Bruno HÉNON - Automation & Control Engineer Freelance Services in factory automation, designing, programming, installing and subcontracting worldwide

Digital security and prevention software.

Digital safety

See also …

 

  Automation > Resources > Techniques > Digital security and utilities  

  Free open source office automation

Automation and control summary  

CYBER-SECURITY AND PROTECTION TOOLS

Digital security observatories, Networking security utilities, Personal security software, Mobile security tools.

How Secure Are Your Control Systems ?

Control engineers are more and more confronted with opened communication architecture, particularly with an increasing number of intranet / internet bridges, and by collecting technical informations sometimes exclusively published on internet with programming consoles. Actually, the ways of the digital informations become more and more complex, consequently there are more and more gaps of security, and the industrial communication networks as well as the programming and maintenance consoles become more and more aware of cyber-criminality.


One of the strongest proofs of the following is the detection of the Stuxnet virus around the years 2009-2010, but it seems it was in place for years. Tens of thousands of one current and widespread control system have been infected in the world. Finally, once introduced ( probably via an USB key ) in the presumed only targeted company, this virus has attacked its control systems up to the PLC controllers through the operator interfaces ( implemented in a non industrial commercial operating system ), with the objective of breaking down the machines and may be the operators. It is said that the factory network was linked neither to internet nor to any external networks.

The result has been that most of the thousands targeted machines have been broken, perhaps all the machines. It seems that more than one year has been necessary to eradicate the virus in this factory without any certitude nor warranty about its destruction. The production has been stopped for years, perhaps definitively.

It seems it is the first time that such an objective has been targeted, and according to the experts, some parts of the program of Stuxnet are very sophisticated and never seen anywhere before. Since the detection of this virus, the supplier of the concerned control system is providing a security patch preventing against Stuxnet.


Stuxnet has been exceptional, but most of the detected incidents have currently for causes the objective to steal strategic data in a company ( industry included ) by using software bugs or systems failures, without speaking about human causes ( be aware of the USB keys for instance ). More, we have to keep in mind that many of the incidents of vulnerability are detected on systems using networks.


Consequently, the public domain is becoming more and more vulnerable too ( in particular in strategic domains such as the production or the transfer of the energies, the water treatment and so on ), since internet becomes more and more used to interconnect the systems with their users and their management services.

The smart grids planed to be used in a short future for the distribution of the energy and of the water will not help, more, they are surely amplifying the phenomena. Without to mention the digital « clouds » usages. Thus, we have to note that some industrial providers ( unfortunately not all of them ) are doing serious efforts to supply their clients with ( theorically ) robust solutions.

We have only to refer to the late digital adventures of the Estonia ( in 2007 and later ) and of the Latvia ( in 2008 and later ) to be convinced of the existence of these threats, of their amount and of the importance of their potential consequences.


It is not to forget that a door - even an armoured one - is intended to be opened. It is its raison d'être. That means we have to be aware that when we are making a hole in a wall to install an armoured door, simply we are installing a door where there was none indeed, and we are adding a new path to get in.


Subsequently, it could be judicious that a control engineer follows the news in relation with the systems vulnerabilities, and that he knows how to protect all the automated controls from digital attacks. And it also could be judicious that an executive knows how vulnerable are his factories, how vulnerable are his suppliers ( especially in term of energy, but not only ), how vulnerable are all the companies or activities in interaction through the networks ( banks, customers and so on ), and what could be the consequences of the resulting potential cyber-attacks for the whole of his company.

For all kind of companies involved in any activities, one way to have an idea about potential threats is asking « white » hackers and ( or ) governmental agencies for auditing the entire digital systems of the company and the services its provides or uses through digital ways.


One available solution to improve the security of the factory control systems may be using the PROVIEW open source control system running under opened operating systems. This could be a convenient solution in association with the security software below. More, why not adopt open source operating systems such as Linux, FreeBSD and other for all the company ?

Cyber-Security And Vulnerabilities Observatories

MITRE, ICS-CERT.

MITRE - One Open Source Vulnerability Data Base In The Industry

« MITRE » replaces the « OSVDB » digital security observatory, which stopped storing vulnerability events, due to a lack of contributions from the industrial companies. « OSVDB » listed all the vulnerability of the communication systems which are detected since November 7th, 1902, when data transmitted by the Marconi telegraph have been hacked. ( Already the wireless communications ! ).


In all cases, bravo and greetings to all the OSVDB team for their job.


By listing the industry directory, you will discover that the SCADA systems are especially vulnerable and are often the targets of hackers or spies. Other vulnerable systems are Ethernet components ( switches, hubs, network interfaces ), analysis networks software, PLC controllers and HMI interfaces ( bad protocols implementations ) etc.

You can look in the database for registered events. You can filter your search with the words you wish by typing a request in the field down the page ( such as in the link of the title of this section where the keyword is « industry », which will list all the vulnerabilities indexed in the industry category ). But you can also type a trademark or a reference for a device for instance, or any relevant word on a subject you are interested in. You could also try the vulnerability database search engine which provides maybe more explicit results or which displays them maybe more clearly.

https://cve.mitre.org

Industrial Control System Digital Security Alerts ( ICS-CERT )

The « Industrial control systems cyber emergency response team » is a North American governmental organization which is involved exclusively in the industrial control system security area, whatever the application. It alerts on critical and sensible digital failures detected in systems such as logic controllers, inverters, communication networks, operator panels etc, informs their producer about, and requires to correct them. As you can see, the list is large.

The organisation provides a whole of very interesting documents about the industrial control system security recommended practices too.

https://www.us-cert.gov/ics/

Networking Security Software

Authentication server, Virtual Tunnelling, Cryptography services, Threats scanner.

Free Radius, An Authentication Server

This free and open source authentication server is based on the « Radius » authentication protocol. It is the only server which uses the extensible authentication protocol ( EAP ) and which supports virtual servers. It is the most used authentication server in the world.

This system has been designed to manage and to control safely and securely any device and any user requiring an access to a network or to a component of a network, whatever the technology used to transmit the data.

This technology is used by Internet services providers, cellular networks providers, Ethernet peripheral manufacturers and anyone who want to secure his IP wired or wireless network ( actually, with any device supporting a Radius client ).

The server is published with binary packages for a lot of operating systems, based on Unix, Linux and MS windows. Everyone can build the application on the operating system he wants by compiling the source code.


Before all, « Radius » is a network communication protocol designed to secure the data exchanged on a network by managing and controlling the access. It is implemented in a client-server architecture, and needs at least one Radius server to talk with at least one Radius client.

« FreeRadius » is an AAA system, that is an Authentication, authorisation and accounting system. It runs on Internet, Ethernet and all the IP networks, on wireless networks, on virtual private networksVPN ) and many others. All the data exchanged between a server and a client are encrypted.


The FreeRadius organization delivers all the technical documentation you need from its web site.

https://freeradius.org/

Open VPN ( Open Virtual Private Network )

A « virtual private » network ( VPN ) acts like a private tunnel inside a public network transmitting the data securely from one authenticated point to another authenticated point by encapsulating compressed and encrypted data into the public network frames. It transmits and manages the TCP packets ( Transmission Control Protocol packets ) over the UDP ports ( User Datagrams Protocol ).


« Open VPN » - an open source project - protects the exchanges of data against passive and active attacks and is usable with static or dynamic addresses, in both LAN and WAN networks. All what concerns the security in open VPN is open SSL based.


We can benefit of open VPN to access remote devices securely :


To enforce the security of the transmissions, « Open VPN » can ( must ? ) be used in conjunction with one or more FreeRadius servers.

http://openvpn.net/

Open SSL ( Open Secure Socket Layer )

This free and open source library implements the secure socket layer ( SSL ) and the transport layer security ( TLS ) protocols. It is used in numerous popular applications ( Open VPN or FreeRadius for instance, or in the secure HTTPS protocol ) and by a huge amount of organizations.

www.openssl.org

NMAP - A Security Scanner For The Networks

This free, open source, useful, fast and reliable network mapper package has been designed to check how secure are your Ethernet based communication networks, wired or wireless, from one single hosts up to all wide area networks. It integrates a whole set of security exchanges data dedicated software, scanning all the active hosts and all the available and responsive TCP and UDP ports in an IP network. It checks with many different techniques how easy an intrusion can be done, and where security weaknesses are located.

« NMAP » is intended to network administrators, and it can be associated with some other tools such as « Zenmap », « Ndiff » and « Nping », all available on its web site.

https://nmap.org/

Personal Computers Watching And Prevention Software

Firewalls, Anti-virus, Anti-spyware, TOR browser.

Firewalls
Anti-Virus
Anti-Spyware
TOR Project - Anonymous And Anti-Tracking Applications

Since browsing the web means to be tracked by advertisers, internet providers, hackers, search engines and many more, may be you wish keeping away from traffic analysis. Or may be you need a connection with a remote controller for maintenance, and you do not want to take the risk to be tracked by hackers for instance.


The TOR project - the onion router - may be the good solution to avoid tracking. It allows a visitor to be anonymous and allows the data to keep their confidentiality by providing very useful tools.

The basic concept of this application is to route a web request and its response through virtual private networks ( VPN ) chained in an onion layer architecture, hiding your IP address, your location and some other informations ( see the « About TOR » section for more informations ).

First initiated with the US navy, the TOR project is a free and open source project very popular and used worldwide, simply because increasing the amount of users increases automatically the privacy.


The TOR project delivers several products such as the TOR browser bundle ( private web browsing with Firefox ), TORbirdy ( private emailing client with Thunderbird ), Tails (a very secure live operating system, Linux based and TOR based ) and other tools ( read the « Projects » section on the website ).

www.torproject.org

Mobile Prevention Software Tools

Orbot, Avast mobile security.

ORBOT - Mobile Confidentiality

« Orbot » is a free and open source project using TOR, providing the same features. Orbot is especially designed and adapted to work on the mobile devices running under the Android operating system.

https://guardianproject.info/apps/orbot/

AVAST! Free Mobile Security

Avast provides a free version of its mobile security tool, intended for the mobile devices running under the Android operating system.

Avast mobile security prevents you against malware and virus ( yes, some malware can attacks even a Linux operating system ) and infected websites. It can block specific phone numbers, it can act as a firewall if you need this feature, and it tracks your mobile device whether it has been stolen or lost, helping you to recover it.

www.avast.com/free-mobile-security

Share this page :

 


© www.bh-automation.fr