Segmentados Desarrollo

The installation of security tools may be complex sometimes due to different reasons: the complexity of the tool itself, the environment in which it is installed, the necessary settings, etc. This post shows how to implement an IDS solution and how to manage events in a centralised manner by means of an event manager for industrial control systems.

Smart buildings, either intended for housing, for offices or for industries, are fitted with communications systems for control of all elements such as lighting, heating and air conditioning, blinds, etc. Such communications are mainly carried out by means of two protocols or technologies: BACnet and LonWorks. In this article, the security capabilities of each protocol for operating in as a secure manner as possible shall be described.

Companies usually spend a large share of their budgets to improve the security of their systems assuming that attacks comes from outside of their networks. But, what if the attack comes from within?

Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.

As explained in the first post of this series dedicated to the C4V model, the cyber security level of outsourced services is key to assess the cyber security capabilities of any organisation: It is no use increasing the cyber security levels of an organisation if their suppliers’ levels are not as high, because -it goes without saying that- "security is as strong as its weakest link".

The increasing number of attacks to industrial networks forces us to analyse their behaviour so that we can implement measures to mitigate said attacks. One of the options used to learn about the behaviour of attacks is the deployment of honeypots. This article deals with the advantages and challenges of this technology when used in industrial environments.

The outsourcing of processes is not something we can consider new. In fact, the contrary is true. And in particular, in terms of how it applies to ICT (Information and Communication Technology), it is common for at least part of our systems to be accessed by third parties or managed directly by third parties.

New control methods of energy distribution needs have required new communication ways, which have been many tines solved with new protocols. A security review to avoid unauthorized Access to private information is one task of main power companies.

Although in industrial environments, availability is king, integrity is also a factor to be taken into account as data must be transferred in unaltered form. The use of mechanisms such as digital signatures helps with integrity, although it is not so simple to implement in all environments.

The use of Ethernet communications in different automation systems along with the increase in IT standards in the industrial world are bringing the worlds of IT and OT ever closer, both at a technological and communication level. From this convergence emerge communication standards like PROFINET, which we shall analyse in this article.

The security of a system is fundamentally based on knowledge of the communications developed therein. For this reason, network analyzers are indispensable elements that allow us to identify the information exchanged between elements and discover relevant information, such as erroneous implementations of the stack of some protocols, possible information leaks, non-defined communications, etc.

Traditionally, malware creates files, copies of itself or additional malware that is dropped into different locations of the system it compromises, able to do so with similar names to legitimate files, with the aim of being passed off for as long as possible.