Saturday, May 31, 2014

Detecting Cyber Intrusion in SCADA System

Detecting Cyber Intrusion in SCADA System
Detecting Cyber Intrusion in SCADA System

How to recognize intrusion?

Scada intrusion prevention
Scada intrusion prevention
One of the axioms of cyber security is that although it is extremely important to try to prevent intrusions into one’s systems and databases, it is essential that intrusions be detected if they do occur.
An intruder who gains control of a substation computer can modify the computer code or insert a new program. The new software can be programmed to quietly gather data (possibly including the log-on passwords of legitimate users) and send the data to the intruder at a later time.
It can be programmed to operate power system devices at some future time or upon the recognition of a future event. It can set up a mechanism (sometimes called a ‘‘backdoor’’) that will allow the intruder to easily gain access at a future time.
If no obvious damage was done at the time of the intrusion, it can be very difficult to detect that the software has been modified.
For example, if the goal of the intrusion was to gain unauthorized access to utility data, the fact that another party is reading confidential data may never be noticed. Even when the intrusion does result in damage (e.g., intentionally opening a circuit breaker on a critical circuit), it may not be at all obvious that the false operation was due to a security breach rather than some other failure (e.g., a voltage transient, a relay failure, or a software bug).
For these reasons, it is important to strive to detect intrusions when they occur. To this end, a number of IT security system manufacturers have developed intrusion detection systems (IDS).
These systems are designed to recognize intrusions based on a variety of factors, including primarily:
  1. Communications attempted from unauthorized or unusual addresses and
  2. An unusual pattern of activity.
They generate logs of suspicious events. The owners of the systems then have to inspect the logs manually and determine which represent true intrusions and which are false alarms.
Photo by Cryptango - securing industrial communications
Photo by Cryptango - securing industrial communications

Unfortunately, there is no easy definition of what kinds of activity should be classified as unusual and investigated further.To make the situation more difficult, hackers have learned to disguise their network probes so they do not arouse suspicion.
In addition, it should be recognized that there is as much a danger of having too many events flagged as suspicious as having too few.
Users will soon learn to ignore the output of an IDS that announces too many spurious events.
(There are outside organizations however that offer the service of studying the output of IDSs and reporting the results to the owner. They will also help the system owner to tune the parameters of the IDS and to incorporate stronger protective features in the network to be safeguarded.)
Making matters more difficult, most IDSs have been developed for corporate networks with publicly accessible internet services. More research is necessary to investigate what would constitute unusual activity in a SCADA=SA environment.
In general, SA and other control systems do not have logging functions to identify who is attempting to obtain access to these systems. Efforts are underway in the commercial arena and with the National Laboratories to develop intrusion detection capabilities for control systems.

Summary

In summary, the art of detecting intrusions into substation control and diagnostic systems is still in its infancy. Until dependable automatic tools are developed, system owners will have to place their major efforts in two areas:
  1. Preventing intrusions from occurring, and
  2. Recovering from them when they occur.

Thursday, May 29, 2014

CCP

Installing Cisco Configuration Professional (CCP)

The Cisco Configuration Professional (CCP) application is a GUI based management tool for the Integrated Service Routers (ISR); it takes the place of the former Security Device Manager (SDM) application that existed on previous iterations of the Cisco router product lines. It makes the configuration and troubleshooting of an ISR easier for those not familiar and/or comfortable with the Cisco IOS CLI.
Let’s install CCP using a Windows-based operating system and the following steps.
The first thing you must do is download a copy of CCP from the Cisco website (CCO login required). Make sure to download CCP and not CCP express; CCP express offers a limited set of options compared to CCP, and installs on the ISR device itself.

Installing CCP

As shown in Figure 1, the filename for CCP begins with cisco-config-pro-k9-pkg and a specific version number; as of this writing the most up to date version of CCP is 2.6 but this will obviously change over time.
Figure 1
cisco-config-pro-k9-pkg
Once you download CCP to the local machine, to begin installation just double-click or press enter while the file is selected. Once done, the installer will launch and eventually bring up a window that looks like Figure 2.
Simply click ‘Next’ to begin.
Figure 2
CCP wizard
The next window will prompt the EULA for CCP (Figure 3). Take a glance at it and click to accept the terms of the license.
Figure 3
CCP license agreement
The next window will bring up the installation location option (Figure 4). By default CCP installs in the ‘Cisco Systems’ folder under ‘Program Files’ (or Program Files (x86)); either use the default or click ‘change’ to change it to meet the specific requirements for the local machine and click ‘Next’.
Figure 4
CCP instal location
Once at the next window (shown in Figure 5) simply click the ‘Install’ button to begin installation.
Figure 5
Ready to install CCP
The installation will now progress, once it is complete the windows shown in Figure 6 will display; from this window select whether an icon for CCP should be installed on the desktop and click ‘Next’.
Figure 6
Install CCP shortcut
The installer will then run a quick check of the requirements to run CCP. Once this is done it will display the results as shown in Figure 7; make sure that these requirements are met before running CCP. Once the requirement results have been read, click ‘Next’.
Figure 7
CCP system check
And finally CCP installation is complete as shown in Figure 8. If all the requirements for the running of CCP are met, then it is now possible to run CCP directly from the installer by clicking the ‘Run Cisco Configuration Professional’ check box. Select the appropriate options and click ‘Finish’.
Figure 8
CCP install wizard complete

Getting started with Cisco CCP

Before going any further with the CCP GUI, the device being managed must be configured with a few commands from the Cisco IOS CLI.
Figure 9
  • router#configure terminal
  • router(config)#username username privilege 15 secret password
  • router(config)#ip http server (the insecure method)
  • router(config)#ip http secure-server (the secure method)
  • router(config)#ip http authentication local
  • router(config)#line vty 0 4
  • router(config-line)#login local
  • router(config-line)#transport input telnet (the insecure method)
  • router(config-line)#transport input telnet ssh (the insecure and insecure method)
  • router(config-line)#transport input ssh (the secure method)
If the device has already been configured at the CLI then CCP can launch immediately. During the first launch a Windows Security Alert may display asking if it should add an exception to the Windows firewall (Figure 10). Choose the appropriate options for your environment.
Figure 10
CCP security alert
As it’s launching, Java may prompt with a warning asking if the CCP application is allowed to run (Figure 11); click ‘Run’ to continue.
Figure 11
Run Java
Now the ‘Manage Community’ window will display as shown in Figure 12, it is at this point where the target devices to be managed are entered with their IP address/Hostname and Username/Password credentials. If the secure options were used when configuring the device’s initial configuration through the CLI then don’t select the ‘Connect Securely’ checkbox; if the secure options were used then select the ‘Connect Securely’ checkbox. When all the devices intended to be managed are entered click ‘OK’.
Figure 12
Manage Community window
The next step requires a discovery process. During this process, CCP will interrogate the devices and makes sure the device is accessible and supported. Select all the devices listed and click ‘Discover’.
Figure 13
CCP discovery process
If the secure methods were used a Security Certificate Alert will be prompt; this is because by default a self-signed certificate is created on the device and must be allowed by the local managing device (the computer running this installation).
Figure 14
Security certificate alert
Should there be a problem with the discovery process, you may see a ‘Discovery failed’ message. If this happens, check to make sure that all the required Cisco IOS CLI configuration steps. There is also a ‘Discovery Details’ button which you can click to check specific problems reported.
Figure 15
Discovery details
If all goes well a ‘Discovered’ status will be given. Once this occurs a specific device can be selected from the ‘Select Community Member’ in the upper Left of the window.
Figure 16
Select community member
Once a member is selected the Configure and Monitor options shown in the top left will also now be accessible. Figure 17 shows some of the menu options enabled when the Configure option is selected.
Figure 17
Configure and Monitor options
From this point the user is able to configure whatever options are supported by the device and the supported license package.

Not too complicated

The CCP installation is not overly complex and can be easily completed by even the most novice Windows and/or Cisco user. Hopefully this article’s walkthrough will make the process easier to follow and get CCP up and running so that your equipment runs as fast as possible.

Friday, March 28, 2014

Astrophysics

The Glassmaker Who Sparked Astrophysics

His curious discovery, 200 years ago, foresaw our expanding universe.

"Homo Minutus" Evolves as a Benchtop Human in Lab

"Homo Minutus" Evolves as a Benchtop Human in Lab
This is the ATHENA project logo. [Los Alamos National Laboratory]
  • Scientists report that they have taken a step closer to creating a “benchtop human” on which to carry out lab and toxicology tests. Homo minutus, as it is named, is not a real person but rather an interconnected human organ construct.
    The latest advance is the successful development and analysis of a constructed human liver that responds to toxic chemical exposure. John Wikswo, Ph.D., professor and director of the Vanderbilt Institute for Integrative Biosystems Research and Education (VIIBRE) at Vanderbilt University, presented the results at this week's Society of Toxicology meeting in Phoenix.
    Dr. Wikswo said the achievement is the first result from a five-year, $19 million multi-institutional effort led by himself and Rashi Iyer, Ph.D., senior scientist at Los Alamos National Laboratory (LANL). The project is developing four interconnected human organ constructs—liver, heart, lung and kidney—that are based on a miniaturized platform nicknamed ATHENA (Advanced Tissue-Engineered Human Ectypal Network Analyzer).
    The project is supported by the Defense Threat Reduction Agency. Similar programs to create smaller, so-called organs-on-chips are underway at the Defense Advanced Research Projects Agency and the National Institutes of Health.
    "The original impetus for this research comes from the problems we are having in developing new drugs," explained Dr. Wikswo. "A number of promising new drugs that looked good in conventional cell culture and animal trials have failed when they were tested in humans, many due to toxic effects. That represents more than $1 billion in effort down the drain. Our current process of testing first in cell lines on plastic and then in mice, rats, and other animals simply isn't working."
    Researchers and clinicians around the world have been working to develop more relevant and advanced laboratory tests for drug efficacy and toxicity: small bioreactors that can form human organ structures and are equipped with sensors to monitor organ health.
    Ultimately, the goal is to connect the individual organ modules chemically in a fashion that mimics the way the organs are connected in the body, via a blood surrogate. The ATHENA researchers hope that this homo minutus, with its ability to simulate the spatial and functional complexity of human organs, will prove to be a more accurate way of screening new drugs for potency and potential side-effects than current methods.

Philips outs first UHD TV powered by Android

Our home entertainment systems and mobile devices are all converging in more ways than one. While gadgets like the Google Chromecast aim to bring the mobile platform to TVs via an addon, Philips is taking Android and putting it right in the very heart of its 8000 series of smart TVs.

Smart TVs that run Android aren't actually that new, but Philips is advertising the 8800 series, particularly the 8809, to be the first one with an Ultra HD display. That's a resolution of 3840x2160 pixels, all crammed in a large 55-inch. Those who might not want something that much can also opt for the 8109 and 8209, both of which come with only a 1920x1080 resolution, in choices of 48 or 55 inches. You also get Philips' Ambilight technology, which projects colors behind and around the TV to match the display, the mood, or even your room.
Aside from the display, the highlight of these TV sets is, of course, Android. With access to the entire gamut of apps and services from Google Play, as well as Google Chrome browser, users will not run out of things to do or play. The quad-core CPU on the 8109 and 8209 and the hexa-core processor on the 8809 ensure a smooth gaming experience. Add to that Philips' own Smart TV ecosystem and you've got the makings of the ultimate entertainment appliance. But by themselve, the 8809 and its smaller siblings are Smart TVs in their own right, offering features such as gesture control, voice recognition, remote control via smartphones or tablets, screen mirroring, recording, and even dual channel display.
Philips has not yet revealed exact launch dates and pricing details for these TV sets powered by Android 4.2 Jelly Bean. The manufacturer will be initially targeting European and Russian markets by the second quarter of 2014. US availability has not yet been announced.

Wednesday, March 26, 2014

The Beginner’s Guide to Android: Android Architecture


Android Architecture: Android basicsIn our previous Android Tutorials, we have discussed quite a few concepts of Android development. However, while browsing through the articles, I discovered that we have not had a proper discussion about Android Architecture.
Because it is one of the most elementary concepts of Android development, I decided to back up a little, and take a quick walk through the Android Architecture.
If you wish to revise more basic concepts of Android, you can attend this free webinar.

Android Architecture: Layers in the Android Stack

The Android stack, as the folks over at Google call it, has a number of layers, and each layer groups together several programs. In this tutorial I’ll walk you through the various layers in Android stack and the functions they are responsible for.
Following are the different layers in the Android stack:
  • Linux Kernel Layer
  • Native Layer
  • Application Framework Layer
  • Applications layer

Kernel Layer

Android Architecture: Linux Kernel

At the bottom of the Android stack is the Linux Kernel
. It never really interacts with the users and developers, but is at the heart of the whole system. Its importance stems from the fact that it provides the following functions in the Android system:
  • Hardware Abstraction
  • Memory Management Programs
  • Security Settings
  • Power Management Software
  • Other Hardware Drivers (Drivers are programs that control hardware devices.)
  • Support for Shared Libraries
  • Network Stack
With the evolution of Android, the Linux kernels it runs on have evolved too.

Here is a Table highlighting the different Kernel versions.

Android architecture: evolution of Linux kernel versions
The Android system uses a binder framework for its Inter-Process Communication (IPC) mechanism. The binder framework was originally developed as OpenBinder and was used for IPC in BeOS.

Native Libraries Layer

Android architecture: Native Android libraries
The next layer in the Android architecture includes Android’s native libraries. Libraries carry a set of instructions to guide the device in handling different types of data. For instance, the playback and recording of various audio and video formats is guided by the Media Framework Library.

Open Source Libraries:

  • Surface Manager: composing windows on the screen
  • SGL: 2D Graphics
  • Open GL|ES: 3D Library
  • Media Framework: Supports playbacks and recording of various audio, video and picture formats.
  • Free Type: Font Rendering
  • WebKit: Browser Engine
  • libc (System C libraries)
  • SQLite
  • Open SSL
Located on the same level as the libraries layer, the Android runtime layer includes a set of core Java libraries as well. Android application programmers build their apps using the Java programming language. It also includes the Dalvik Virtual Machine.
Android architecture: Android runtime layer

What is Dalvik VM?

Dalvik is open-source software. Dan Bornstein, who named it after the fishing village of Dalvík in Eyjafjörður, Iceland, where some of his ancestors lived, originally wrote Dalvic VM. It is the software responsible for running apps on Android devices.
  • It is a Register based Virtual Machine.
  • It is optimized for low memory requirements.
  • It has been designed to allow multiple VM instances to run at once.
  • Relies on the underlying OS for process isolation, memory management and threading support.
  • Operates on DEX files.

Application Framework Layer

Applications framework layer
Our applications directly interact with these blocks of the Android architecture. These programs manage the basic functions of phone like resource management, voice call management etc.

Important blocks of Application Framework:

  • Activity Manager: Manages the activity life cycle of applications. To understand the Activity component in Android in detail 
  • Content Providers: Manage the data sharing between applications. Our Post on Content Provider component describes this in greater detail
  • Telephony Manager: Manages all voice calls. We use telephony manager if we want to access voice calls in our application.
  • Location Manager: Location management, using GPS or cell tower
  • Resource Manager: Manage the various types of resources we use in our Application

Application Layer

Applications layer: Android architecture
The applications are at the topmost layer of the Android stack. An average user of the Android device would mostly interact with this layer (for basic functions, such as making phone calls, accessing the Web browser etc.). The layers further down are accessed mostly by developers, programmers and the likes.
Several standard applications come installed with every device, such as:
  • SMS client app
  • Dialer
  • Web browser
  • Contact manager
We hope you are clear with the basic Android architecture now! If not, please feel free to ask our experts! Stay tuned for more advanced tutorials of Android.
Happy Learning!
(Following resources were used in creating this Android Tutorial: developer.android.com.

What Is Cloud Computing?


Cloud Computing

What is Cloud Computing?

We come across this term quite a few times, though may not clearly understand it. With its popularity, there are many myths attached to “What is cloud computing?”or “What does it consist of?” or “Is it worth going for?” To overcome your peculiarities with cloud computing, we have come up with this blog post to make the entire idea behind cloud computing clear to you!
According to Wikipedia, “Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet).”
To make it simple for you, Cloud computing is an internet based computing where various services such as storage, applications, servers, etc are delivered through internet. With the technique of cloud computing you can now store, access and process data and applications over the internet instead of your system’s hard drive.
Now we know ‘what is Cloud Computing’, we also need to know why cloud computing is known as “Cloud computing?” What relation does “cloud” have with a technology that offers remote services? Actually nothing! The name cloud is derived from the cloud shape that is universally used to depict internet in graphics.
 Cloud computing has 3 Service Models and 4 Deployment Models which are explained below!

3 Service models of Cloud Computing:

  1. Infrastructure-as-a-Service (IaaS)
  2. Platform-as-a-Service (PaaS)
  3. Software-as-a-Service (SaaS)

1.Infrastructure-as-a-Service (IaaS):

Also known as Hardware as a Service (HaaS), Infrastructure as a Service (IaaS) is a category of cloud computing in which an organization outsources the equipment used to support operations, including storage, servers hardware and networking components. The deal is like this – The service provider is the owner of the equipment and is responsible for configuring , running and maintaining it. The client, on the other hand, pays on a per-use basis. IaaS offers a standardized, dynamic, flexible and sometimes virtualized environment for the end users.
Characteristics of IaaS include:
  • Virtualization of Desktop
  • Internet availability
  • Use of billing model
  • Computerized administrative tasks
  • Utility computing service
  • Policy-based services
  • Active scaling
Some of the prominent industry names offering  IaaS are Amazon Web Services and AT&T.

2. Platform-as-a-Service (PaaS):

Platform as a Service (PaaS) is another service model of cloud computing that provides application execution services like application runtime, storage, and integration. PaaS follows a resourceful and responsive approach to operate scale-out applications and make these applications profitable. In this model the provider provides the servers, networks, storage and other services. On the other hand, the consumer controls software deployment and configuration settings.
Characteristics of PaaS include:
  • Facilitation of hosting capabilities
  • Designing and developing the application
  • Integrating web services and databases
  • Providing security, scalability and storage
  • Versioning the application and application instrumentation
  • Testing and deployment facilities
Some of the prominent industry names offering PaaS are Google App Engine and OpenStack.

3. Software-as-a-Service (SaaS):

As a cloud computing service model, Software as a Service (SaaS) provides business processes and applications, including CRM, e-mails, collaboration, and so on. SaaS helps in optimizing the cost and delivery in exchange of negligible customization and represents a shift of operational risks from the consumer to the provider. All infrastructure and IT operational functions are abstracted away from the consumer. SaaS is sometimes referred to as “on-demand software” and is usually priced on a pay-per-use basis. SaaS providers price applications using a subscription fee.
Characteristics of SaaS include:
  • The application is hosted centrally.
  • Outsourcing hardware and software support to the cloud provider.
  • Enhancing the potential of an organization to reduce its IT operational costs.
  • No need to install new software to release updates. Infact, any update can be executed by the cloud provider itself not the customers.
  • Software testing takes place at a faster rate as Saas applications have only one configuration.
  • Easy recognition of areas that need improvement as the solution provider has access to user behavior within the application itself.
Some of the prominent industry names offering SaaS are Salesforce and Microsoft Office 365.
To know more about “What is Cloud Computing”, the table below is showing a comparison among the 3 Cloud Computing Service Models:
comparison between cloud models

4 primary Cloud Computing Deployment models:

  1. The Private Cloud
  2. The Public Cloud
  3. The Hybrid Cloud
  4. The Community Cloud

1.The Private Cloud

In the private cloud, hosting is built and maintained for a specific client. The infrastructure required for hosting can either be on-premises or at a third-party location.Though private cloud is not a good option to optimize cost, however, it is a boon for two reasons:
1. It is great deployment model from security point of view! When organizations start using cloud computing, they face several challenges including data security. The private cloud takes care of this through secure-access VPN or by the physical location within the client’s firewall system. Thus, this model is best suited for mission-critical applications. There are many organizations that use virtual private cloud such as Amazon.
2. Secondly, private cloud is implemented by organizations where there is a strict requirement that data should obey the rules of various regulatory standards such as HIPAA, SOX, or SAS 70. Such standards make sure that the data is audited according to the protocols set. Thus, Private cloud models are well suited in healthcare and pharmaceutical industries.

2.The Public Cloud

As opposed to the Private cloud, in the Public cloud deployment model, services and infrastructure are offered to several clients free of charge or on the basis of a pay-per-user license policy. Even Google adopts public cloud model. This is a true cloud hosting which provides cost benefits by reducing IT operational costs substantially. This model is widely used in organizations that require to handle host SaaS applications, load spikes, utilize interim infrastructure for developing and testing and take care of applications which are used by several consumers to avoid heavy infrastructure investment.

3.The Hybrid Cloud

But what if organizations look for both data security and cost benefits? We also have the Hybrid cloud deployment model! This deployment model enables organizations to secure their data and applications on a private cloud and cut down on IT operational costs by storing the shared information on the public cloud.Another advantage of hybrid cloud is that this model comes into rescue when the present private cloud infrastructure unsuccessful in managing load spikes and requires back-up to support the load. Hence, using the hybrid cloud, the organizations can transfer workloads between public and private cloud hosting without any trouble to the consumers. Some examples of hybrid cloud are Force.com and Microsoft Azure.

4.The Community Cloud

This is another cloud deployment model, where the cloud infrastructure is shared by many organizations with the same policy and compliance considerations. Because this model is shared by a bigger group, this further enables in decreasing the IT operational costs in contrast to private cloud.
This cloud model is best suited for state-level government departments that need access to the same data and applications relating to the local population, roads, electrical stations, hospitals.
 Types of Cloud deployment models

Now let’s look into some of the other technologies associated with cloud computing:

Big data and Cloud Computing:
Big data is nothing but an assortment of such a huge and complex data that it becomes very tedious to capture, store, process, retrieve and analyze it with the help of on-hand database management tools or traditional data processing techniques. As Big Data is getting Bigger day by day, a synchronization of big data and cloud computing is inevitable. Infact, it is a perfect match! Web is fast replacing desktop applications, thus, there arises a need of cloud computing stepping up into the big data arena and providing unlimited resources when needed.

Hadoop and Cloud computing:

Hadoop is an open source software framework that supports data-intensive distributed applications and is considered a panacea for managing big data. Though originally Hadoop started supporting the large data driven companies like Facebook and LinkedIn, nowadays Hadoop has become more enterprise-driven and can be used in different industries at par! Though Hadoop works best on Windows and Linux, it can also work on other operating systems like BSD and OS X. Thus, Hadoop and Cloud computing are in great demand in several organizations. In no time, Hadoop will become one of the most required Apps for Cloud Computing. This is evident from the number of Hadoop clusters offered by cloud vendors in various businesses. Thus, Hadoop will reside in the cloud soon!
This further leads to an acute need for huge number of Hadoop professionals who can help big organizations manage Big Data!
 Hadoop and Cloud Computing

Why Cloud Computing is a boon for professionals today?

A great news for all aspiring IT professionals! In the world, where organizations are dealing with Big data every moment, Cloud Computing is a boon for them! Thus, today organizations and businesses are ready to invest in Cloud Computing Models because of their amazing results. Cloud computing is one of today’s hottest IT trends! In fact, all over the world, there is a severe shortage of cloud computing professionals. This,in turn means a great opportunity for those who have or are acquiring skill sets in cloud computing. For example, Oracle has a widespread set of cloud computing solutions. However,such intricate systems require very highly-skilled IT professionals to effectively develop, implement, administer and maintain them.Being an IT professional, do consider Cloud computing! You could be a software engineer, or a system engineer, or even a network administrator. There are numerous career opportunities in cloud computing!
Cloud Computing image