HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
You must login to participate in this chat. Please login.

Had to finish last session after holiday.Thank you for archive!  Very informative (and scary) course.

@lynbr2(2:45:42). Agree. In my limited experience, management often looks at initial hardware and installation costs and gives less thought (and budget) to the future software and manpower required to maintain a network.

Iron

Thank you Clint and DK-CEC

Thanks CLinton, cimation vids were very useful too!

Thanks Clint, and thanks to all our attenddes for a great week.

Have a wonderful holiday season.

Blogger

You're welcome... and thank YOU

Blogger

Thank you for the answer Clint!  And thanks very much for all the presentations this week, it's been very informative.

Iron

@WherleyBird - That's a lot of overhead work only to provide reactionary "insurance". There are ways to achieve pretty good security on a tight budget.

Blogger

@dtucky - All things considered, DHCP vs. static IP, in terms of security trade-off is not that significant. It only prevents someone easily getting an IP once they are physically on your network and even with static IP assignment, the hacker can figure out a valid IP. It's just another "layer" of added security.

Blogger

every friday we backed-up entire DB on portable HDD and it left the building with somene until monday morning in case of an attack ... because we were a small company with no IT sec bugdet ...

@huntwork - block the IP addresses in question. (i.e. IP Black listing). Not much you can do legally do to the vast caveates with cyber security. Sometimes there is legal recourse but it's so difficult to achieve.

Blogger

Range of RFID sniffers depends on the power they are given. Higher powered sniffers can read from longer ranges. Yes they can read through clothing. Metel lined wallets and sleeves are recommended as a counter.

Blogger

RFID is at the doors of every depatment clothing store. They absolutely can see through layers of clothing put on in the try-out booth. There are specially lined bags that shoplifters use to hide the tags from the sniffers at the door.

Iron

No IT group, we used VIPRE, common sense and a 3rd prty contractor to protect our systems ... no real IT security or IT department ... needless to say we were vulnerable and got hit a few times since we didn't have any experts in IT Sec... thansk for the repsentation it was awesome!

This is a great question because DHCP vs. IP security have security trade-offs. DHCP might be easier to manage, but anyone can plug in and get an address. That being said, static IP addresses can be a nightmare to manage in larger orgs. It should not cost anything when using the RFC reserved addresses such as 10.x.x.x, 192.168.x.x, and 172.16.x.x.... those are inside IP addresses that are free to use internally

Blogger

?? Out of curiosity, if network logs (e.g. apache logs) record repeated access attempts by strange IP addresses, is there any action that can/should be taken or is this just "nice to know"?

Iron

dtucky asked: I heard you say that DHCP should be avoided in favor of fixed IP addresses (audio was cutting out a bit but that's what I think I heard).  In your experience, is this followed in practice today for devices on SCADA networks?  The limited feedback I hear in my job is that DHCP support in devices is desired, to help lower installation costs.  Do you see this as a significant security concern?

Blogger

Very informative. Thank you Glint.

Iron

Thanks great information Merry Christmas See all next year.

Iron

?? What is the effective range of RFID sniffers? Can they sniff through clothing?

Gold

Thanks Clint for a great presentation.

Iron

Mgmt usually looks at a Control System from the perspective of a BoM plus wiring & commissioning cost. Software, and especially secuiry software, doesn't fit into the schema neatly.

Iron

The landing page for Cimation University might be delayed. We are literally JUST rolling it out

Blogger

Thanks Clint, Rob.  Everyone have a great holiday.

Iron

Interesting presentaion.  Thanks Clint, DN and DigiKey.

Iron

Thank you Clint for a week of good knowledge about SCADA and network security.

Iron

Thanks, Clint, Rob, & Digikey.

Iron

Thank you & Merry Christmas

Iron

Thanks Clint, Rob and Design News for great presentation.

Iron

Thank you Clint & Rob

Iron

Sorry the last link to Cimation University don´t work properly to me

Iron

Thanks Clint, Rob and Design News. Will pick up the archived courses I missed..

Thanks Clint, Rob, & Digi-Key

Iron

Clint, thank you for the lecture series.

Thank you Rob, Design News and Digikey!

Iron

 

Thank you for the series

Iron

VERY interesting - thanks all for a great course!

Iron

Thank you for the series, Clint. Thank you Design News and Digi-Key.

Gold

Thanks alot Clint, great presentation

Iron

very informative, thanks!

Iron

There is no planning on budget for security, so causes a hit on Gross Margin

Iron

 

answer to question: Security has always been an extra duty without specific budgeted amounts

Iron

We're now on slide 19.

Blogger

My employers can barely afford updated workstations, so they say!

Iron

both budget and time contraints limit security

Iron

dollars are always tight everywhere... :(

Iron

I used at my previous job and still do on home PC the windows Event Viewer log information feature ... use it to View monitoring and troubleshooting messages from windows and other programs..

At the University, we have quite an extensive security group/budget

Iron

We're now on slide 18.

Blogger

Clint's question:

How many of you have noticed that security budget dollars are hard to come by or that it ends up become additional duties for already taxed staff?

Blogger

We're now on slide 17

Blogger

 

answer to question: never used SIEM packages

Iron

not familiar w/ SIEM, but sounds expensive

Iron

No experience on SIEM

Iron

no experience with SIEM technologies

Iron

No experience with SIM technologies yet.

Iron

We're now on slide 16.

Blogger

No experience with SIEM/IDS

Iron

Not had any experience with SIEM

Iron

Clint's question:

How many of you are familiar with SIEM technologies?

Blogger

 

answer to question: I usually only include the functions I need in the build

Iron

No experience with application whitelisting

Iron

No experience with AWL

Iron

No app whitelisting experience, yet, but am willing to learn!

Iron

No experience with application whitelisting, but have done ip whitelisting.

Iron

only just hear about AWL a month ago in embedded systems security course

White Listing only at home

Gold

I've heard of it but never dealt with it.

Iron

Clint's question:

 How many of you are familiar with AWL technologies?

Blogger

We're now on slide 15.

Blogger

 We're now on slide 14.

 

Blogger

anti-virus adds lots of processing overheads which can cause problems with real time control.

Iron

I heard you say that DHCP should be avoided in favor of fixed IP addresses (audio was cutting out a bit but that's what I think I heard).  In your experience, is this followed in practice today for devices on SCADA networks?  The limited feedback I hear in my job is that DHCP support in devices is desired, to help lower installation costs.  Do you see this as a significant security concern?

Iron

We"re now on slide 13.

Blogger

We're now on slide 12.

Blogger

We're now on slide 11.

Blogger

We're now on slide 10.

Blogger

We're now on slide 9.

Blogger

We're now on slide 8.

Blogger

We're now on slide 7.

Blogger

We're now on slide 6.

Blogger

"..not Arnold Schwarzenegger style.." WHY NOT!

nothing beyond installing patches

 

Iron

We're now on slide 5.

Blogger

Not much. but it is important...

Iron

my systems are not currently connected, and have a proprietary programming interface (no USB, no Windows, No Linux etc.) But I am looking forward to possible future connection strategies, and what is involved

Iron

I interned in my school's CIS dept doing Win upgrades and checking malware, etc.

Iron

Indirectly involved in patches to our products.

Iron

I had involved few times

Iron

 

answer to question: I have not been involved in mitigating a risk beyond the initial design stage

Iron

We're now on slide 4.

Blogger

Have not had involvement.

Iron

Only at home.  It's not specifically in my professional scope.

Iron

None so far directly. Have been involved in an issue in the past.

Iron

Hello from cold norcal

Iron

Clint's question:

How many of you have been involved in mitigating a security threat, risk or vulnerability?

Blogger

Have not been involved

Gold

We're now on slide 3.

Blogger

We're now on slide 2.

Blogger

Warm Houston says HI ! and Merry Chistmas to all!

Iron

Hello from Toronto, Ontario.

Iron

Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.

Hello from southwest Ohio

Iron

 

hello from Mishawaka

Iron

Good Morning from Sunny Valdez. 17 degrees and the sun's not up yet.

Goodnight from Valladolid, Spain, Europe

Iron

Hail from soggy Buffalo, NY (44 def F today, up to lower 50's Sunday)!

Iron

Hello from Montana. Sunny yesterday, light snow today.

Gold

Hello from Hudsons Hope Business.Click.

Iron

Good morning from Albuquerque.

Iron

Hello from Cedar Rapids, IA and Happy Holidays to all.

Iron

Greetings from sunny and seasonable West Point, PA.

Iron

Hello from Albuquerque.

Iron

Here is an an article about the lack of security on a particular SCADA device:

<http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars>

and here is a follow-up article:

<http://arstechnica.com/business/news/2012/04/backdoor-that-threated-power-stations-to-be-purged-from-control-system.ars>

Short version is that with the MAC address (which is shown when you telnet in) you can gain complete control of the system.

Iron

Hello from El Paso, TX

Iron

-The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.

Blogger

Greetings from Vermont

Iron

Okay.  I have the new slide deck now.  Thanks for the heads-up.

Iron

-Be sure to click 'Today's Slide Deck' under Special Educational Materials above right to download the PowerPoint for today's session.

Blogger
Hello everyone - We have recently uploaded a new version of today's PPT, so if you downloaded it prior to 9 AM Pacific/12 PM Eastern, please download the new version.
Blogger

Happy Friday from Minneapolis!

Iron

Good Morning and Merry Christmas

Iron

Hi from GA. Almost Christmas :)

Iron

Hi from Panama City FL.

Iron

TGIF Finally my home town is not the coldest in the state

and possibly North America.

Iron

Ok, I joined the LinkedIn group.

Iron

Happy Friday!  I have downloaded Today's Slide Deck from the link above under Special Educational Materials.

Iron

-Be sure to follow @designnews and @DigiKeyCEC on Twitter for the latest class information. We encourage you to tweet about today's class using the hashtag #CEC.

Blogger

-Please join our Digi-Key Continuing Education Center LinkedIn Group at http://linkd.in/yoNGeY

Blogger

Hello from Huntville, AL.  Great slides and information this week. Thanks and have a great Holiday Season to All.

Iron

Morning from  Portland Oregon

Iron

Getting slides. When you call for product support, remember the voice that says: "This call may be recorded for quality assurance?"  That's your attack vulnerability.  The worm enters the audio recording and the help desk is attacked.

Gold

XKCD has some excellent advise about passwords:

http://xkcd.com/936/

 



Partner Zone
Latest Analysis
The new draw-it-on-a-napkin is the CAD program. As CAD programs become more ubiquitous and easier to use, they have replaced 2D sketching for early concepting.
These free camps are designed for children ages 10 to 18. Attendees are introduced to 3D CAD software and shown how 3D printers can make their work a reality. Here we check out the stops in California and Utah.
A University of Chicago graduate has invented a compact elliptical trainer that lets people work out at their desk while they work.
Dean Kamen told an audience at MD&M East 2014 that FDA regulators aren't to blame for stalling innovation in the medical device industry. Hear what he had to say.
Battery maker LG Chem Power Inc. plans to offer a new cell chemistry that could serve as the foundation for an affordable electric car with a 200-mile driving range by 2017.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 4 - 8, Introduction to Linux Device Drivers
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: August 12 - 14
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service