Agenda
• IEC 62443 IACS standard
• Scope and why
• DHCP protocol and how it works
• DHCP’s Vulnerabilities
• Types of Cyber Attacks to DHCP
• Defense by network security DHCP Snooping
• Korenix products with advanced security features
IGS-10020MT is a fully-managed Gigabit fiber switch usually designed for the industrial network. It features 8 10/100/1000BASE-T copper ports, 2 100/1000/2500BASE-X SFP ports and redundant power system in an IP30 rugged but compact-sized case that can be installed in any difficult environment without space limitation. Within such favorable enclosure, it provides user-friendly yet advanced IPv6/IPv4 management interfaces, abundant L2/L4 switching functions and Layer 3 static routing capability.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...Yandex
Form follows function is a modern architectural principle that has been used to design and understand the workings of organisms and buildings. Computer networks are also an example of this principle. The classical networking topology (or form) inside an enterprise (and data center) has been the access-aggregation-core model that was designed to serve the needs of the applications then vogue in the enterprise. Enter the 21st century: companies like Google and Amazon, and applications based on cloud, big data and web 2.0 are redefining the fundamental morphology of data center networks.
This talk introduces the fundamental form of modern data center networking and discusses how form follows function in this brave new world. The talk will range from the application needs of the modern data center and how they redefine the network requirements to the most common topology in modern data centers to the protocols used and new technologies.
IGS-10020MT is a fully-managed Gigabit fiber switch usually designed for the industrial network. It features 8 10/100/1000BASE-T copper ports, 2 100/1000/2500BASE-X SFP ports and redundant power system in an IP30 rugged but compact-sized case that can be installed in any difficult environment without space limitation. Within such favorable enclosure, it provides user-friendly yet advanced IPv6/IPv4 management interfaces, abundant L2/L4 switching functions and Layer 3 static routing capability.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...Yandex
Form follows function is a modern architectural principle that has been used to design and understand the workings of organisms and buildings. Computer networks are also an example of this principle. The classical networking topology (or form) inside an enterprise (and data center) has been the access-aggregation-core model that was designed to serve the needs of the applications then vogue in the enterprise. Enter the 21st century: companies like Google and Amazon, and applications based on cloud, big data and web 2.0 are redefining the fundamental morphology of data center networks.
This talk introduces the fundamental form of modern data center networking and discusses how form follows function in this brave new world. The talk will range from the application needs of the modern data center and how they redefine the network requirements to the most common topology in modern data centers to the protocols used and new technologies.
GSW-2824P is equipped with 24 10/100/1000BASE-T Gigabit Ethernet ports, 2 extra Gigabit TP ports and 2 1000BASE-X SFP combo interfaces with the inner power system. With a total of 250 watts of PoE budget, it features high-performance Gigabit IEEE 802.3af PoE (up to 15.4W) and IEEE 802.3at PoE+ (up to 32W) capabilities on all ports.
Perfectly Integrated Solution for IP PoE Camera and NVR System
Particularly designed for the growing popular IP Surveillance applications, the GSW-2824P 802.3at PoE Switch is positioned as a Surveillance Switch for quick and easy PoE IP camera deployment with power feeding.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
Next Generation Campus Switching: Are You ReadyCisco Canada
We will review the latest evolution within the Cisco Catalyst switching product portfolio including the latest Cisco Catalyst 6800 switches and Cisco Instant Access. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
IGS-6325-8UP2S2X L3 Industrial Managed PoE++ Switch features eight 10/100/1000BASE-T 802.3bt PoE++ ports with each port powering up to 95 watts and two 100/1000/2500BASE-X SFP interfaces in a rugged IP30 metal case for stable operation in heavy industrial demanding environments.
It supports rich PoE operation modes including 90-watt 802.3bt type-4 PoE++ ports, 95-watt PoH (Power over HD-BASE-T) mode and 4-pair force mode to solve the incompatibility of non-standard 4-pair PoE PDs in the field.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
Industrial Ethernet Extender, IVC-234GT. It features one BNC port and one RJ11 port for long-distance connection with the VDSL2 (Very-high-bit-rate Digital Subscriber Line 2) technology, and 4 10/100/1000BASE-T RJ45 Ethernet ports. Its slim-sized metal housing makes the placement of the unit convenient.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://www.bbcpl.in
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
GSW-2824P is equipped with 24 10/100/1000BASE-T Gigabit Ethernet ports, 2 extra Gigabit TP ports and 2 1000BASE-X SFP combo interfaces with the inner power system. With a total of 250 watts of PoE budget, it features high-performance Gigabit IEEE 802.3af PoE (up to 15.4W) and IEEE 802.3at PoE+ (up to 32W) capabilities on all ports.
Perfectly Integrated Solution for IP PoE Camera and NVR System
Particularly designed for the growing popular IP Surveillance applications, the GSW-2824P 802.3at PoE Switch is positioned as a Surveillance Switch for quick and easy PoE IP camera deployment with power feeding.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
Next Generation Campus Switching: Are You ReadyCisco Canada
We will review the latest evolution within the Cisco Catalyst switching product portfolio including the latest Cisco Catalyst 6800 switches and Cisco Instant Access. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
IGS-6325-8UP2S2X L3 Industrial Managed PoE++ Switch features eight 10/100/1000BASE-T 802.3bt PoE++ ports with each port powering up to 95 watts and two 100/1000/2500BASE-X SFP interfaces in a rugged IP30 metal case for stable operation in heavy industrial demanding environments.
It supports rich PoE operation modes including 90-watt 802.3bt type-4 PoE++ ports, 95-watt PoH (Power over HD-BASE-T) mode and 4-pair force mode to solve the incompatibility of non-standard 4-pair PoE PDs in the field.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
Industrial Ethernet Extender, IVC-234GT. It features one BNC port and one RJ11 port for long-distance connection with the VDSL2 (Very-high-bit-rate Digital Subscriber Line 2) technology, and 4 10/100/1000BASE-T RJ45 Ethernet ports. Its slim-sized metal housing makes the placement of the unit convenient.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://www.bbcpl.in
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
In this presentation, we will discuss how branch controllers work and run through different deployments examples in 6.x and 8.x.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Manage-Devices-at-Branch/td-p/351983
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This presentation provides an overview of web security, web security with Cisco Ironport, web security with Cisco Scansafe, and the road to hybrid security.
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
Agenda
- The unknown truth of cyber threats
- The myths of network security
- Attack and defense analysis
- IEC 62443 standard and how it impacts on you
- IT vs. OT security and the golden rule of defense
- A foundation where technology meets humanity
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...Jiunn-Jer Sun
Agenda
• Why IP address and MAC address
• How packets are delivered through the network
• The address resolution mechanism (ARP) and how it works
• Vulnerabilities and cyberattacks to ARP
• Defense by network security Dynamic ARP Inspection
• Korenix products with advanced cybersecurity features
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
2. Agenda
• IEC62443 IACS standard
• Scope and why
• DHCP protocol and how it works
• DHCP’s Vulnerabilities
• Types of Cyberattacks to DHCP
• Defense by network security – DHCP Snooping
• Korenix products with advanced security features
6. DHCP Architecture
DHCP Client
(MAC bbb.bbb.bbb)
DHCP Client
(MAC ccc.ccc.ccc)
DHCP Server
DHCP Client
(MAC aaa.aaa.aaa)
IP Address Pool / Binding Table
192.168.10.1 aaa.aaa.aaa
192.168.10.2 bbb.bbb.bbb
192.168.10.3 (available)
…
192.168.10.100 (available)
Policy
IP
Subnet mask
Gateway
DNS
7. DHCP Client (MAC aaa.aaa.aaa)DHCP Server
DHCP Transaction
DISCOVER
(Broadcast)
I am MAC aaa.aaa.aaa. Please
assign network configuration
for me.
REQUEST
(Broadcast) Yes, please lease it to me.
OFFER
(Broadcast)
I’m the DHCP server and how
about this IP address for you?
ACK
(Unicast)
Done, you can use the IP
address now.
8. Vulnerabilities and Attacks
• DHCP spoofing from client
• DHCP spoofing from server
• DHCP starvation and DoS
• Man-In-The-Middle or Hijacking
• Broadcasting
• No authentication
• No validation
9. Malicious Client (MAC ccc.ccc.ccc)DHCP Server
OFFER
How about this IP address?
ACK
Done, you can use it now.
DISCOVER I am MAC aaa.aaa.aaa. Please assign
IP and network configuration for me.
REQUEST Yes, please lease it to me.
Spoofing From Malicious Client
10. DHCP Client (MAC ccc.ccc.ccc)DHCP Server
DISCOVER I am MAC aaa.aaa.aaa. please assign
IP and network configuration for me.
…DISCOVER I am MAC bbb.bbb.bbb. please assign
IP and network configuration for me.
…
DISCOVER I am MAC zzz.zzz.zzz. please assign
IP and network configuration for me.
…
DHCP Starvation
11. Malicious Client (MAC ccc.ccc.ccc)DHCP Server
DISCOVER I am MAC ccc.ccc.ccc. please assign
IP and network configuration for me.
…DISCOVER I am MAC ccc.ccc.ccc. please assign
IP and network configuration for me.
…
DISCOVER I am MAC ccc.ccc.ccc. please assign
IP and network configuration for me.
…
Denial Of Service
12. DHCP ClientDHCP Server
DISCOVER
The OFFER from the rogue
DHCP server arrives client
before the one from
legitimate DHCP server. The
transcation is scrambled and
the network configuration
goes wrong.
OFFER
Rogue DHCP Server
Spoofing From Rogue Server
13. More Than DHCP Attacks
DHCP Client
DHCP Server
DHCP Client
Rogue DHCP Server
Gateway
IP address
Gateway
DNS
14. Defense By Network Security
Goal:
• Avoid invalid DHCP messages
coming into the network
• Make sure that network
configurations are given from
the trusted DHCP server
DHCP Client
DHCP Server
DHCP Client
Rogue DHCP Server
Malicious DHCP Client
15. DHCP Snooping
• A network security technology protects DHCP infrastructure against malicious DHCP
sources, either from clients or servers, and to block fake DHCP messages
• Network (LAN) switches with this feature snoop DHCP messages to ensure the
incoming DHCP messages are valid, it also helps to ensure network configuration
are given from the trusted DHCP server
• More importantly, beyond guarding DHCP infrastructure, DHCP snooping generates
an table including information about a trusted network, which can be further used by
other security features
16. How DHCP Snooping Works
DHCP Client
DHCP Server
DHCP Client DHCP Client
TRUSTED
? ? ?UNTRUSTED
17. DHCP Client (MAC ccc.ccc.ccc)DHCP Server
I am MAC aaa.aaa.aaa. please
assign an IP for me.
I am MAC ccc.ccc.ccc. please
assign an IP for me.
Switch
Validate Messages
DISCOVER
I am a server and here is the IP
for you.
DISCOVER
OFFER
?
18. Rogue DHCP Server
Fix On Trusted Sources
DHCP Client
DHCP Server
DHCP Client
Rogue DHCP Server
DHCP Client
? ? ?
Rogue DHCP Server
23. Summary
• DHCP infrastructure is insecure by nature. It is crucial and strongly recommended to
apply security protection if DHCP is used in an industrial network
• Network switches play an important role to protect an DHCP infrastructure. DHCP
snooping should be enabled to against different type of spoofing attacks, either from
rogue DHCP servers or malicious clients
• Addressing IEC62443 the security standard, Korenix has implemented DHCP
snooping on both its din-rail switches or rackmount switches, which fit for different
level of networks for mission-critical industrial applications
24. To Be Continued
• Korenix Network Security Webinar – Part 2
MAC
IP
DHCP
APPLICATION