SlideShare ist ein Scribd-Unternehmen logo

Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges

‱Als PPTX, PDF herunterladen‱
‱
Inductive Automation
Inductive Automation

The document provides an agenda and overview for an Ignition by Inductive Automation presentation. The agenda includes discussions on recent US cybersecurity advisories, results from the 2022 Pwn2Own hacking competition where Ignition was a target, new authentication challenges in Ignition, ending support for older Ignition versions, a security hardening guide, and a question and answer session. Details are then provided on the cybersecurity advisory, Pwn2Own competition results including vulnerabilities found in Ignition and the company's response, new authentication features, importance of upgrading before support ends, and an introduction to the security hardening guide.

Software
1 von 49
Presenters Kent Melville Sales Engineering Manager Inductive Automation Don Pearson Chief Strategy Officer Inductive Automation
Guest Presenter Joel Specht Lead Software Engineer Inductive Automation
Agenda ‱ US Govt. Cybersecurity Advisory ‱ Pwn2Own 2022 ‱ Authentication Challenge ‱ Ignition 7.9 Support Ending ‱ Security Hardening Guide ‱ Audience Q&A
Ignition by Inductive Automation
Cybersecurity Advisory In April, US government agencies issued a joint cybersecurity advisory about APT cyber tools targeting ICS/SCADA devices. ● The APT actors have developed custom-made tools for targeting ICS/SCADA devices that enable them to scan for, compromise, and control affected devices once they have established initial access to the OT network. ● These tools have a modular architecture and enable cyber actors to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters. https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Pwn2Own ● The Pwn2Own competition pits white-hat hackers against popular industrial control systems to reveal any vulnerabilities. ● Ignition was one of ten selected as targets in 2022. ● Events like Pwn2Own offer a safe way to test defenses and make improvements. ● Industrial systems are among the highest-value targets for malicious hackers, and unfortunately also among the most vulnerable.
Pwn2Own ● 32 total entries from 11 total contestants ● 6 entries targeted Ignition ● 4 Ignition entries demonstrated successfully ● 1 Ignition entry was a duplicate ● 1 Ignition entry failed to be demonstrated ● All 6 entries responsibly disclosed to IA ● 1 additional report was responsibly disclosed outside of the competition by researchers who did not participate this year ● 4 critical vulnerabilities were identified by IA and fixed immediately in 8.1.17 and 7.9.20
Pwn2Own ● In response to Pwn2Own 2022, we strongly recommend all Ignition users upgrade to Ignition 8.1.17 (or 7.9.20 for 7.9 users). ● Inductive Automation has prepared a response to the Pwn2Own results and will publish a detailed report next month. ● Thank you to the ZDI and security researchers
Authentication Challenge ● The Authentication Challenge allows an operator who is currently logged into a system to document supervisor approval without logging out. ● Beneficial for both security practices and 21 CFR Part 11 regulations. ● Made up of several features: ○ Perspective redirects operator to the IdP just like any other login. ○ Supervisor provides their user credentials on the IdP’s login page. ○ The IdP validates the credentials and redirects back to the session without logging the operator out of the session or IdP.
Ignition 7.9 Support is Ending ● After June 2022, Ignition 8.0 and newer will be the only supported versions of Ignition, with 8.1 being a Long Term Support (LTS) release. ● End-of-life versions of Ignition will no longer be supported by development or support teams. ● If you're using an older limited-support version of Ignition and want to continue receiving support, you should move to a newer LTS version before June 2022.
Ignition Security Hardening Guide
A Good Foundation Defense in Depth ● Instead of relying on single point of security, create layers of hardened security. ● Multiple layers requires a much more sophisticated hack to compromise a system. ● One Example is the Purdue Model (ANSI/ISA 95).
A Good Foundation Cybersecurity Framework ● It is an industry best practice to adhere to a formal cybersecurity framework to align security controls with organizational objectives. ● The Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is a great resource for recommendations and additional information.
Step 1: Secure the Gateway Step 1: Secure the Gateway ● Forcing secure communication with HTTPS using an SSL/TLS certificate is the first and most important step towards securing the Gateway. ● Secure Communication ○ SSL encrypts data sent over the HTTP protocol and Web Sockets for all traffic between the Designer, Vision Clients, and Perspective Sessions. ○ Helps to thwart security vulnerabilities known as “session hijacking” like man-in-the-middle attacks, cross-site scripting (XSS), and session sniffing.
Step 1: Secure the Gateway ● Terminology note: “Secure Sockets Layer,” (SSL) is the predecessor to the Transport Layer Security (TLS) protocol. SSL is deprecated as a technology. However, the term “SSL” is still widely used to refer to secure communication and “TLS.” For example, modern digital certificates supporting TLS are commonly referred to as “SSL certificates.”
Step 1: Secure the Gateway ● Enabling Secure Communication ○ You will need to obtain and install an SSL Certificate for Ignition. ○ It is highly recommended that you purchase an SSL certificate from a Certificate Authority (CA) or acquire a valid SSL certificate from your IT department if you intend to enable SSL. ● Force SSL Redirect ○ After SSL is enabled, all Clients, Designers, and web browsers are redirected to the SSL port if they try to use the standard HTTP port. ○ By default, the SSL port is 8043. You can change it to the standard SSL port 443.
Step 1: Secure the Gateway ● Renewing SSL Certificates ○ Most traditional SSL certificates have a cumbersome lifecycle that needs to be renewed often. ○ SSL certificate renewal process can be simplified and automated using the ACME (Automatic Certificate Management Environment) protocol. ○ Let’s Encrypt is a “free, automated, and open certificate authority (CA)” that uses an ACME server that handles SSL certificates. ○ Any domain administrator can spin up an ACME client that points to the Let’s Encrypt ACME server to obtain or renew SSL certificates.
Step 2: Locking the Gateway Step 2: Locking the Gateway ● The gateway web site is organized into three sections, Home, Status, and Configure. By default, the Configure and Status sections are protected by the “Authenticated/Roles/Administrator” security level. Gateway sections and Designer access can be protected with role based access control.
Step 3: Device, OPC, and MQTT Security Step 3: Device, OPC, and MQTT Security ● Traditional PLC native device communication protocols don’t support encryption, certificates, or authentication. ● Best practice is to poll these devices from as close on the network as possible and keep them on a separate private OT network. ● When data needs to be collected across a broader network, an Edge Gateway polling locally and publishing over a more secure protocol helps bridge the gap. ● Ignition can provide a layer of separation between the OT/private and the IT/public network to make tags available securely without exposing the devices behind the scenes.
Step 3: Device, OPC UA, and MQTT Security OPC UA Communication ● OPC UA provides built-in security at the server level or embedded directly on a device. ● Choose the SignAndEncrypt security mode to ensures all data sent over OPC UA is encrypted. ● OPC UA connections also support user authentication. ○ Use a strong password (don’t leave the default) ○ Change password periodically as defined by IT standards.
Step 3: Device, OPC UA, and MQTT Security MQTT Communication ● Data transferred between the Publisher and Broker, as well as between the Broker and Subscriber, should be sent over TLS/SSL. ● Username/Password Authentication ● MQTT also supports Access Control Lists (ACLs) which limit user access based on topic name space. ● Security measures should be implemented whether the broker is local or hosted in the cloud.
Step 4: Identity and Access Management Step 4: Identity and Access Management ● When securing an application you must consider both authentication and authorization. ● Authentication determines who is logging in ● Authorization determines their privileges.
Step 4: Identity and Access Management Authentication ● User Identification and Authentication ○ Ignition manages users through built-in IdPs but can also connect to third- party IdPs such as Okta and Duo via SAML or OpenID Connect. ● Ignition Identity Provider ○ Ignition IdP supports three main user sources: ■ Internal Authentication ■ Database Authentication ■ Active Directory Authentication ● Internal Authentication through Ignition Gateway ● Database Authentication uses external database to store data ○ Managing users is done via direct interaction with the database.
Step 4: Identity and Access Management ● Active Directory Authentication ○ Active Directory Authentication profile uses Microsoft's Active Directory over LDAP (Lightweight Directory Access Protocol) to store all the users, roles, and more that make up an Authentication profile. ○ Active Directory Groups are used for Ignition's roles and user-role mappings. ○ While using an Active Directory User Source, administration of users and roles is through Active Directory itself, and not manageable within Ignition and requires modifications be made from Active Directory. ● LDAP Protocol Security ○ To prevent snooping on authentication, encryption should be implemented.
Step 4: Identity and Access Management ● Badge Authentication ○ RFID authentication support for Ignition IdP allows you to associate badges with users. ○ With RFID enabled, users do not have to enter their username and password, and instead must have a physical badge in order to log in to the Session. ○ It is recommended that Badge Authentication Method is enabled and set to default and Badge Secret is also enabled, which will require the user to type in their password after scanning their badge.
Step 4: Identity and Access Management ● Third-Party Identity Provider ○ If your organization already has as IdP like OKTA or DUO then Ignition can also leverage those for Authentication. ○ Utilizing an external service allows you to utilize features that Ignition doesn’t support natively such as multi-factor options like push notifications or biometrics.
Step 4: Identity and Access Management General Authentication Suggestions ● User Accounts ○ A strong password policy should be defined including password length and complexity requirements. ○ Establish a password expiration schedule and quickly removing former user accounts. ○ Generic accounts should be avoided. ● Group Access and Disabling Auto-Login ○ Generic logins pose a security risk if Auto Login is enabled because any user that launches a project is granted basic access. ○ Auto Login should be disabled and each user should have their own unique credentials.
Step 4: Identity and Access Management Authorization ● Role-Based Security ○ Each user is granted privileges by assigning one or many roles. ○ Roles are customized during development and can be defined inside Ignition or mapped to Active Directory groups or an IdP’s attributes. ● Security Zones ○ Sometimes, in addition to knowing who the user is, it is important to know where they are sending a command from. ○ Security Zones define an area of the Gateway Network into manageable zones that can then have a security policy set on them.
Step 4: Identity and Access Management ● Security Levels ○ A user-set hierarchy that defines access permissions, or roles, inside a Perspective Session. ○ Provides a way to map user roles defined from an Identity Provider (IdP) to Ignition roles. ○ With security levels, roles can be defined in order to allow certain users more or less control of the Gateway.
Q&A
Step 5: Define Application Security Step 5: Define Application Security ● Ignition allows for security to be defined at any level from clients and projects down to individual tags. ● Vision Client Security ○ Security settings can be applied to individual windows or components. ○ Functionality and accessibility of the same project can change based on user assigned roles. ● Perspective Views Security ○ Allows more granularity of the security in a Perspective Session. ○ Operators can be granted access to the Session, but the user management View can be restricted to a higher level role. ● Component Scripting Security ○ Both Vision and Perspective contain role-based component scripting security. ○ Ensures that non-privileged users are not allowed to run potentially harmful scripts.
Step 5: Define Application Security ● Designer Security ○ Granting someone access to the designer is giving them access to a full development IDE with the ability to execute scripts at the permission level of the user running the Ignition Service. ○ By default, all users with Designer access can modify, delete, save, and publish all resources. Ignition has several built-in Designer restriction methods to limit what each user can do in the Designer.
Step 5: Define Application Security ● Tag Security ○ The best way to configure security for data access. ○ Tag security definitions apply for that tag across all windows and components that use the specified tag in the project. ○ You can add read/write security to individual tags through the Designer. ● Named Queries ○ All database interaction can be limited to defined queries on the Ignition Gateway, which may be called from clients based on the credentials of the user. ○ It is recommended to only use parameters to allow for dynamic database interaction while ensuring only relevant data is accessible. ○ Can be turned off to allow any SQL query to be run directly from an open client. While this can be powerful for adding flexibility to the platform, it also leaves the data potentially exposed.
Step 6: Set Up Audit Logging Step 6: Set Up Audit Logging ● Audit Profiles allow Ignition to record details about specific events that occurred. ○ By default, only tag writes, SQL UPDATE, SQL INSERT, and SQL DELETE statements are recorded, allowing you to keep track of which user wrote to which tag, or modified which table. ○ The time-stamp is also recorded, so you can easily track the changes, outline, and order of events. ● Once changes have been made to a tag or a database table, Ignition will begin recording.
Step 7: Protect the Database Step 7: Protect the Database ● It is not recommend to use a database owner account such as root or sa. ● A separate user account with limited privileges should be created for the database connection with the Ignition Gateway. ● Most modern databases support SSL encryption of the connection between Ignition and the database. ● SSL can be enabled on a different server by following information available for your database’s JDBC driver and internal security settings.
Step 8: Locking Down the Operating System (OS) Step 8: Locking Down the Operating System (OS) ● It is important to understand how Ignition fits within the operating environment. ● Ignition Privileged Users ○ Users who can modify projects in the Designer and in the Gateway, are able to write Python applications with all privileges granted to the Ignition process
Step 8: Locking Down the Operating System (OS) ● Ignition Process ○ Ignition is designed to run 24/7 with a persistent OS, trusted communication protocols, plus access to devices and databases. ○ The Ignition Process is executed by a user-specified service account on the gateway and is theoretically capable of all privileged OS actions and is implicitly trusted. ● Apply the Principle of Least Privilege ○ Do not user “root” or “domain admin” account as Ignition service account. ○ Minimize privileges of Ignition computer and service account on larger network. ○ Minimize Ignition permissions on external databases and systems. ■ API access is often safer than direct access. ○ Segment network with zones and accreditation boundaries.
Step 8: Locking Down the Operating System (OS) ● Removing Unnecessary Programs ○ Each program is a potential entry point for an attacker. ○ Removing unnecessary software and having a vetted list of allowed software can limit vulnerabilities. ○ Not all programs require administrative access and should be run using the minimum credentials required. ● Patches and Service Packs ○ To limit operating system vulnerabilities, keep up-to-date on OS patches and Service Packs. ● Remote Services ○ On Windows, Remote Registry and Windows Remote Management should be disabled. ○ On Linux and Mac OS, disable root for everything but ‘physical’ console.
Step 9: Hardening the Environment Step 9: Hardening the Environment ● Firewalls and Ports ○ Firewalls should be in place to restrict network traffic. ○ When starting a new Ignition project, close all ports and then only open those that are necessary and in use. ● As your architectures get more complex, it is also important to pay attention to which ports need to be open in which directions. you may also be able to restrict traffic through the firewall to specific servers.
Step 9: Hardening the Environment ● Redundant Servers ○ Firewalls must be set up on any redundant server to protect the redundancy system from external attacks. ○ The firewall on the main server should only accept incoming connections from the backup server IP address on the Gateway Network port (8060). ● DMZ Architecture ○ A “demilitarized zone” contains a subnetwork to accommodate exposed, outward connecting services. ○ Acts as a point of contact between the organization’s internal network and untrusted networks, such as the internet. ○ Extra layer of security to the local network.
Step 10: Keep Ignition Up-to-Date Step 10: Keep Ignition Up-to-Date ● Inductive Automation recognizes that software security requires constant effort and maintenance. ● Security updates are released periodically to ensure continued protection and keeping up-to-date with these updates is strongly recommended.
Ignition Security Hardening Guide https://inductiveautomation.com/resources/article/ignition-security-hardening-guide
International Distributors Australia iControls Pty Ltd. www.icontrols.com.au Brazil FG Automação Industrial www.fgltda.com.br Central America NV Tecnologías S.A. www.nvtecnologias.com France AXONE-iO www.axone-io.com Italy EFA Automazione S.p.A www.efa.it Norway Autic System AS www.autic.no South Africa Element8 https://element8.co.za/ Switzerland MPI Technologies https://mpi.ch/ Contact International Distribution Manager Annie Wise at: awise@inductiveautomation.com
Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges
Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges

Empfohlen

Top 10 Design & Security Tips to Elevate Your SCADA System
Top 10 Design & Security Tips to Elevate Your SCADA SystemTop 10 Design & Security Tips to Elevate Your SCADA System
Top 10 Design & Security Tips to Elevate Your SCADA SystemInductive Automation
 
Fixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationFixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationInductive Automation
 
Historic Opportunities: Discover the Power of Ignition's Historian
Historic Opportunities: Discover the Power of Ignition's HistorianHistoric Opportunities: Discover the Power of Ignition's Historian
Historic Opportunities: Discover the Power of Ignition's HistorianInductive Automation
 
Turn Any Panel PC Into an Ignition HMI
Turn Any Panel PC Into an Ignition HMITurn Any Panel PC Into an Ignition HMI
Turn Any Panel PC Into an Ignition HMIInductive Automation
 
The Art of Displaying Industrial Data
The Art of Displaying Industrial DataThe Art of Displaying Industrial Data
The Art of Displaying Industrial DataInductive Automation
 
5 Mobile-Responsive Layout Strategies
5 Mobile-Responsive Layout Strategies5 Mobile-Responsive Layout Strategies
5 Mobile-Responsive Layout StrategiesInductive Automation
 
Choosing a SCADA System for the IIoT Era
Choosing a SCADA System for the IIoT Era Choosing a SCADA System for the IIoT Era
Choosing a SCADA System for the IIoT Era Inductive Automation
 
Design Like a Pro: How to Pick the Right System Architecture
Design Like a Pro: How to Pick the Right System ArchitectureDesign Like a Pro: How to Pick the Right System Architecture
Design Like a Pro: How to Pick the Right System ArchitectureInductive Automation
 

Empfohlen

Top 10 Design & Security Tips to Elevate Your SCADA System
Top 10 Design & Security Tips to Elevate Your SCADA SystemTop 10 Design & Security Tips to Elevate Your SCADA System
Top 10 Design & Security Tips to Elevate Your SCADA SystemInductive Automation
 
Fixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationFixing SCADA: How Ignition Reduces Frustration
Fixing SCADA: How Ignition Reduces FrustrationInductive Automation
 
Historic Opportunities: Discover the Power of Ignition's Historian
Historic Opportunities: Discover the Power of Ignition's HistorianHistoric Opportunities: Discover the Power of Ignition's Historian
Historic Opportunities: Discover the Power of Ignition's HistorianInductive Automation
 
Turn Any Panel PC Into an Ignition HMI
Turn Any Panel PC Into an Ignition HMITurn Any Panel PC Into an Ignition HMI
Turn Any Panel PC Into an Ignition HMIInductive Automation
 
The Art of Displaying Industrial Data
The Art of Displaying Industrial DataThe Art of Displaying Industrial Data
The Art of Displaying Industrial DataInductive Automation
 
5 Mobile-Responsive Layout Strategies
5 Mobile-Responsive Layout Strategies5 Mobile-Responsive Layout Strategies
5 Mobile-Responsive Layout StrategiesInductive Automation
 
Choosing a SCADA System for the IIoT Era
Choosing a SCADA System for the IIoT Era Choosing a SCADA System for the IIoT Era
Choosing a SCADA System for the IIoT Era Inductive Automation
 
Design Like a Pro: How to Pick the Right System Architecture
Design Like a Pro: How to Pick the Right System ArchitectureDesign Like a Pro: How to Pick the Right System Architecture
Design Like a Pro: How to Pick the Right System ArchitectureInductive Automation
 
Common Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and SecurityCommon Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and SecurityInductive Automation
 
Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)Inductive Automation
 
How to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web ApplicationsHow to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web ApplicationsInductive Automation
 
Design Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning BasicsDesign Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning BasicsInductive Automation
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA SystemInductive Automation
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesInductive Automation
 
Zabbix for Monitoring
Zabbix for MonitoringZabbix for Monitoring
Zabbix for MonitoringGLC Networks
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORINGFanky Christian
 
Volkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT AspectsVolkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT AspectsIntland Software GmbH
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptorsWhat Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptorsBugRaptors
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
 
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡CODE BLUE
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioDevOpsDays Tel Aviv
 
Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT)Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT)Mithileysh Sathiyanarayanan
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...HostedbyConfluent
 
OpManager Technical Overview
OpManager Technical OverviewOpManager Technical Overview
OpManager Technical OverviewManageEngine, Zoho Corporation
 
State of application modernization 2022
State of application modernization 2022State of application modernization 2022
State of application modernization 2022Konveyor Community
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Common Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and SecurityCommon Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and SecurityInductive Automation
 
Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)Inductive Automation
 
How to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web ApplicationsHow to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web ApplicationsInductive Automation
 
Design Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning BasicsDesign Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning BasicsInductive Automation
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA SystemInductive Automation
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesInductive Automation
 
Zabbix for Monitoring
Zabbix for MonitoringZabbix for Monitoring
Zabbix for MonitoringGLC Networks
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORINGFanky Christian
 
Volkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT AspectsVolkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT AspectsIntland Software GmbH
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptorsWhat Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptorsBugRaptors
 
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡CODE BLUE
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioDevOpsDays Tel Aviv
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...HostedbyConfluent
 
State of application modernization 2022
State of application modernization 2022State of application modernization 2022
State of application modernization 2022Konveyor Community
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 

Was ist angesagt? (20)

Common Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and SecurityCommon Project Mistakes: Visualization, Alarms, and Security
Common Project Mistakes: Visualization, Alarms, and Security
 
Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)Common Project Mistakes (And How to Avoid Them)
Common Project Mistakes (And How to Avoid Them)
 
How to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web ApplicationsHow to Easily Build SCADA & HMI HTML5 Web Applications
How to Easily Build SCADA & HMI HTML5 Web Applications
 
Design Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning BasicsDesign Like a Pro: Machine Learning Basics
Design Like a Pro: Machine Learning Basics
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best Practices
 
Zabbix for Monitoring
Zabbix for MonitoringZabbix for Monitoring
Zabbix for Monitoring
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORING
 
Volkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT AspectsVolkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
Volkswagen | ECU Software Development with codeBeamer ALM: IT Aspects
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of Things
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptorsWhat Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
What Is IoT, IoT Testing And What Are Its Challenges | BugRaptors
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
[CB19] FileInsight-plugins: Decoding toolbox for malware analysis by èŹè°· æšąćŽ‡
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
 
Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT)Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT)
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
 
OpManager Technical Overview
OpManager Technical OverviewOpManager Technical Overview
OpManager Technical Overview
 
State of application modernization 2022
State of application modernization 2022State of application modernization 2022
State of application modernization 2022
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 

Ähnlich wie Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges

Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTTHiveMQ
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Mender.io
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCloudIDSummit
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationAVEVA
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesSherry Bailey
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Editor IJARCET
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Editor IJARCET
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.comNeriVanOtten1
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Remotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal NetworkRemotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal Networkijtsrd
 
An Overview of OPC UA Security
An Overview of OPC UA SecurityAn Overview of OPC UA Security
An Overview of OPC UA SecuritySadatulla Zishan
 

Ähnlich wie Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges (20)

Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTT
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open Standards
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay Examples
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 
CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.com
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Remotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal NetworkRemotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal Network
 
An Overview of OPC UA Security
An Overview of OPC UA SecurityAn Overview of OPC UA Security
An Overview of OPC UA Security
 
Intel_IoT_gateway.pdf
Intel_IoT_gateway.pdfIntel_IoT_gateway.pdf
Intel_IoT_gateway.pdf
 

Mehr von Inductive Automation

De-Risk Your Digital Transformation — And Reduce Time, Cost & Complexity
De-Risk Your Digital Transformation — And Reduce Time, Cost & ComplexityDe-Risk Your Digital Transformation — And Reduce Time, Cost & Complexity
De-Risk Your Digital Transformation — And Reduce Time, Cost & ComplexityInductive Automation
 
Overcoming Digital Transformation Pain Points
Overcoming Digital Transformation Pain PointsOvercoming Digital Transformation Pain Points
Overcoming Digital Transformation Pain PointsInductive Automation
 
How Ignition Eases SCADA Pain Points
How Ignition Eases SCADA Pain PointsHow Ignition Eases SCADA Pain Points
How Ignition Eases SCADA Pain PointsInductive Automation
 
New Ignition Features In Action
New Ignition Features In ActionNew Ignition Features In Action
New Ignition Features In ActionInductive Automation
 
Solving Data Problems to Accelerate Digital Transformation.pptx
Solving Data Problems to Accelerate Digital Transformation.pptxSolving Data Problems to Accelerate Digital Transformation.pptx
Solving Data Problems to Accelerate Digital Transformation.pptxInductive Automation
 
Bringing Digital Transformation Into Focus
Bringing Digital Transformation Into FocusBringing Digital Transformation Into Focus
Bringing Digital Transformation Into FocusInductive Automation
 
Integrators Explore the Road Ahead
Integrators Explore the Road AheadIntegrators Explore the Road Ahead
Integrators Explore the Road AheadInductive Automation
 
The Evolution of Industrial Visualization
The Evolution of Industrial VisualizationThe Evolution of Industrial Visualization
The Evolution of Industrial VisualizationInductive Automation
 
Unlocking Greater Efficiency: The Why and How of OEE Implementation
Unlocking Greater Efficiency: The Why and How of OEE ImplementationUnlocking Greater Efficiency: The Why and How of OEE Implementation
Unlocking Greater Efficiency: The Why and How of OEE ImplementationInductive Automation
 
Leveraging Ignition Quick Start to Rapidly Build Real Projects
Leveraging Ignition Quick Start to Rapidly Build Real ProjectsLeveraging Ignition Quick Start to Rapidly Build Real Projects
Leveraging Ignition Quick Start to Rapidly Build Real ProjectsInductive Automation
 
Design Like a Pro: Developing & Deploying Perspective Applications as HMIs
Design Like a Pro: Developing & Deploying Perspective Applications as HMIsDesign Like a Pro: Developing & Deploying Perspective Applications as HMIs
Design Like a Pro: Developing & Deploying Perspective Applications as HMIsInductive Automation
 
Integrator Discussion: Leading Through Innovation During COVID-19 and Beyond
Integrator Discussion: Leading Through Innovation During COVID-19 and BeyondIntegrator Discussion: Leading Through Innovation During COVID-19 and Beyond
Integrator Discussion: Leading Through Innovation During COVID-19 and BeyondInductive Automation
 
Ignition Community Live with Carl Gould & Colby Clegg
Ignition Community Live with Carl Gould & Colby CleggIgnition Community Live with Carl Gould & Colby Clegg
Ignition Community Live with Carl Gould & Colby CleggInductive Automation
 
Design Like a Pro: How to Best Plan Your Perspective Project
Design Like a Pro: How to Best Plan Your Perspective ProjectDesign Like a Pro: How to Best Plan Your Perspective Project
Design Like a Pro: How to Best Plan Your Perspective ProjectInductive Automation
 
Securely Monitor Critical Systems From Anywhere
Securely Monitor Critical Systems From AnywhereSecurely Monitor Critical Systems From Anywhere
Securely Monitor Critical Systems From AnywhereInductive Automation
 
Leveraging Ignition for Smart Manufacturing and Digital Transformation
Leveraging Ignition for Smart Manufacturing and Digital TransformationLeveraging Ignition for Smart Manufacturing and Digital Transformation
Leveraging Ignition for Smart Manufacturing and Digital TransformationInductive Automation
 
6 Simple Steps to Enterprise Digital Transformation
6 Simple Steps to Enterprise Digital Transformation6 Simple Steps to Enterprise Digital Transformation
6 Simple Steps to Enterprise Digital TransformationInductive Automation
 
Demystifying SAP Connectivity to Ignition
Demystifying SAP Connectivity to IgnitionDemystifying SAP Connectivity to Ignition
Demystifying SAP Connectivity to IgnitionInductive Automation
 
Pushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationPushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationInductive Automation
 

Mehr von Inductive Automation (20)

De-Risk Your Digital Transformation — And Reduce Time, Cost & Complexity
De-Risk Your Digital Transformation — And Reduce Time, Cost & ComplexityDe-Risk Your Digital Transformation — And Reduce Time, Cost & Complexity
De-Risk Your Digital Transformation — And Reduce Time, Cost & Complexity
 
Overcoming Digital Transformation Pain Points
Overcoming Digital Transformation Pain PointsOvercoming Digital Transformation Pain Points
Overcoming Digital Transformation Pain Points
 
How Ignition Eases SCADA Pain Points
How Ignition Eases SCADA Pain PointsHow Ignition Eases SCADA Pain Points
How Ignition Eases SCADA Pain Points
 
New Ignition Features In Action
New Ignition Features In ActionNew Ignition Features In Action
New Ignition Features In Action
 
Solving Data Problems to Accelerate Digital Transformation.pptx
Solving Data Problems to Accelerate Digital Transformation.pptxSolving Data Problems to Accelerate Digital Transformation.pptx
Solving Data Problems to Accelerate Digital Transformation.pptx
 
Bringing Digital Transformation Into Focus
Bringing Digital Transformation Into FocusBringing Digital Transformation Into Focus
Bringing Digital Transformation Into Focus
 
Integrators Explore the Road Ahead
Integrators Explore the Road AheadIntegrators Explore the Road Ahead
Integrators Explore the Road Ahead
 
First Steps to DevOps
First Steps to DevOpsFirst Steps to DevOps
First Steps to DevOps
 
The Evolution of Industrial Visualization
The Evolution of Industrial VisualizationThe Evolution of Industrial Visualization
The Evolution of Industrial Visualization
 
Unlocking Greater Efficiency: The Why and How of OEE Implementation
Unlocking Greater Efficiency: The Why and How of OEE ImplementationUnlocking Greater Efficiency: The Why and How of OEE Implementation
Unlocking Greater Efficiency: The Why and How of OEE Implementation
 
Leveraging Ignition Quick Start to Rapidly Build Real Projects
Leveraging Ignition Quick Start to Rapidly Build Real ProjectsLeveraging Ignition Quick Start to Rapidly Build Real Projects
Leveraging Ignition Quick Start to Rapidly Build Real Projects
 
Design Like a Pro: Developing & Deploying Perspective Applications as HMIs
Design Like a Pro: Developing & Deploying Perspective Applications as HMIsDesign Like a Pro: Developing & Deploying Perspective Applications as HMIs
Design Like a Pro: Developing & Deploying Perspective Applications as HMIs
 
Integrator Discussion: Leading Through Innovation During COVID-19 and Beyond
Integrator Discussion: Leading Through Innovation During COVID-19 and BeyondIntegrator Discussion: Leading Through Innovation During COVID-19 and Beyond
Integrator Discussion: Leading Through Innovation During COVID-19 and Beyond
 
Ignition Community Live with Carl Gould & Colby Clegg
Ignition Community Live with Carl Gould & Colby CleggIgnition Community Live with Carl Gould & Colby Clegg
Ignition Community Live with Carl Gould & Colby Clegg
 
Design Like a Pro: How to Best Plan Your Perspective Project
Design Like a Pro: How to Best Plan Your Perspective ProjectDesign Like a Pro: How to Best Plan Your Perspective Project
Design Like a Pro: How to Best Plan Your Perspective Project
 
Securely Monitor Critical Systems From Anywhere
Securely Monitor Critical Systems From AnywhereSecurely Monitor Critical Systems From Anywhere
Securely Monitor Critical Systems From Anywhere
 
Leveraging Ignition for Smart Manufacturing and Digital Transformation
Leveraging Ignition for Smart Manufacturing and Digital TransformationLeveraging Ignition for Smart Manufacturing and Digital Transformation
Leveraging Ignition for Smart Manufacturing and Digital Transformation
 
6 Simple Steps to Enterprise Digital Transformation
6 Simple Steps to Enterprise Digital Transformation6 Simple Steps to Enterprise Digital Transformation
6 Simple Steps to Enterprise Digital Transformation
 
Demystifying SAP Connectivity to Ignition
Demystifying SAP Connectivity to IgnitionDemystifying SAP Connectivity to Ignition
Demystifying SAP Connectivity to Ignition
 
Pushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationPushing the Boundaries of Data Visualization
Pushing the Boundaries of Data Visualization
 

KĂŒrzlich hochgeladen

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 

KĂŒrzlich hochgeladen (20)

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 

Presenters Discuss Cybersecurity Advisory, Pwn2Own Results, Authentication Challenges

  • 1.
  • 2. Presenters Kent Melville Sales Engineering Manager Inductive Automation Don Pearson Chief Strategy Officer Inductive Automation
  • 3. Guest Presenter Joel Specht Lead Software Engineer Inductive Automation
  • 4. Agenda ‱ US Govt. Cybersecurity Advisory ‱ Pwn2Own 2022 ‱ Authentication Challenge ‱ Ignition 7.9 Support Ending ‱ Security Hardening Guide ‱ Audience Q&A
  • 6. Cybersecurity Advisory In April, US government agencies issued a joint cybersecurity advisory about APT cyber tools targeting ICS/SCADA devices. ● The APT actors have developed custom-made tools for targeting ICS/SCADA devices that enable them to scan for, compromise, and control affected devices once they have established initial access to the OT network. ● These tools have a modular architecture and enable cyber actors to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters. https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
  • 7. Pwn2Own ● The Pwn2Own competition pits white-hat hackers against popular industrial control systems to reveal any vulnerabilities. ● Ignition was one of ten selected as targets in 2022. ● Events like Pwn2Own offer a safe way to test defenses and make improvements. ● Industrial systems are among the highest-value targets for malicious hackers, and unfortunately also among the most vulnerable.
  • 8. Pwn2Own ● 32 total entries from 11 total contestants ● 6 entries targeted Ignition ● 4 Ignition entries demonstrated successfully ● 1 Ignition entry was a duplicate ● 1 Ignition entry failed to be demonstrated ● All 6 entries responsibly disclosed to IA ● 1 additional report was responsibly disclosed outside of the competition by researchers who did not participate this year ● 4 critical vulnerabilities were identified by IA and fixed immediately in 8.1.17 and 7.9.20
  • 9. Pwn2Own ● In response to Pwn2Own 2022, we strongly recommend all Ignition users upgrade to Ignition 8.1.17 (or 7.9.20 for 7.9 users). ● Inductive Automation has prepared a response to the Pwn2Own results and will publish a detailed report next month. ● Thank you to the ZDI and security researchers
  • 10. Authentication Challenge ● The Authentication Challenge allows an operator who is currently logged into a system to document supervisor approval without logging out. ● Beneficial for both security practices and 21 CFR Part 11 regulations. ● Made up of several features: ○ Perspective redirects operator to the IdP just like any other login. ○ Supervisor provides their user credentials on the IdP’s login page. ○ The IdP validates the credentials and redirects back to the session without logging the operator out of the session or IdP.
  • 11. Ignition 7.9 Support is Ending ● After June 2022, Ignition 8.0 and newer will be the only supported versions of Ignition, with 8.1 being a Long Term Support (LTS) release. ● End-of-life versions of Ignition will no longer be supported by development or support teams. ● If you're using an older limited-support version of Ignition and want to continue receiving support, you should move to a newer LTS version before June 2022.
  • 13. A Good Foundation Defense in Depth ● Instead of relying on single point of security, create layers of hardened security. ● Multiple layers requires a much more sophisticated hack to compromise a system. ● One Example is the Purdue Model (ANSI/ISA 95).
  • 14. A Good Foundation Cybersecurity Framework ● It is an industry best practice to adhere to a formal cybersecurity framework to align security controls with organizational objectives. ● The Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is a great resource for recommendations and additional information.
  • 15. Step 1: Secure the Gateway Step 1: Secure the Gateway ● Forcing secure communication with HTTPS using an SSL/TLS certificate is the first and most important step towards securing the Gateway. ● Secure Communication ○ SSL encrypts data sent over the HTTP protocol and Web Sockets for all traffic between the Designer, Vision Clients, and Perspective Sessions. ○ Helps to thwart security vulnerabilities known as “session hijacking” like man-in-the-middle attacks, cross-site scripting (XSS), and session sniffing.
  • 16. Step 1: Secure the Gateway ● Terminology note: “Secure Sockets Layer,” (SSL) is the predecessor to the Transport Layer Security (TLS) protocol. SSL is deprecated as a technology. However, the term “SSL” is still widely used to refer to secure communication and “TLS.” For example, modern digital certificates supporting TLS are commonly referred to as “SSL certificates.”
  • 17. Step 1: Secure the Gateway ● Enabling Secure Communication ○ You will need to obtain and install an SSL Certificate for Ignition. ○ It is highly recommended that you purchase an SSL certificate from a Certificate Authority (CA) or acquire a valid SSL certificate from your IT department if you intend to enable SSL. ● Force SSL Redirect ○ After SSL is enabled, all Clients, Designers, and web browsers are redirected to the SSL port if they try to use the standard HTTP port. ○ By default, the SSL port is 8043. You can change it to the standard SSL port 443.
  • 18. Step 1: Secure the Gateway ● Renewing SSL Certificates ○ Most traditional SSL certificates have a cumbersome lifecycle that needs to be renewed often. ○ SSL certificate renewal process can be simplified and automated using the ACME (Automatic Certificate Management Environment) protocol. ○ Let’s Encrypt is a “free, automated, and open certificate authority (CA)” that uses an ACME server that handles SSL certificates. ○ Any domain administrator can spin up an ACME client that points to the Let’s Encrypt ACME server to obtain or renew SSL certificates.
  • 19. Step 2: Locking the Gateway Step 2: Locking the Gateway ● The gateway web site is organized into three sections, Home, Status, and Configure. By default, the Configure and Status sections are protected by the “Authenticated/Roles/Administrator” security level. Gateway sections and Designer access can be protected with role based access control.
  • 20. Step 3: Device, OPC, and MQTT Security Step 3: Device, OPC, and MQTT Security ● Traditional PLC native device communication protocols don’t support encryption, certificates, or authentication. ● Best practice is to poll these devices from as close on the network as possible and keep them on a separate private OT network. ● When data needs to be collected across a broader network, an Edge Gateway polling locally and publishing over a more secure protocol helps bridge the gap. ● Ignition can provide a layer of separation between the OT/private and the IT/public network to make tags available securely without exposing the devices behind the scenes.
  • 21. Step 3: Device, OPC UA, and MQTT Security OPC UA Communication ● OPC UA provides built-in security at the server level or embedded directly on a device. ● Choose the SignAndEncrypt security mode to ensures all data sent over OPC UA is encrypted. ● OPC UA connections also support user authentication. ○ Use a strong password (don’t leave the default) ○ Change password periodically as defined by IT standards.
  • 22. Step 3: Device, OPC UA, and MQTT Security MQTT Communication ● Data transferred between the Publisher and Broker, as well as between the Broker and Subscriber, should be sent over TLS/SSL. ● Username/Password Authentication ● MQTT also supports Access Control Lists (ACLs) which limit user access based on topic name space. ● Security measures should be implemented whether the broker is local or hosted in the cloud.
  • 23. Step 4: Identity and Access Management Step 4: Identity and Access Management ● When securing an application you must consider both authentication and authorization. ● Authentication determines who is logging in ● Authorization determines their privileges.
  • 24. Step 4: Identity and Access Management Authentication ● User Identification and Authentication ○ Ignition manages users through built-in IdPs but can also connect to third- party IdPs such as Okta and Duo via SAML or OpenID Connect. ● Ignition Identity Provider ○ Ignition IdP supports three main user sources: ■ Internal Authentication ■ Database Authentication ■ Active Directory Authentication ● Internal Authentication through Ignition Gateway ● Database Authentication uses external database to store data ○ Managing users is done via direct interaction with the database.
  • 25. Step 4: Identity and Access Management ● Active Directory Authentication ○ Active Directory Authentication profile uses Microsoft's Active Directory over LDAP (Lightweight Directory Access Protocol) to store all the users, roles, and more that make up an Authentication profile. ○ Active Directory Groups are used for Ignition's roles and user-role mappings. ○ While using an Active Directory User Source, administration of users and roles is through Active Directory itself, and not manageable within Ignition and requires modifications be made from Active Directory. ● LDAP Protocol Security ○ To prevent snooping on authentication, encryption should be implemented.
  • 26. Step 4: Identity and Access Management ● Badge Authentication ○ RFID authentication support for Ignition IdP allows you to associate badges with users. ○ With RFID enabled, users do not have to enter their username and password, and instead must have a physical badge in order to log in to the Session. ○ It is recommended that Badge Authentication Method is enabled and set to default and Badge Secret is also enabled, which will require the user to type in their password after scanning their badge.
  • 27. Step 4: Identity and Access Management ● Third-Party Identity Provider ○ If your organization already has as IdP like OKTA or DUO then Ignition can also leverage those for Authentication. ○ Utilizing an external service allows you to utilize features that Ignition doesn’t support natively such as multi-factor options like push notifications or biometrics.
  • 28. Step 4: Identity and Access Management General Authentication Suggestions ● User Accounts ○ A strong password policy should be defined including password length and complexity requirements. ○ Establish a password expiration schedule and quickly removing former user accounts. ○ Generic accounts should be avoided. ● Group Access and Disabling Auto-Login ○ Generic logins pose a security risk if Auto Login is enabled because any user that launches a project is granted basic access. ○ Auto Login should be disabled and each user should have their own unique credentials.
  • 29. Step 4: Identity and Access Management Authorization ● Role-Based Security ○ Each user is granted privileges by assigning one or many roles. ○ Roles are customized during development and can be defined inside Ignition or mapped to Active Directory groups or an IdP’s attributes. ● Security Zones ○ Sometimes, in addition to knowing who the user is, it is important to know where they are sending a command from. ○ Security Zones define an area of the Gateway Network into manageable zones that can then have a security policy set on them.
  • 30. Step 4: Identity and Access Management ● Security Levels ○ A user-set hierarchy that defines access permissions, or roles, inside a Perspective Session. ○ Provides a way to map user roles defined from an Identity Provider (IdP) to Ignition roles. ○ With security levels, roles can be defined in order to allow certain users more or less control of the Gateway.
  • 31. Q&A
  • 32. Step 5: Define Application Security Step 5: Define Application Security ● Ignition allows for security to be defined at any level from clients and projects down to individual tags. ● Vision Client Security ○ Security settings can be applied to individual windows or components. ○ Functionality and accessibility of the same project can change based on user assigned roles. ● Perspective Views Security ○ Allows more granularity of the security in a Perspective Session. ○ Operators can be granted access to the Session, but the user management View can be restricted to a higher level role. ● Component Scripting Security ○ Both Vision and Perspective contain role-based component scripting security. ○ Ensures that non-privileged users are not allowed to run potentially harmful scripts.
  • 33. Step 5: Define Application Security ● Designer Security ○ Granting someone access to the designer is giving them access to a full development IDE with the ability to execute scripts at the permission level of the user running the Ignition Service. ○ By default, all users with Designer access can modify, delete, save, and publish all resources. Ignition has several built-in Designer restriction methods to limit what each user can do in the Designer.
  • 34. Step 5: Define Application Security ● Tag Security ○ The best way to configure security for data access. ○ Tag security definitions apply for that tag across all windows and components that use the specified tag in the project. ○ You can add read/write security to individual tags through the Designer. ● Named Queries ○ All database interaction can be limited to defined queries on the Ignition Gateway, which may be called from clients based on the credentials of the user. ○ It is recommended to only use parameters to allow for dynamic database interaction while ensuring only relevant data is accessible. ○ Can be turned off to allow any SQL query to be run directly from an open client. While this can be powerful for adding flexibility to the platform, it also leaves the data potentially exposed.
  • 35. Step 6: Set Up Audit Logging Step 6: Set Up Audit Logging ● Audit Profiles allow Ignition to record details about specific events that occurred. ○ By default, only tag writes, SQL UPDATE, SQL INSERT, and SQL DELETE statements are recorded, allowing you to keep track of which user wrote to which tag, or modified which table. ○ The time-stamp is also recorded, so you can easily track the changes, outline, and order of events. ● Once changes have been made to a tag or a database table, Ignition will begin recording.
  • 36. Step 7: Protect the Database Step 7: Protect the Database ● It is not recommend to use a database owner account such as root or sa. ● A separate user account with limited privileges should be created for the database connection with the Ignition Gateway. ● Most modern databases support SSL encryption of the connection between Ignition and the database. ● SSL can be enabled on a different server by following information available for your database’s JDBC driver and internal security settings.
  • 37. Step 8: Locking Down the Operating System (OS) Step 8: Locking Down the Operating System (OS) ● It is important to understand how Ignition fits within the operating environment. ● Ignition Privileged Users ○ Users who can modify projects in the Designer and in the Gateway, are able to write Python applications with all privileges granted to the Ignition process
  • 38. Step 8: Locking Down the Operating System (OS) ● Ignition Process ○ Ignition is designed to run 24/7 with a persistent OS, trusted communication protocols, plus access to devices and databases. ○ The Ignition Process is executed by a user-specified service account on the gateway and is theoretically capable of all privileged OS actions and is implicitly trusted. ● Apply the Principle of Least Privilege ○ Do not user “root” or “domain admin” account as Ignition service account. ○ Minimize privileges of Ignition computer and service account on larger network. ○ Minimize Ignition permissions on external databases and systems. ■ API access is often safer than direct access. ○ Segment network with zones and accreditation boundaries.
  • 39. Step 8: Locking Down the Operating System (OS) ● Removing Unnecessary Programs ○ Each program is a potential entry point for an attacker. ○ Removing unnecessary software and having a vetted list of allowed software can limit vulnerabilities. ○ Not all programs require administrative access and should be run using the minimum credentials required. ● Patches and Service Packs ○ To limit operating system vulnerabilities, keep up-to-date on OS patches and Service Packs. ● Remote Services ○ On Windows, Remote Registry and Windows Remote Management should be disabled. ○ On Linux and Mac OS, disable root for everything but ‘physical’ console.
  • 40. Step 9: Hardening the Environment Step 9: Hardening the Environment ● Firewalls and Ports ○ Firewalls should be in place to restrict network traffic. ○ When starting a new Ignition project, close all ports and then only open those that are necessary and in use. ● As your architectures get more complex, it is also important to pay attention to which ports need to be open in which directions. you may also be able to restrict traffic through the firewall to specific servers.
  • 41. Step 9: Hardening the Environment ● Redundant Servers ○ Firewalls must be set up on any redundant server to protect the redundancy system from external attacks. ○ The firewall on the main server should only accept incoming connections from the backup server IP address on the Gateway Network port (8060). ● DMZ Architecture ○ A “demilitarized zone” contains a subnetwork to accommodate exposed, outward connecting services. ○ Acts as a point of contact between the organization’s internal network and untrusted networks, such as the internet. ○ Extra layer of security to the local network.
  • 42. Step 10: Keep Ignition Up-to-Date Step 10: Keep Ignition Up-to-Date ● Inductive Automation recognizes that software security requires constant effort and maintenance. ● Security updates are released periodically to ensure continued protection and keeping up-to-date with these updates is strongly recommended.
  • 43. Ignition Security Hardening Guide https://inductiveautomation.com/resources/article/ignition-security-hardening-guide
  • 44.
  • 45.
  • 46.
  • 47. International Distributors Australia iControls Pty Ltd. www.icontrols.com.au Brazil FG Automação Industrial www.fgltda.com.br Central America NV TecnologĂ­as S.A. www.nvtecnologias.com France AXONE-iO www.axone-io.com Italy EFA Automazione S.p.A www.efa.it Norway Autic System AS www.autic.no South Africa Element8 https://element8.co.za/ Switzerland MPI Technologies https://mpi.ch/ Contact International Distribution Manager Annie Wise at: awise@inductiveautomation.com