Freuen Sie sich auf ein spannendes Webinar mit unseren Spezialisten.
WeConfig ist ein Netzwerkkonfigurationstool von Westermo, das speziell für industrielle Netzwerke entwickelt wurde. Es ermöglicht Ihnen, Ihre Netzwerke einfacher, schneller und sicherer zu installieren, zu warten und zu optimieren.
In diesem Webinar werden Ihnen unsere Referenten Marcel und Axel einen Überblick über WeConfig geben und Ihnen die wichtigsten Funktionen live demonstrieren.
Sie haben noch Serielle Endgeräte im Einsatz? Aber das Netz ist doch längst auf Ethernet umgestellt. Die alten Leitungen müssen weg, aber die alten Endgeräte sind noch gut? Dann brauchen Sie nur eine einfache Lösung. Übertragen Sie ihre alten Seriellen Daten einfach über Ethernet. Einen kurzen Einblick in das Howto bekommen Sie in diesem Webinar.
Die neue Merlin Mobilfunkrouter-Serie ist nicht nur Mobilfunkrouter. Aufgrund des erweiterten Betriebssystems haben Sie auch Funktionen zur Protokollkonvertierung mit on Board. Wandeln Sie also direkt Modbus in IEC104 und sparen Sie sich zusätzliche Hardware direkt im Feld. Eine Vielzahl von integrierten Protokollen bedeutet eine Vielzahl an Anwendungen!
Um zu sehen, was diese Wandlungen bedeuten und wie diese Eingesetzt werden können, können Sie sich einfach für dieses Webinar anmelden. So lernen Sie direkt, wie Sie das Maximum aus dem Mobilfunkrouter rausholen können.
Das Router Betriebssystem OpenWRT . Wo kommt es her und wie wird es gesteuert? Wir fokussieren uns hier auf die OpenWRT Version der Merlin Reihe. Wo findet man die wichtigsten Konfigurationen auf der Web-GUI und wie kann man sich auf der Konsole zurechtfinden. Wie ist der Ablauf bei einem Firmware Update und wie geht man die Konfigurationen um. Auch ein kurzer Blick, was mit dem Activator möglich ist.
Sie fragen sich wo der Unterschied zwischen Managed und Unmanaged Switch liegt? Der liegt klar im Funktionsumfang. Was hat dies nun mit der Konfiguration zu tun? Ganz einfach, diese Funktionen müssen konfiguriert werden. Aber welche Möglichkeiten habe ich dazu?
Die Konfiguration eines Switches kann auf mehrere Arten erfolgen. Lernen Sie in diesem Webinar die einzelnen Möglichkeiten und ihre Vor- und Nachteile kennen. Ihr nächstes Netzwerk können Sie dann schnell und einfach und mit dem für Sie besten Tool konfigurieren.
PoE – Power over Ethernet bietet bei der Gestaltung eines OT-Netzwerkes einige Vorteile. Damit Sie von diesen Vorteilen profitieren, helfen wir Ihnen mit diesem Webinar bei der Planung und der Auswahl der Komponenten.
Verschlüsselungen sind in der heutigen Zeit nicht mehr weg zu denken. Für welche Anwendungsfälle ist man mit diesen Technik auf der sicheren Seite? Wieso braucht es heute um so mehr die Verwendung von VPN, den sogenannten Tunneln? All das ist wichtig um Daten sicher aufzubewahren und zu übertragen. Wir werden Ihnen gerne den aktuellen Stand der Technik und Beispiele aus der Praxis präsentieren.
Wenn das Netzwerk erweitert werden muss, aber keine private Infrastruktur zur Verfügung steht, ist Mobilfunk oft die einzige Möglichkeit, die Herausforderung zu meistern. Neben den aktuellen Technologien und Produkten erfahren Sie in diesem Webinar auch, wie Sie die Applikationen realisieren können.
Die OT-Netzwerke in der Energiewirtschaft beruhen häufig auf über Jahre hinweg gewachsene Strukturen und nutzen verschiedenste Übertragungsmedien. Nun sorgt 450 MHz LTE als neues Übertragungsmedium für Aufsehen. Mit diesem Webinar behalten Sie den Überblick.
Netzwerk Monitoring ist eine der wesentlichsten Mechanismen für ein stabiles Netzwerk. Erst wenn Probleme in Ihrem Netzwerk frühzeitig dargestellt und erkannt werden können Sie sich zu 100% auf dieses verlassen. Ansonsten würden womöglich Redundanzen bereits ohne Ihr Wissen bereits angesprochen haben und das nächste Problem führt womöglich zu einem Gesamtausfall Ihrer Infrastruktur. Auch Cyber Angriffe können nur durch eine entsprechende Überwachung und Auswertung erst frühzeitig erkannt werden und Sie können direkt darauf reagieren.
Firewall – das hört sich doch sehr komplex an, oder? Nein, mit Hilfe des richtigen Verständnisses sind die nächsten Regeln kein Thema mehr für Sie. Erfahren Sie nur hier in unserem neuem Technologie Webinar was eine Firewall grundsätzlich ist und macht. Wo sind die Unterschiede zwischen IT und OT Firewalls. Weiters schauen wir uns kurz das Thema der viel diskutieren Zonierungen an.
Modbus Deep Packet Inspektion Firewalls sind in aller Munde. Doch was steckt dahinter und die Integration dieser Funktion in WeOS! Des Weiteren haben wir auch noch ein Update für unsere kostenlose WeConfig Software zur Verfügung gestellt. Alles das und noch viel mehr erwartet Sie beim Webinar zum Update WeOS 4.32.0 und WeConfig 1.15.0!
Oft ist der Einsatz einer kabelgebundenen Verbindung zur Datenübertragung nicht möglich. Nebst dem Gebrauch des Mobilfunknetzes bieten sich in Bezug auf Ethernet Kommunikationen dabei ins besonders WLAN an. Wir wollen ihnen zeigen, dass eine WLAN Verbindung nicht nur genauso sicher und zuverlässig wie ein Kabel ist, sondern darüber hinaus noch weitere Vorteile bietet.
Westermo bietet schon seit einiger Zeit entsprechende Lösungen an, der Schwerpunkt liegt dabei auf Bahn Applikationen. Diese Produkte sowie auch unsere Erfahrung und Dienstleistungen sind selbstverständlich auch für alle anderen Applikationen mit ähnlich hohen Anforderungen ideal.
In diesem Webinar erklären wir kurz die Grundlagen und werden ihnen dann anhand einiger Praxisbeispiele und Referenzprojekten die verschiedenen Einsatzmöglichkeiten aufzeigen.
Merlin ist die neue Mobilfunkrouterserie von Westermo. Speziell für Ihre Energie und Eisenbahn-Trackside Anwendungen sticht das Gerät mit vielen neuen Funktionen und Zulassungen heraus. Sie sind neugierig geworden? Dann nehmen Sie doch Zeit und sehen Sie von unserem Webinarteam Lisa Heiler, Axel Kirschner und Erwin Lasinger was die neue Serie alles zu bieten hat!
Die nächste Version von WeOS und WeConfig steht bereits für Sie zur Verfügung. Damit Sie keine Neuigkeiten verpassen haben wir wieder wie gewohnt ein Webinar zum Update zusammengestellt. Erfahren Sie alle News kurz und übersichtlich von unserem Team Lisa Heiler und Erwin Lasinger. Reservieren Sie sich Ihren Platz beim Online Webinar und freuen sich auf ein spannendes Thema.
Wichtige Verbindung von A nach B? Dann haben Sie auch sicherlich schon über Redundanzen in Ihrem OT-Netzwerk nachgedacht. Doch hier gibt in der Planung und Ausführung es viel zu beachten. Sie wollen wissen was? Dann registrieren Sie sich einfach zu unserem Webinar „L2 Redundanzen“.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
National Security Agency - NSA mobile device best practices
How to secure your industrial network using segmentation and segregation
1. Robust Industrial Data Communications – Made Easy
Secure your network -
Segmentation & Segregation
Niklas Mörth & Jon-Olov Vatn
2. 2
Westermo group 2018
Founded in 1975
Industry leading software and
hardware development force
Own production in Sweden with
state of the art process control
Own sales and support units in 12
key countries, distribution partners
in many others
13. 13
Wikipedia definition
“Cybersecurity is the
protection of computer
systems from theft or
damage to their hardware,
software or electronic data,
as well as from disruption
or misdirection of the
services they provide.”
What is Cybersecurity?
25. 25
The Why!
Avoid single point of failure
Policy of least privilege
CONTROL NETWORK
OFFICE NETWORK
26. 26
The Why!
Avoid single point of failure
Policy of least privilege
CONTROL NETWORK
OFFICE NETWORK
27. 27
The Why!
Avoid single point of failure
Policy of least privilege
CONTROL NETWORK
OFFICE NETWORK
28. 28
The Why!
Avoid single point of failure
Policy of least privilege
Slowing down attackers
CONTROL NETWORK
OFFICE NETWORK
29. 29
The Why!
Avoid single point of failure
Policy of least privilege
Slowing down attackers
CONTROL NETWORK
OFFICE NETWORK
SENSITIVE
DATA
30. 30
The Why!
Avoid single point of failure
Policy of least privilege
Slowing down attackers
CONTROL NETWORK
OFFICE NETWORK
SENSITIVE
DATA
31. 31
The Why!
Avoid single point of failure
Policy of least privilege
Slowing down attackers
Reduce damage of succeful
breaches
CONTROL NETWORK
OFFICE NETWORK
SENSITIVE
DATA
32. 32
The Why!
Avoid single point of failure
Policy of least privilege
Slowing down attackers
Reduce damage of succeful
breaches
CONTROL NETWORK
OFFICE NETWORK
34. 34
Start: A plant network in need of organizing
Mix of units with different
purposes and criticality
Single, flat network (switched)
Or multiple networks, each with
mix of units
Little or no control of traffic
patterns within the Intranet
FW/
RouterIntranet
Internet (WAN)
Office PCs
Management
Clients
PLCs & Process
Equipment
Servers
Switched
Network
35. 35
Goal: A network with proper segmentation
Group units based their purpose
Segment network accordingly
(zones)
Connect via router/firewall capable
of segregating traffic flows
May use multiple firewalls
Possibly from different vendors
Can have external FW managed by
IT department (IT FW)
The internal FW can be dedicated to
operations (OT FW)
FW/
RouterIntranet
Internet (WAN)
Office Net
Supervisory Net
Control Net A
Control Net B
FW/
Router
36. 36
Goal: A network with proper segmentation
Group units based their purpose
Segment network accordingly
(zones)
Connect via router/firewall capable
of segregating traffic flows
May use multiple firewalls
Possibly from different vendors
Can have external FW managed by
IT department (IT FW)
The internal FW can be dedicated to
operations (OT FW)
FW/
RouterIntranet
Internet (WAN)
Office Net
Supervisory Net
Control Net A
Control Net B
FW/
Router
37. 37
Segmentation: Local Area Networks
What is a LAN?
LAN – Local Area Network
Sometimes it means ”your local
network”, i.e., your whole Intranet
Here we use LAN when referring to a
broadcast network, typically using IEEE
802.3/Ethernet technology.
Form star topology by using a
switch/hub/bridge to connect Ethernet
equipment.
Switches can be connected together to
extend the LAN (tree topology).
Connecting switches in a ring improves
robustness (requires RSTP, FRNT, ...)
Connecting units to LAN via a switch (Star Topology)
Using multiple switches to extend the LAN (Tree Topology)
38. 38
Segmentation: Virtual Local Area Networks
What is a VLAN?
VLAN - Virtual LAN
Your LAN equipment is split into logical,
isolated LANs (isolated broadcast
domains)
Sharing a single switch
Port based VLAN
Split a single switch
Extend VLAN over multiple switches
VLAN trunk cables
”VLAN tag” added
Holds multiplex info (VLAN ID)
VLAN 10 VLAN 20
VLAN 10 VLAN 20 VLAN 10 VLAN 20
VLAN trunk: VLAN 10 & 20
VLANs to share switch (Port based VLAN)
VLANs spanning multiple switches (Port based VLAN and VLAN tagging)
39. 39
Using VLANs to segment our network
Configure VLANs on the (OT)
Firewall/Router
Creates one zone for each network
Within each zone there are
additional switches (not shown)
FW/Router
VLAN 50Intranet
Internet (WAN)
VLAN 10
Office Net
VLAN 20
Supervisory Net
VLAN 30
Control Net A
VLAN 40:
Control Net B
FW/Router
1
2
3
4
5
40. 40
Assigning IP addresses/subnets
IP addresses: Identifies a unit and its
location
Logically assigned
Network part and Host part
Assign one subnet per VLAN, e.g.,
10.0.10.0/24: Office Net
10.0.20.0/24: Supervisory Net
10.0.30.0/24: Control Net A
10.0.40.0/24: Control Net B
10.0.50.0/24: Upstream Net
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
Example IP address with ”prefix length” 24
(netmask 255.255.255.0):
10.0.40.1
Network ID Host ID
41. 41
Configuring IP address
Example, configuring IP address for
interface ”vlan40” on (OT) Firewall
Address: 10.0.40.1/24
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
42. 42
Segmentation Done
Segmentation using (V)LANs
Units devided into groups based on role
Each group in separate segment (zone)
Within segment, communication
typically switched
Across segments, routed via
Firewall/Router
”Default gateway” setting adds route
towards Internet
Firewall not enabled
All units can still communicate
Security not (yet) enhanced
Next step: Traffic segregation!
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
43. 43
Traffic Segregation using Firewall
Block all traffic by default
”Default forward policy”: Deny
No traffic will be routed between LANs!
Add ”packet filter allow” rules for legal traffic flows
Whitelisting
Need to learn your traffic patterns
Example:
Office network gets access towards Internet
(perhaps only HTTPS and DNS)
No communication between Control Networks
Supervisory Network can access Control
Networks
Limit to specific sources/destinations and protocols
Complements to Firewall packet filters
Stateful Inspection
Deep inspection firewall
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
44. 44
Firewall filter rules in WeOS
Default ”Forward Policy”: Drop
Add ”Filter allow” rules for whitelisting allowed traffic
patterns
Match traffic based on
Network Interface (in/out)
IP address (src/dst)
IP payload protocol (TCP, UDP, ICMP, ...)
TCP or UDP Port number
Stop at first match (action: allow or deny/drop)
Input or Forward chain?
Input chain: Rules without ”Out Interface” and
”Destination address”
Forward chain: Rules with ”Out Interface” and/or
”Destination address”
Stateful firewall
Logging possible
Note: Does not apply to switched traffic
45. 45
Firewall filter configuration example
Add ability for management station in supervision
network to control a unit in control network A via
SNMP.
Here we limit to specific IP addresses of
management station (10.0.20.5) and the controlled
unit (10.0.30.33).
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
46. 46
Segmentation and Segregation Recap
Segmentation using (V)LANs
IP address and subnet assignment and
routing for connectivity
Traffic segregation using firewall rules
Done!
FW/Router
VLAN 50
10.0.50.0/24Intranet
Internet (WAN)
VLAN 10
Office Net
10.0.10.0/24
VLAN 20
Supervisory Net
10.0.20.0/24
VLAN 30
Control Net A
10.0.30.0/24
FW/Router
.2
VLAN 40
Control Net B
10.0.40.0/24
.1 .1
.1.1
.1
47. 47
More complex networks
Intermediate Communication
Network between your zones
Internal to plant
Remote locations
Use of VPNs (Conduits)
Multiple (OT) Firewalls
Redundancy within LANs
Within Zones
Intermediate Communication
Networks
Ring Topologies
Intranet
Internet (WAN)
Office Net
Supervisory Net
Control Net A
Control Net B
FW/
Router
FW/
Router
FW/
Router
FW/
Router
FW/
Router
49. 49
Summary
The threat is real, keep your Security Posture updated!
Why you should segment and segregate your network:
Avoid single point of failure
Policy of least privilege
Slow down the attacker
Reduce the damage of a successful breach
50. 50
Fundamentals of
Network-to-Network protection
Recording available at Westermo.com
Best practices for using VPNs for easy network-to-network
protection
Network segregation
Recording available at Westermo.com in short
Use WeOS switching routers to create security zones in your
network
Perimeter protection and spoofing protection
April 17th 09.00 and 15.00 CET
Protect your industrial network from unsolicited requests
51. 51
Thank you for attending!
An email will be sent to you including
Playback link to Webinar recording
Contact information to your local Westermo dealer
Information on how to register for next webinar
Next webinar: April 17th, 2019
Perimeter protection and spoofing protection
Evolved over time
What do we call the different types of units
Operational? Process network
Management/Supervisory
Host devices
All is a single point of failure
Services?
Evolved over time
What do we call the different types of units
Operational? Process network
Management/Supervisory
Host devices, bring your own device, perhaps create guest networks
All is a single point of failure
Create terminology
Evolved over time
What do we call the different types of units
Operational? Process network
Management/Supervisory
Host devices, bring your own device, perhaps create guest networks
All is a single point of failure
Create terminology
Regarding multiple switches and tagging, in follow-up examples we use routing
Evolved over time
What do we call the different types of units
Operational? Process network
Management/Supervisory
Host devices, bring your own device, perhaps create guest networks
All is a single point of failure
Create terminology
Firewall rules only apply to packets being routed!! Not switched
Would like to add example
Look up what logging actually does
Implicit rules
Selecting forward or input chain
Would like to add example
Look up what logging actually does
Implicit rules
Selecting forward or input chain
Say something about the segmented networks internal structure? Microfirewalls?
Evolved over time
What do we call the different types of units
Operational? Process network
Management/Supervisory
Host devices, bring your own device, perhaps create guest networks
All is a single point of failure
Create terminology