Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols

Dateline City:
DALLAS

Hundreds of thousands of unsecured machine-to-machine deployments put global organizations at risk

DALLAS–(BUSINESS WIRE)–Trend
Micro Incorporated
(TYO:
4704
; TSE:
4704
), a global leader in cybersecurity solutions, today warned
organizations to revisit their operational technology (OT) security
after finding major design flaws and vulnerable implementations related
to two popular machine-to-machine (M2M) protocols, Message Queuing
Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

Language:
English

Contact:

Erin Johnson
817-522-7911
media_relations@trendmicro.com

Ticker Slug:
Ticker:
4704

Exchange:
TOKYO

ISIN:
JP3637300009

Ticker:
TMICY

Exchange:
NQB

read more

Related:

SEP 12.1 RU6 MP1 preventing SCADA application from launching

I need a solution

Hi, I’m new to Symantec support forums. Hoping someone out there can help me

I have SEP 12.1 RU6 MP1 installed on unit control panel HMI computer, the OS has been recently upgraded from WIndows XP SP3 tp WIndows 7 pro 64Bit

Since OS upgrade the unit control SCADA package software (Elutions Control Maestro) crashes when trying to launch the graphics files

After reading a number of exisitng posts for similar problems, I have tried to create exceptions to ignore the applications and associated folders with no success.

I have also tried to disable all functions within the Symantec software but still no luck, the only action which so far solved the problem was to fully uninstall

Symantec software (not ideal situation from cyber security perspective)

There seems to be a confilct with this specific combincation of SEP 12.1 RU6 MP1, WIndows 7 and the SCADA software

I also have an older HMI computer on site still running Windows XP SP3 which is not exhibiting any problems laucnhing the SCADA application

I would greatly appreciate any advice from other users

0

Related:

In-Band Network Telemetry: Next Frontier in Network Visualization with Analytics and Why Enterprise

In-Band Network Telemetry: Next Frontier in Network Visualization with Analytics and Why Enterprise Customer Care

By: Gautam Chanda, Global Product Line Manager DC Networking Analytics, HPE

Let’s first answer the important question: Why do we need Network Visualization and Analytics?

Data Center networks have become cloud scale and deployment of hyper-converged networks is increasing. Telecom networks will enable faster connectivity everywhere with higher bandwidth delivering 5G wireless services. All of these next-generation networks not only require much higher bandwidth, but they also require real-time telemetry to deliver services with good Quality of Experience (QoE).

A network with detailed real-time visibility enables better reliability and real-time control. Here are key reasons customers need Network Visualization and Analytics now even more than before:

  • Ability to Pinpoint Traffic Patterns for Dynamic Applications: Data centers now have increasingly complex network deployments with Network Virtualization & Overlay / Tunnel technologies; SDN/NFV; Silicon Programmability; Multi-tenancy; increased Applications volume; mobility; Hybrid cloud; Bare metal & Virtualized servers (VMs/Containers); Vswitch; NIC virtualization; Orchestration and the list goes on. This gives rise to increasingly complicated traffic patterns in the data center in which network operators would like to have greater visibility into those complex patterns to understand if their DC network infrastructure is performing optimally.
  • Security Challenges: More security concerns can arise in complicated IT scenarios, more strict regulatory compliances, and more cybersecurity attacks from both inside and outside data center are threats. Defense against Security Attacks and complex traffic patterns from both inside and outside of the data center are critical.
  • Intent-Based Network
  • Network Analytics (Visibility, Validation, Optimization & Upgrade, Troubleshooting, Policy Enforcement) is increasingly important for modern DC and Cloud deployments.

Old Network Management Tools such as SNMP is not up to the task in this very high speed networks as we move from 10G to 25G to 100G and beyond in a short order.

The figure below demonstrates very well the need for Network Visualization and Analytics:

INTBlogPhoto1.png

This bring us to In-Band Network Telemetry (INT).

Let’s pause for a minute:

  • Let’s assume you’re interested in the behaviour of your live user-data traffic.
    • What is the best source of information?
  • Well… probably the live user-data traffic itself.
    • Let’s add meta-data to all interesting live user-data traffic.

This is the essence of In-Band Network Telemetry.

The figure below contrasts traditional ways where in traditional network monitoring, an application polls the host CPU to gather aggregated telemetry every few seconds or minutes, which doesn’t scale well in next generation networks. In-Band Network Telemetry, however, enables packet level telemetry by having key details related to packet processing added to the data plane packets without consuming any host CPU resources:

Figure 2: Traditional vs New Way

INTBlogPhoto2.png

In-Band Network Telemetry (INT) is a sophisticated and flexible telemetry feature supported usually within the Network devices in HW. As explained above INT allows for the collection and reporting by the data plane on detailed latency, congestion, and network state information, without requiring intervention or work by the control plane. The INT enabled devices inserts this valuable metadata, which can then be extracted and interpreted later by a collector/Sink/Network Management SW such as HPE IMC, in-band without affecting network performance.

The INT will enable a number of very useful Customer Use Cases such as:

  • Network troubleshooting
    • When packets enter/exit networks
    • Which path was taken by individual flows associated with Specific Applications
    • How long packets spend at each hop
    • How long packets spend on each link
    • Which switches are seeing congestion?
    • Microburst detection
  • Real-time control or feedback loops:
    • Collector might use the INT data plane information to feed back control information to traffic sources, which could in turn use this information to make changes to traffic engineering or packet forwarding. (Explicit congestion notification schemes are an example of these types of feedback loops).
  • Network Event Detection:
    • If the collected path state indicates a condition that requires immediate attention or resolution (such as severe congestion or violation of certain dataplane invariances), the Collector could generate immediate actions to respond to the network events, forming a feedback control loop either in a centralized or a fully decentralized fashion (a la TCP).
  • List Goes On…..

The Figure below shows end to end INT Customer Use Case in a Data Center:

Figure 3: End To End INT

INTBlogPhoto3.png

In Figure 3 above shows how In-Band Network Telemetry is used to “Track in Real Time Path and Latency of Packets and Flows Associated with Specific Applications”:

  • Collect the physical path and hop latencies hop-by-hop for every packet.
  • Can be initiated /Transited / terminated by either a switch or a NIC (Network Interface Card) in a Host such as a Server.
  • INT metadata is encapsulated and exported to the collector (e.g. HPE IMC).

Use Cases

  • Case 1a: Real-time fault detection and isolation or alert: Congested/oversubscribed links and devices, imbalanced links (LAG, ECMP), loop.
  • Case 1b: Interactive analysis & troubleshooting: On-demand path visualization; Traffic matrix generation; Triage incidents of congestion.
  • Case 1c: Path Verification of bridging/routing, SLA, and configuration effects.
  • Enhanced visibility for all your Network traffic
  • Network provided telemetry data gathered and added to live data
    • Complement out-of-band OAM tools like SNMP, ping, and traceroute
    • Path / Service chain verification
  • Record the packet’s trip as meta-data within the packet
    • Record path and node (i/f, time, app-data) specific data hop-by-hop and end to end
    • Export telemetry data via Netflow/IPFIX/Kafka to Controller/Apps
  • In-band Network Telemetry can be implemented without forwarding performance degradation
  • Network ASIC vendors have started to add INT as a built in functions within their newest ASICs

HPE FlexFabric Network Analytics solution is leading the way towards this next frontier in Network Visualization and Analytics.

Related:

In-Band Network Telemetry: Next Frontier in Network Visualization and Analytics

In-Band Network Telemetry: Next Frontier in Network Visualization with Analytics and Why Enterprise Customer Care

By: Gautam Chanda, Global Product Line Manager DC Networking Analytics, HPE

Let’s first answer the important question: Why do we need Network Visualization and Analytics?

Data Center networks have become cloud scale and deployment of hyper-converged networks is increasing. Telecom networks will enable faster connectivity everywhere with higher bandwidth delivering 5G wireless services. All of these next-generation networks not only require much higher bandwidth, but they also require real-time telemetry to deliver services with good Quality of Experience (QoE).

A network with detailed real-time visibility enables better reliability and real-time control. Here are key reasons customers need Network Visualization and Analytics now even more than before:

  • Ability to Pinpoint Traffic Patterns for Dynamic Applications: Data centers now have increasingly complex network deployments with Network Virtualization & Overlay / Tunnel technologies; SDN/NFV; Silicon Programmability; Multi-tenancy; increased Applications volume; mobility; Hybrid cloud; Bare metal & Virtualized servers (VMs/Containers); Vswitch; NIC virtualization; Orchestration and the list goes on. This gives rise to increasingly complicated traffic patterns in the data center in which network operators would like to have greater visibility into those complex patterns to understand if their DC network infrastructure is performing optimally.
  • Security Challenges: More security concerns can arise in complicated IT scenarios, more strict regulatory compliances, and more cybersecurity attacks from both inside and outside data center are threats. Defense against Security Attacks and complex traffic patterns from both inside and outside of the data center are critical.
  • Intent-Based Network
  • Network Analytics (Visibility, Validation, Optimization & Upgrade, Troubleshooting, Policy Enforcement) is increasingly important for modern DC and Cloud deployments.

Old Network Management Tools such as SNMP is not up to the task in this very high speed networks as we move from 10G to 25G to 100G and beyond in a short order.

The figure below demonstrates very well the need for Network Visualization and Analytics:

INTBlogPhoto1.png

This bring us to In-Band Network Telemetry (INT).

Let’s pause for a minute:

  • Let’s assume you’re interested in the behaviour of your live user-data traffic.
    • What is the best source of information?
  • Well… probably the live user-data traffic itself.
    • Let’s add meta-data to all interesting live user-data traffic.

This is the essence of In-Band Network Telemetry.

The figure below contrasts traditional ways where in traditional network monitoring, an application polls the host CPU to gather aggregated telemetry every few seconds or minutes, which doesn’t scale well in next generation networks. In-Band Network Telemetry, however, enables packet level telemetry by having key details related to packet processing added to the data plane packets without consuming any host CPU resources:

Figure 2: Traditional vs New Way

INTBlogPhoto2.png

In-Band Network Telemetry (INT) is a sophisticated and flexible telemetry feature supported usually within the Network devices in HW. As explained above INT allows for the collection and reporting by the data plane on detailed latency, congestion, and network state information, without requiring intervention or work by the control plane. The INT enabled devices inserts this valuable metadata, which can then be extracted and interpreted later by a collector/Sink/Network Management SW such as HPE IMC, in-band without affecting network performance.

The INT will enable a number of very useful Customer Use Cases such as:

  • Network troubleshooting
    • When packets enter/exit networks
    • Which path was taken by individual flows associated with Specific Applications
    • How long packets spend at each hop
    • How long packets spend on each link
    • Which switches are seeing congestion?
    • Microburst detection
  • Real-time control or feedback loops:
    • Collector might use the INT data plane information to feed back control information to traffic sources, which could in turn use this information to make changes to traffic engineering or packet forwarding. (Explicit congestion notification schemes are an example of these types of feedback loops).
  • Network Event Detection:
    • If the collected path state indicates a condition that requires immediate attention or resolution (such as severe congestion or violation of certain dataplane invariances), the Collector could generate immediate actions to respond to the network events, forming a feedback control loop either in a centralized or a fully decentralized fashion (a la TCP).
  • List Goes On…..

The Figure below shows end to end INT Customer Use Case in a Data Center:

Figure 3: End To End INT

INTBlogPhoto3.png

In Figure 3 above shows how In-Band Network Telemetry is used to “Track in Real Time Path and Latency of Packets and Flows Associated with Specific Applications”:

  • Collect the physical path and hop latencies hop-by-hop for every packet.
  • Can be initiated /Transited / terminated by either a switch or a NIC (Network Interface Card) in a Host such as a Server.
  • INT metadata is encapsulated and exported to the collector (e.g. HPE IMC).

Use Cases

  • Case 1a: Real-time fault detection and isolation or alert: Congested/oversubscribed links and devices, imbalanced links (LAG, ECMP), loop.
  • Case 1b: Interactive analysis & troubleshooting: On-demand path visualization; Traffic matrix generation; Triage incidents of congestion.
  • Case 1c: Path Verification of bridging/routing, SLA, and configuration effects.
  • Enhanced visibility for all your Network traffic
  • Network provided telemetry data gathered and added to live data
    • Complement out-of-band OAM tools like SNMP, ping, and traceroute
    • Path / Service chain verification
  • Record the packet’s trip as meta-data within the packet
    • Record path and node (i/f, time, app-data) specific data hop-by-hop and end to end
    • Export telemetry data via Netflow/IPFIX/Kafka to Controller/Apps
  • In-band Network Telemetry can be implemented without forwarding performance degradation
  • Network ASIC vendors have started to add INT as a built in functions within their newest ASICs

HPE FlexFabric Network Analytics solution is leading the way towards this next frontier in Network Visualization and Analytics.

Related:

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo…

The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research. A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the …

Related:

End User Application

Hello. I am developing an application. The application will be used by the end user. The system works as follows: The room thermostat needs to be remotely controlled by the user. I created the sub-structure needed for this using IBM Watson Iot using mqtt. (eg: sending data via the mqtt protocol for the thermostat to communicate with the Android application is currently running.). (I implemented using the following documentation: https://console.bluemix.net/docs/services/IoT/getting-started.html#getting-started-with-iotp). However, how will I provide end user control? Users need to control the devices they add to the system. For this, users need to register with my system. Do you have solutions in this regard? Do you have end-user api documentation for this? I did some research but I did not see it.

Related: