Bruno HÉNON - Automation & Control Engineer Freelance Services in factory automation, designing, programming, installing and subcontracting worldwide

Digital security and prevention software.

Digital safety

See also ...

       

  Automation > Resources > Techniques > Digital security and utilities  

  Free open source office automation

Automation and control summary  

CYBER-SECURITY AND PROTECTION TOOLS

Digital security observatories, Networking security utilities, Personal security software, Mobile security tools.

How Secure Are Your Control Systems ?

Control engineers are more and more confronted with opened communication architecture, particularly with an increasing number of intranet / internet bridges, and by collecting technical informations sometimes exclusively published on internet with programming consoles.

Actually, the ways of the digital informations become more and more complex. Consequently there are more and more gaps of security, and the industrial communication networks as well as the programming and maintenance consoles become more and more aware of cyber-criminality.


One of the strongest proofs of the following is the detection of the Stuxnet virus around the years 2009-2010, but it seems it was in place for years.

Tens of thousands of a current and widespread control system have been infected in the world.

Finally, once introduced (probably via an USB key) in the presumed only targeted company, this virus has attacked its control systems up to the programmable logical controllers (PLC) through the operator interfaces (implemented in a non industrial commercial operating system), with the objective of breaking down the machines and may be the operators. It is said that the factory network was linked neither to internet nor to any external networks.

The result has been that most of the thousands targeted machines have been broken, perhaps all the machines. It seems that more than one year has been necessary to eradicate the virus in this factory without any certitude nor warranty about its destruction. The production has been stopped for years, perhaps definitively.

It seems it is the first time that such an objective has been targeted, and according to the experts, some parts of the program of Stuxnet are very sophisticated and never seen anywhere before.

Since the detection of this virus, the supplier of the concerned control system is providing a security patch preventing against Stuxnet.


Stuxnet has been exceptional, but most of the detected incidents have currently for causes the objective to steal strategic data in a company (industry included) by using software bugs or systems failures, without speaking about human causes (be aware of the USB keys for instance).


More, we have to keep in mind that many of the incidents of vulnerability are detected on systems using networks.


Consequently, the public domain is becoming more and more vulnerable too (in particular in strategic domains such as the production or the transfer of the energies, the water treatment and so on), since internet becomes more and more used to interconnect the systems with their users and their management services.

The smart grids planed to be used in a short future for the distribution of the energy and of the water will not help, more, they are surely amplifying the phenomena. Without to mention the digital "clouds" usages.

We have only to refer to the late digital adventures of the Estonia (in 2007 and later) and of the Latvia (in 2008 and later) to be convinced of it.

These are all facts, and only facts. Unfortunately that was only the beginning.

At the latest for the coming years, the potentiality of cyber-wars seems no more being all theory.


Consequently, it could be judicious that a control engineer follows the news in relation with the systems vulnerabilities, and that he knows how to protect all the automated controls from digital attacks.

And it could be judicious that a CEO knows how vulnerable are factories, how vulnerable are his suppliers (especially in term of energy, but not only), how vulnerable are all the companies or activities in interaction through the networks (banks, customers and so on), and what could be the consequences of the resulting potential cyber-attacks for the whole of his company.

For all kind of companies involved in any activities, one way to have an idea about potential threats is asking "white" hackers and (or) governmental agencies for auditing the entire digital systems of the company and the services its provides or uses through digital ways.


One available solution to improve the security of the factory control systems is to use the open source control system PROVIEW, which is a convenient solution in association with the security software below.

Cyber-Security And Vulnerabilities Observatories

MITRE, ICS-CERT.

MITRE - One Open Source Vulnerability Data Base In The Industry  

"MITRE" replaces the "OSVDB" digital security obervatory, which stopped storing vulnerability events, due to ...

"OSVDB" listed all the vulnerability of the communication systems which are detected since November 7th, 1902, when data transmitted by the Marconi telegraph have been hacked. ( Already the wireless communications ! ).

In all cases, greatings to all the OSVDB team for their job.


By listing the industry directory, you will discover that the SCADA systems are especially vulnerable and are often the targets of hackers or spies.

Other vulnerable systems are Ethernet components (switches, hubs, network interfaces), analysis networks software, PLC (bad protocols implementations) etc.


From the link in the title, you can filter what you are looking for ( industry for instance, to only display the vulnerabilities in the industry ).

An other way is to use the embedded vulnerability database search engine, which may provide more explicit results.

https://cve.mitre.org

Industrial Control System Digital Security Alerts (ICS-CERT)  

This department alerts on critical and sensible digital failures detected in industrial control systems (logic controllers, networks, operator panels etc), informs their producer about, and requires to correct them.

As you can see, the list is large.


ICS-CERT (Industrial control systems cyber emergency response team) is a North American governmental organization which is involved exclusively in the industrial control system security area, whatever the application.

The organisation provides a whole of very interesting documents about the industrial control system security recommended practices too.

https://ics-cert.us-cert.gov/

Networking Security Software

Authentication server, Virtual Tunnelling, Cryptography services, Threats scanner.

Free Radius, An Authentication Server  

"FreeRADIUS" is a free and open source Radius based authentication server and is the only one open source radius server using the Extensible Authentication Protocol (EAP) and supporting virtual servers.

It is the most used authentication server in the world.

FreeRadius is used by Internet services providers, cellular networks providers, Ethernet peripheral manufacturers and anyone who want to secure his IP network or his wireless network, such as a Wi-fi network for instance (actually, with any device supporting a Radius client).

FreeRadius is published with binary packages for a lot of operating systems, based on Unix, Linux and MS windows. Everyone can build the application on the operating system he wants by compiling the source code.


FreeRadius has been designed to manage and to control safely and securely any device and any user requiring an access to a network or to a component of a network, whatever the technology used to transmit the data.


Before all, "Radius" is a network protocol designed to secure the data exchanged on a network by managing and controlling the access. It is implemented in a client-server architecture, and needs one Radius server to talk with at least one radius client.

FreeRadius is a AAA system, that is an Authentication, Authorisation and Accounting system. It runs on Internet, Ethernet and all the IP networks, on wireless networks, on virtual private networks (VPN) and many others.

All the data exchanged between a server and a client are encrypted.


The Authentication refers to the validation of the user's identity (the user can be a human or a digital device). Authentication process can use login name, password, location, MAC address (Media Access Control address) of the device requiring the connection and many other values to do it and to control the areas a user can access (see authorization below).


The Authorization refers to the management of the permissions to grant to the user. Where is he allowed to access, what is he allowed to do ?


The Accounting refers to the resources a user has consumed and is generally used for billing purposes.


The FreeRadius organization delivers all the technical documentation you need from its web site.

http://freeradius.org/

Open VPN (Open Virtual Private Network)  

A Virtual Private Network (VPN) acts like a private tunnel inside a public network transmitting the data securely from one authenticated point to another authenticated point by encapsulating compressed and encrypted data into the public network frames.

Open VPN transmits and manages the TCP packets (Transmission Control Protocol packets) over the UDP ports (User Datagrams Ports).


Open VPN protects the exchanges of data against passive and active attacks and is usable with static or dynamic addresses, in both Local Area Networks (LAN) and Wide Area Networks (WAN).

All what concerns the security in open VPN is open SSL based.

We can benefit of open VPN to access remote devices securely (to access a remote PLC or a remote smart sensor for maintenance, for instance), to exchange data securely between two factories, or to link permanently and securely a PLC with some external remote sensors.


To enforce the security of the transmissions, open VPN can be used in conjunction with one or more FreeRadius servers.

Open VPN is a free and open source project.

http://openvpn.net/

Open SSL (Open Secure Socket Layer)  

Open SSL is a free and open source library implementing the Secure Socket Layer (SSL) and the Transport Layer Security (TLS).

Open SSL is used in numerous popular applications (open VPN or FreeRadius for instance) and by a huge amount of organizations.


The SSL protocol encrypts the communication between two nodes in a network, by using a public key and a private key. It is designed to communicate between a web server and an web client over internet.


The TLS protocol is an evolution of SSL, with a better robustness and more secure.

www.openssl.org

NMAP - A Security Scanner For The Networks  

NMAP (for Network Mapper) is a free, open source, useful, fast and reliable utility software package designed to check how secure are your Ethernet based networks, for all one wide area network down to one single hosts including any wireless networks.

NMAP scans all the active hosts and all the available and responsive TCP and UDP ports in an IP network, checking with many different techniques how easy an intrusion can be done, and where security weaknesses are located.

NMAP is intended to network administrators, and it can be associated with some other tools such as "Zenmap", "Ndiff" and "Nping", all available on the NMAP web site.

https://nmap.org/

Personal Computers Watching And Prevention Software

Firewalls, Anti-virus, Anti-spyware, TOR browser.

Firewalls  
Anti-Virus  
Anti-Spyware  
TOR Project - Anonymous And Anti-Tracking Applications  

Since browsing the web means to be tracked by advertisers, internet providers, hackers, search engines and many more, may be you wish keeping away from traffic analysis.

Or may be you need a connection with a remote controller for maintenance, and you do not want to take the risk to be tracked by hackers for instance.

The "TOR" project prevents it by providing some useful tools.


The basic concept of TOR is to route a web request and its response through virtual private networks (VPN) chained in an onion layer architecture, hiding your IP address, your location and some other informations (see the "About TOR" section for more informations).


First initiated with the US navy, the TOR project is a free and open source project very popular and used worldwide. Increasing the amount of users increases the privacy.


The TOR project delivers several products such as the TOR browser bundle (private web browsing with Firefox), TORbirdy (private emailing client with Thunderbird), Tails (a very secure live operating system, Linux based and TOR based) and other tools (see the "Projects" section for more informations).

www.torproject.org

Mobile Prevention Software Tools

Orbot, Avast mobile security.

ORBOT - Mobile Confidentiality  

"Orbot" is a free and open source project using TOR, providing the same features. Orbot is especially designed and adapted to work on the mobile devices running under the Android operating system.

https://guardianproject.info/apps/orbot/

AVAST! Free Mobile Security  

Avast provides a free version of its mobile security tool, intended for the mobile devices running under the Android operating system.

Avast mobile security prevents you against malware and virus (yes, some malware can attacks even a Linux operating system) and infected websites.

It can block specific phone numbers, it can act as a firewall if you need this feature, and it tracks your mobile device whether it has been stolen or lost, helping you to recover it.

www.avast.com/free-mobile-security

Share this page :

       


© www.bh-automation.fr