SlideShare une entreprise Scribd logo

The new era of Cyber Security IEC62443

WoMaster
WoMaster

The document discusses cyber security standards and threats in industrial networks. It describes the IEC 62443 standard for securing industrial networks and discusses levels of security it provides. The document also summarizes WoMaster's cyber security solutions, including secure remote access, multi-level authentication, ACLs, DHCP snooping, and DDoS prevention in line with IEC 62443 requirements to secure industrial IoT networks. WoMaster's solutions integrate software and hardware for comprehensive protection against cyber threats.

Technologie
1  sur  15
Télécharger pour lire hors ligne
The New Era of Cyber Security IEC62443 Yohan / FAE Engineer White Paper
1. Background For these past few years, cyber security had found itself being tech talk at the center of international conversations. It was part of presidential debates, it determined elections, data breaches were front page news, it temporarily shut down major companies, and the world saw huge increases in both attacks and spending. Some of the biggest headline about cyber security in 2010 report that The Stuxnet Worm first emerged during the summer of 2010 and attack the Bushehr nuclear plant in Iran. 20% centrifuge broken, more than 45,000 network devices were infected. Stuxnet was a 500-kilobyte computer worm that infiltrated numerous computer systems. This worm was first detected in June by a security firm based in Belarus, but may have been circulating since 2009. Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons. Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware. Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens. Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions. Picture Source: Extreme Tech The other case is from Ukraine, which is attacked the power system that caused over 1.4 million people encountered power outage for 3 hours. In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine). As we can see from several cases above, cyber-attacks should be a big concern in the IIoT industry.
2. Securing Industrial Network with Cyber Security IEC 62443 Standard As the Industrial IoT (IIoT) demand continues growing, the industrial networks are facing so many new challenges to be accessible over the public Internet. While it enhances operational efficiency, however, it brings more cyber security threats. The governments and enterprises are more concerned about the potential cyber security damages. The IEC 62443 Standard includes up-to-date security guidelines and a list of best practices for different parts of a network. It also includes information for those who perform different responsibilities on the network in order to protect against known security leaks and unknown attacks. The ultimate goal of the standard is to help improve the safety of networks and enhance industrial automation and control settings security. For the IEC 62443-4-1 standard, Product Development Requirements, it specifies process requirements for the secure development of products used in an IACS. It defines a secure development life-cycle for developing and maintaining secure products. This life-cycle includes training, security requirements definition, secure design, secure
implementation, verification and validation, release, defect management and patch management. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The requirements apply to the developer and maintainer of a product, but not to the integrator or user of the product. In the last decade, implementing of Industrial Ethernet has become the most influential and transformative phenomenon which is now evolving to highly digitalize and data driven infrastructure, referred to as Industrial Internet of Things (IIoT). To address and resolve the growing threat for closed industrial networks to be accessed and influenced over the public Internet, WoMaster, as a trusted and highly experienced partner of industrial automation and system control integrators, developed and introduced to the market the innovative advanced Cyber Security solutions for industrial networks. With deploying WoMaster’s Industrial M2M solutions, the network is completely protected from currently existing threats on the following levels: Level 1 – accidental unauthenticated access Level 2 – the most common attack experienced by system integrators Level 3/4 - intentional access by hackers who utilize specific skills and tools From the viewpoint of cyber security experts, there are several major cyber security threats that can affect internal networks include unauthorized access, unsecured data transmission, unencrypted key data, incomplete event logs, and operational errors.
3. Facing New Cyber Risks with Industry 4.0 Today we stand at the beginning of the fourth industrial revolution. The most commonly used terms to describe this era, which is rapidly changing the industrial, are Industry 4.0, smart manufacturing, the Internet of Things, cyber-physical systems and digital transformation. Picture Source: Simio The world is evolving more rapidly than ever before. As the adoption of digital technologies continues to move at a fast pace, organizations are seeking to rapidly transform. Moreover, a new economic order is emerging, where established manufacturers have to deal with both large digital organizations and innovative start-ups both determined to build new revenue models. New technologies, new products and services and new business models can be disruptive. Based on this scenario, adopting Industry 4.0 principles becomes a necessity, and tomorrow’s leaders need to be prepared to embrace a different corporate structure.
In fact, it’s estimated that companies all around the world will have implemented Industry 4.0 solutions in all important business divisions. Flexible, lean manufacturing delivered by the industrial Internet is predicted to increase productivity and resource efficiency by 18% in the next five years and reduce inventories and costs by some 2.6% annually. While the integration of systems that were once separate benefits manufacturers, it also carries risks- in particular to security. Processes that were once isolated are now vulnerable to cyber-attack, both directly and indirectly. Industry 4.0 is getting more impressive with Cloud technology. The adoption of Cloud technology offers central benefits to industrial enterprises: cost reduction, central data access for planning and control, speed, and much more. From the security side, encryption is hardly a new technology, but historically encrypted data was stored on servers which resided on premises over which the data owner had direct control. WoMaster is equipped with cloud technology and the best encryption method with AES 256 bit / 3DES 168bit / DES 64 bit encryption, so now we don’t need to worry about the data safety. The figure above shows how the data is secure when it is being sent from the laptop up to the cloud then send out to the mobile phone. How WoMaster secure the data, the data was encrypted before send to the cloud and still encrypted when it is being sent out to the end point. It can prevent any kind of attacks or hacker who tries to access our data.
4. The Defense in Depth Approach WoMaster product here has adapted Defense in Depth approach; where it is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to prevent an attack. Because there are so many potential attackers with such a wide variety of attack methods available, there is no single method for successfully protecting a computer network. Utilizing the strategy of defense in depth will reduce the risk of having a successful and likely very costly attack on a network. A well-designed strategy of this kind can also help system administrators and security personnel identify people who attempt to compromise a computer, server, proprietary network or ISP (Internet service provider). If a hacker gains access to a system, defense in depth minimizes the adverse impact and this situation gives administrators and engineers time to deploy new or updated countermeasures to prevent recurrence. Components of defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, DMZ, VPN Tunnel and many more. No single security measure can adequately protect a network; there are simply too many methods available to an attacker for this to work. Likewise, policies and procedures do not mean anything to an attacker from the outside but should be part of the plan to protect a network from insiders. Implementing a strategy of defense in depth will hopefully defeat or discourage all kinds of attackers. Firewalls, intrusion detection systems, well trained users, policies and procedures, switched networks, strong password and good physical security are examples of some of the things that go into an effective security plan. Each of these mechanisms by themselves are of little value but when implemented together become much more valuable as part of an overall security plan.
5. IEC62443-4-2 Level 2 Security (1) Secure Remote Access WoMaster provide the IPSec and OpenVPN feature to make sure the data transmission between LAN and WAN are secured and encrypted. For the IPSec and OpenVPN, WoMaster supports multiple networks, like a hybrid network, where the VPN connection can facilitate secure remote access from public to LAN with the secure authentication. So with this secure remote access, no one can access the remote site except the operator that pass through the authentication section. For example, network operators based at a central location need to be able to remotely access each data provider for both monitoring and control purposes. Network operators based in the central control room often have to use the Internet to gain access to the remote sites. The gateway that functions as a firewall and authenticator to the network must support VPN functionality. VPNs can filter IP packets that are sent through the virtual encrypted connection that connects the data provider at remote locations with the centralized control center. Networks that support remote access allows operators to save travel time, reduce costs, and also decrease the likelihood of system downtime occurring by making it easier to support predictive maintenance. Although there are multiple VPN technologies available, IPsec is the most widely used protocol. The reason why IPsec is the most frequently used protocol is because it sets up a secure channel over multiple networks that can be private, public, or a combination of private and public networks. IPsec supports secure authentication and data integrity, which are the two key requirements when transferring packets on industrial networks. Therefore, using IPsec guarantees that control and monitoring data is protected through its strong encryption methods.
(2) IEEE802.1x MAB (MAC Authentication Bypass) MAB enables port-based access control by bypassing the MAC address authentication process to TACACS+/Radius Server. Prior to MAB, the endpoint's (ex. PLC) identity is unknown and all traffic is blocked. The switch examines a single packet to learn and authenticate the source MAC address. After MAB succeeds, the endpoint's identity is known and all traffic from that endpoint is allowed. The switch performs source MAC address filtering to help ensure that only the MAB-authenticated endpoint is allowed to send traffic. (3) Advanced Port Based Security In addition to MAB, the authentication can also be done by the pre-configured static or auto-learn MAC address table in the switch. • MAC address Auto Learning enables the switch to be programmed to learn (and to authorize) a preconfigured number of the first source MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into the Static MAC Address Table and remain there until explicitly removed by the user. • The port security is further enhanced by Sticky MAC setting. If Sticky MAC address is activated, the MACs/Devices authorized on the port 'sticks’ to the port and the switch will not allow them to move to a different port. • Port Shutdown Time allows users to specify for the time period to auto-shutdown the port, if a security violation event occurs.
(4) Multi-Level User Passwords Different centralized authentication server is supported such as RADIUS and TACACS+. Using a central authentication server simplifies account administration, in particular when you have more than one switch in the network. Authentication Chain is also supported. An authentication chain is an ordered list of authentication methods to handle more advanced authentication scenarios. For example, you can create an authentication chain which first contacts a RADIUS server, and then looks in a local database if the RADIUS server does not respond. 6. IEC62443-4-2 Level 3/4 Security (1) DHCP Snooping DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. It performs the following activities: • Validates DHCP messages received from untrusted sources and filters out invalid messages. • Rate-limits DHCP traffic from trusted and untrusted sources.
• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses. • Utilize the DHCP snooping binding database to validate subsequent requests from untrusted hosts. DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. (2) Dynamic ARP Inspection (DAI) DAI validates the ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks. DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities: • Intercepts all ARP requests and responses on untrusted ports • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination • Drops invalid ARP packets DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.
(3) IP Source Guard IP Source Guard is a feature to block layer 3 IP address spoofing and layer 2 MAC address on switches. This feature looks at the DHCP snooping table and drops packets that have addresses that spoofed. It provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports. Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address. (4) Denial of Service (DoS) / Distributed DoS (DDoS) Prevention
A DoS attack is a malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. When this attempt derives from a single host of the network, it constitutes a DoS attack. On the other hand, it is also possible that a lot of malicious hosts coordinate to flood the victim with an abundance of attack packets, so that the attack takes place simultaneously from multiple points. This type of attack is called a Distributed DoS, or DDoS attack. To prevent DoS/DDoS attacks WoMaster provide several solutions: • Illegal address check (IPv4/IPv6) • Denial of Service detection/prevention • Land packets (SIP = DIP) • NullScan (TCP sequence number = 0, control bits = 0) • SYN with sPort < 1025 • Ping flood (flood of IPMC packets) prevention • SYN/SYN-ACK flooding prevention • Smurf attack prevention • Individual control over handing of DOS packet (5) IPv4/IPv6 Access Control List (ACL)
Packet filtering limits network traffic and restrict network uses by certain users or devices. ACLs filter traffic as it passes through a switch and permits or denies packets crossing specified interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria specified in the access lists. WoMaster supports L2-L7 ACLs, parsing up to 128 bytes/packet and L2-L7 packet classification and filtering IPv4/IPv6 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP). For HMI monitoring/SCADA, it has the capability to do the deep packet inspection of Ethernet/IP and Modbus TCP, allowing read only packet and discarding the write packet 7. The Advatages of WoMaster’s Cyber Security WoMaster provides Software & Hardware(ASIC) integrated protection mechanism, which applies the latest Application-Specific Integrated Circuit (ASIC) secure technology (L2-L7 packet classification), multi-level authentication, secure data transmission, encrypted key data, complete event logs/traps, operational errors prevention, and even logs, and operational errors exceeds IEC62443-4-2 Level 2 requirements to build most secure systems for industrial applications.
8. Conclusion The cyber issues have been all time in around the world as well as information systems are around us. It is clear that the hacking or cybercrime is the offence at where simple bytes are going much faster than the bullet. Over the last decade, addressing and resolving the growing threat for closed industrial IoT networks to be accessed and influenced over the public Internet has become the main priority for industrial automation and system control integrators. From this point of view we can see that the existence of cyber security will be a major requirement in the current industrial IoT era. WoMaster currently has provided the best option for a complete protection of IIoT network according to IEC 62443-4-1 and IEC 62443-4-2. If you still want to know more, please contact us at help@womaster.eu About Womaster WoMaster Group is an international group based in Europe, with over 20 years of industrial market experience. We provide rugged products with customer oriented support for critical applications such as railway, power and utility, waste water, intelligent transportation and IP surveillance. The WoMaster brand’s name distinguishes our target markets as well as symbolizes the nature sources which enforced us to become Master brand for Industrial Data Communication Market.

Recommandé

Sicurezza dei sistemi informativi
Sicurezza dei sistemi informativiSicurezza dei sistemi informativi
Sicurezza dei sistemi informativi
Marco Liverani
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Information System Security
Information System Security Information System Security
Information System Security
Syed Asif Sherazi
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Gareth Davies
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 

Recommandé

Sicurezza dei sistemi informativi
Sicurezza dei sistemi informativiSicurezza dei sistemi informativi
Sicurezza dei sistemi informativi
Marco Liverani
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Information System Security
Information System Security Information System Security
Information System Security
Syed Asif Sherazi
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Gareth Davies
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
Eryk Budi Pratama
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Priyanshu Ratnakar
 
Cyber security
Cyber securityCyber security
Cyber security
Nimesh Gajjar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Sapna Patil
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
information security
information securityinformation security
information security
university of karachi
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Thanuja Seneviratne
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
Farook Al-Jibouri
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
Aharon Aharon
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 

Contenu connexe

Tendances

Tendances (20)

Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
information security
information securityinformation security
information security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 

Similaire à The new era of Cyber Security IEC62443

WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
Aharon Aharon
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
salmonpybus
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 

Similaire à The new era of Cyber Security IEC62443 (20)

WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
sample assignment
sample assignmentsample assignment
sample assignment
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Plus de WoMaster

Plus de WoMaster (10)

DP101 industrial 1-port Fast Ethernet PoE to fiber media converter | WoMaster
DP101 industrial 1-port Fast Ethernet PoE to fiber media converter | WoMasterDP101 industrial 1-port Fast Ethernet PoE to fiber media converter | WoMaster
DP101 industrial 1-port Fast Ethernet PoE to fiber media converter | WoMaster
 
The Ace of Smart City Construction. White Paper. WoMaster
The Ace of Smart City Construction. White Paper. WoMasterThe Ace of Smart City Construction. White Paper. WoMaster
The Ace of Smart City Construction. White Paper. WoMaster
 
Redundant Gateway for industrial Ethernet ring. White Paper. WoMaster
Redundant Gateway for industrial Ethernet ring. White Paper. WoMasterRedundant Gateway for industrial Ethernet ring. White Paper. WoMaster
Redundant Gateway for industrial Ethernet ring. White Paper. WoMaster
 
DS105 - Industrial 5-port unmanaged Ethernet switch | WoMaster
DS105 - Industrial 5-port unmanaged Ethernet switch | WoMasterDS105 - Industrial 5-port unmanaged Ethernet switch | WoMaster
DS105 - Industrial 5-port unmanaged Ethernet switch | WoMaster
 
ViewMaster - Industrial Network Configuration Utility | WoMaster
ViewMaster - Industrial Network Configuration Utility | WoMasterViewMaster - Industrial Network Configuration Utility | WoMaster
ViewMaster - Industrial Network Configuration Utility | WoMaster
 
CloudGate series product introduction | WoMaster
CloudGate series product introduction | WoMasterCloudGate series product introduction | WoMaster
CloudGate series product introduction | WoMaster
 
WA211 Outdoor IEEE802.11a/n Wireless AP WoMaster
WA211 Outdoor IEEE802.11a/n Wireless AP WoMasterWA211 Outdoor IEEE802.11a/n Wireless AP WoMaster
WA211 Outdoor IEEE802.11a/n Wireless AP WoMaster
 
MP310 Industrial Railway 7+3G L2 Managed PoE switch with M12 connectors WoMaster
MP310 Industrial Railway 7+3G L2 Managed PoE switch with M12 connectors WoMasterMP310 Industrial Railway 7+3G L2 Managed PoE switch with M12 connectors WoMaster
MP310 Industrial Railway 7+3G L2 Managed PoE switch with M12 connectors WoMaster
 
DS310, DP310 Industrial 8+2G L2 Managed Ethernet / PoE Switch WoMaster
DS310, DP310 Industrial 8+2G L2 Managed Ethernet / PoE Switch WoMasterDS310, DP310 Industrial 8+2G L2 Managed Ethernet / PoE Switch WoMaster
DS310, DP310 Industrial 8+2G L2 Managed Ethernet / PoE Switch WoMaster
 
WoMaster DS306 Industrial 6-port Managed Ethernet switch
WoMaster DS306 Industrial 6-port Managed Ethernet switchWoMaster DS306 Industrial 6-port Managed Ethernet switch
WoMaster DS306 Industrial 6-port Managed Ethernet switch
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

The new era of Cyber Security IEC62443

  • 1. The New Era of Cyber Security IEC62443 Yohan / FAE Engineer White Paper
  • 2. 1. Background For these past few years, cyber security had found itself being tech talk at the center of international conversations. It was part of presidential debates, it determined elections, data breaches were front page news, it temporarily shut down major companies, and the world saw huge increases in both attacks and spending. Some of the biggest headline about cyber security in 2010 report that The Stuxnet Worm first emerged during the summer of 2010 and attack the Bushehr nuclear plant in Iran. 20% centrifuge broken, more than 45,000 network devices were infected. Stuxnet was a 500-kilobyte computer worm that infiltrated numerous computer systems. This worm was first detected in June by a security firm based in Belarus, but may have been circulating since 2009. Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons. Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware. Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens. Once hijacked, the code can reprogram so-called PLC (programmable logic control) software to give attached industrial machinery new instructions. Picture Source: Extreme Tech The other case is from Ukraine, which is attacked the power system that caused over 1.4 million people encountered power outage for 3 hours. In total, up to 73 MWh of electricity was not supplied (or 0.015% of daily electricity consumption in Ukraine). As we can see from several cases above, cyber-attacks should be a big concern in the IIoT industry.
  • 3. 2. Securing Industrial Network with Cyber Security IEC 62443 Standard As the Industrial IoT (IIoT) demand continues growing, the industrial networks are facing so many new challenges to be accessible over the public Internet. While it enhances operational efficiency, however, it brings more cyber security threats. The governments and enterprises are more concerned about the potential cyber security damages. The IEC 62443 Standard includes up-to-date security guidelines and a list of best practices for different parts of a network. It also includes information for those who perform different responsibilities on the network in order to protect against known security leaks and unknown attacks. The ultimate goal of the standard is to help improve the safety of networks and enhance industrial automation and control settings security. For the IEC 62443-4-1 standard, Product Development Requirements, it specifies process requirements for the secure development of products used in an IACS. It defines a secure development life-cycle for developing and maintaining secure products. This life-cycle includes training, security requirements definition, secure design, secure
  • 4. implementation, verification and validation, release, defect management and patch management. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The requirements apply to the developer and maintainer of a product, but not to the integrator or user of the product. In the last decade, implementing of Industrial Ethernet has become the most influential and transformative phenomenon which is now evolving to highly digitalize and data driven infrastructure, referred to as Industrial Internet of Things (IIoT). To address and resolve the growing threat for closed industrial networks to be accessed and influenced over the public Internet, WoMaster, as a trusted and highly experienced partner of industrial automation and system control integrators, developed and introduced to the market the innovative advanced Cyber Security solutions for industrial networks. With deploying WoMaster’s Industrial M2M solutions, the network is completely protected from currently existing threats on the following levels: Level 1 – accidental unauthenticated access Level 2 – the most common attack experienced by system integrators Level 3/4 - intentional access by hackers who utilize specific skills and tools From the viewpoint of cyber security experts, there are several major cyber security threats that can affect internal networks include unauthorized access, unsecured data transmission, unencrypted key data, incomplete event logs, and operational errors.
  • 5. 3. Facing New Cyber Risks with Industry 4.0 Today we stand at the beginning of the fourth industrial revolution. The most commonly used terms to describe this era, which is rapidly changing the industrial, are Industry 4.0, smart manufacturing, the Internet of Things, cyber-physical systems and digital transformation. Picture Source: Simio The world is evolving more rapidly than ever before. As the adoption of digital technologies continues to move at a fast pace, organizations are seeking to rapidly transform. Moreover, a new economic order is emerging, where established manufacturers have to deal with both large digital organizations and innovative start-ups both determined to build new revenue models. New technologies, new products and services and new business models can be disruptive. Based on this scenario, adopting Industry 4.0 principles becomes a necessity, and tomorrow’s leaders need to be prepared to embrace a different corporate structure.
  • 6. In fact, it’s estimated that companies all around the world will have implemented Industry 4.0 solutions in all important business divisions. Flexible, lean manufacturing delivered by the industrial Internet is predicted to increase productivity and resource efficiency by 18% in the next five years and reduce inventories and costs by some 2.6% annually. While the integration of systems that were once separate benefits manufacturers, it also carries risks- in particular to security. Processes that were once isolated are now vulnerable to cyber-attack, both directly and indirectly. Industry 4.0 is getting more impressive with Cloud technology. The adoption of Cloud technology offers central benefits to industrial enterprises: cost reduction, central data access for planning and control, speed, and much more. From the security side, encryption is hardly a new technology, but historically encrypted data was stored on servers which resided on premises over which the data owner had direct control. WoMaster is equipped with cloud technology and the best encryption method with AES 256 bit / 3DES 168bit / DES 64 bit encryption, so now we don’t need to worry about the data safety. The figure above shows how the data is secure when it is being sent from the laptop up to the cloud then send out to the mobile phone. How WoMaster secure the data, the data was encrypted before send to the cloud and still encrypted when it is being sent out to the end point. It can prevent any kind of attacks or hacker who tries to access our data.
  • 7. 4. The Defense in Depth Approach WoMaster product here has adapted Defense in Depth approach; where it is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to prevent an attack. Because there are so many potential attackers with such a wide variety of attack methods available, there is no single method for successfully protecting a computer network. Utilizing the strategy of defense in depth will reduce the risk of having a successful and likely very costly attack on a network. A well-designed strategy of this kind can also help system administrators and security personnel identify people who attempt to compromise a computer, server, proprietary network or ISP (Internet service provider). If a hacker gains access to a system, defense in depth minimizes the adverse impact and this situation gives administrators and engineers time to deploy new or updated countermeasures to prevent recurrence. Components of defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, DMZ, VPN Tunnel and many more. No single security measure can adequately protect a network; there are simply too many methods available to an attacker for this to work. Likewise, policies and procedures do not mean anything to an attacker from the outside but should be part of the plan to protect a network from insiders. Implementing a strategy of defense in depth will hopefully defeat or discourage all kinds of attackers. Firewalls, intrusion detection systems, well trained users, policies and procedures, switched networks, strong password and good physical security are examples of some of the things that go into an effective security plan. Each of these mechanisms by themselves are of little value but when implemented together become much more valuable as part of an overall security plan.
  • 8. 5. IEC62443-4-2 Level 2 Security (1) Secure Remote Access WoMaster provide the IPSec and OpenVPN feature to make sure the data transmission between LAN and WAN are secured and encrypted. For the IPSec and OpenVPN, WoMaster supports multiple networks, like a hybrid network, where the VPN connection can facilitate secure remote access from public to LAN with the secure authentication. So with this secure remote access, no one can access the remote site except the operator that pass through the authentication section. For example, network operators based at a central location need to be able to remotely access each data provider for both monitoring and control purposes. Network operators based in the central control room often have to use the Internet to gain access to the remote sites. The gateway that functions as a firewall and authenticator to the network must support VPN functionality. VPNs can filter IP packets that are sent through the virtual encrypted connection that connects the data provider at remote locations with the centralized control center. Networks that support remote access allows operators to save travel time, reduce costs, and also decrease the likelihood of system downtime occurring by making it easier to support predictive maintenance. Although there are multiple VPN technologies available, IPsec is the most widely used protocol. The reason why IPsec is the most frequently used protocol is because it sets up a secure channel over multiple networks that can be private, public, or a combination of private and public networks. IPsec supports secure authentication and data integrity, which are the two key requirements when transferring packets on industrial networks. Therefore, using IPsec guarantees that control and monitoring data is protected through its strong encryption methods.
  • 9. (2) IEEE802.1x MAB (MAC Authentication Bypass) MAB enables port-based access control by bypassing the MAC address authentication process to TACACS+/Radius Server. Prior to MAB, the endpoint's (ex. PLC) identity is unknown and all traffic is blocked. The switch examines a single packet to learn and authenticate the source MAC address. After MAB succeeds, the endpoint's identity is known and all traffic from that endpoint is allowed. The switch performs source MAC address filtering to help ensure that only the MAB-authenticated endpoint is allowed to send traffic. (3) Advanced Port Based Security In addition to MAB, the authentication can also be done by the pre-configured static or auto-learn MAC address table in the switch. • MAC address Auto Learning enables the switch to be programmed to learn (and to authorize) a preconfigured number of the first source MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into the Static MAC Address Table and remain there until explicitly removed by the user. • The port security is further enhanced by Sticky MAC setting. If Sticky MAC address is activated, the MACs/Devices authorized on the port 'sticks’ to the port and the switch will not allow them to move to a different port. • Port Shutdown Time allows users to specify for the time period to auto-shutdown the port, if a security violation event occurs.
  • 10. (4) Multi-Level User Passwords Different centralized authentication server is supported such as RADIUS and TACACS+. Using a central authentication server simplifies account administration, in particular when you have more than one switch in the network. Authentication Chain is also supported. An authentication chain is an ordered list of authentication methods to handle more advanced authentication scenarios. For example, you can create an authentication chain which first contacts a RADIUS server, and then looks in a local database if the RADIUS server does not respond. 6. IEC62443-4-2 Level 3/4 Security (1) DHCP Snooping DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. It performs the following activities: • Validates DHCP messages received from untrusted sources and filters out invalid messages. • Rate-limits DHCP traffic from trusted and untrusted sources.
  • 11. • Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses. • Utilize the DHCP snooping binding database to validate subsequent requests from untrusted hosts. DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. (2) Dynamic ARP Inspection (DAI) DAI validates the ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks. DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities: • Intercepts all ARP requests and responses on untrusted ports • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination • Drops invalid ARP packets DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.
  • 12. (3) IP Source Guard IP Source Guard is a feature to block layer 3 IP address spoofing and layer 2 MAC address on switches. This feature looks at the DHCP snooping table and drops packets that have addresses that spoofed. It provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports. Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address. (4) Denial of Service (DoS) / Distributed DoS (DDoS) Prevention
  • 13. A DoS attack is a malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. When this attempt derives from a single host of the network, it constitutes a DoS attack. On the other hand, it is also possible that a lot of malicious hosts coordinate to flood the victim with an abundance of attack packets, so that the attack takes place simultaneously from multiple points. This type of attack is called a Distributed DoS, or DDoS attack. To prevent DoS/DDoS attacks WoMaster provide several solutions: • Illegal address check (IPv4/IPv6) • Denial of Service detection/prevention • Land packets (SIP = DIP) • NullScan (TCP sequence number = 0, control bits = 0) • SYN with sPort < 1025 • Ping flood (flood of IPMC packets) prevention • SYN/SYN-ACK flooding prevention • Smurf attack prevention • Individual control over handing of DOS packet (5) IPv4/IPv6 Access Control List (ACL)
  • 14. Packet filtering limits network traffic and restrict network uses by certain users or devices. ACLs filter traffic as it passes through a switch and permits or denies packets crossing specified interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria specified in the access lists. WoMaster supports L2-L7 ACLs, parsing up to 128 bytes/packet and L2-L7 packet classification and filtering IPv4/IPv6 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP). For HMI monitoring/SCADA, it has the capability to do the deep packet inspection of Ethernet/IP and Modbus TCP, allowing read only packet and discarding the write packet 7. The Advatages of WoMaster’s Cyber Security WoMaster provides Software & Hardware(ASIC) integrated protection mechanism, which applies the latest Application-Specific Integrated Circuit (ASIC) secure technology (L2-L7 packet classification), multi-level authentication, secure data transmission, encrypted key data, complete event logs/traps, operational errors prevention, and even logs, and operational errors exceeds IEC62443-4-2 Level 2 requirements to build most secure systems for industrial applications.
  • 15. 8. Conclusion The cyber issues have been all time in around the world as well as information systems are around us. It is clear that the hacking or cybercrime is the offence at where simple bytes are going much faster than the bullet. Over the last decade, addressing and resolving the growing threat for closed industrial IoT networks to be accessed and influenced over the public Internet has become the main priority for industrial automation and system control integrators. From this point of view we can see that the existence of cyber security will be a major requirement in the current industrial IoT era. WoMaster currently has provided the best option for a complete protection of IIoT network according to IEC 62443-4-1 and IEC 62443-4-2. If you still want to know more, please contact us at help@womaster.eu About Womaster WoMaster Group is an international group based in Europe, with over 20 years of industrial market experience. We provide rugged products with customer oriented support for critical applications such as railway, power and utility, waste water, intelligent transportation and IP surveillance. The WoMaster brand’s name distinguishes our target markets as well as symbolizes the nature sources which enforced us to become Master brand for Industrial Data Communication Market.