Subscribe to CERTSI - Blog RSS

Blog

OWASP publishes the Top 10 – 2017 Web Application Security Risks

OWASP publishes the Top 10 – 2017 Web Application Security Risks

Posted on 12/13/2017, by Juan Delfín Peláez y Alejandro Díez
The Open Web Application Security Project (OWASP) has published the 10 most critical web application risks, 2017 edition, which points injection attacks as the greater security risk once again, as in the 2013 and 2010 editions.
The Knowledge of Industrial Security Staff

The Knowledge of Industrial Security Staff

Posted on 10/18/2017, by INCIBE
The industry is increasingly calling for experts in security, and the business world is not capable of meeting that demand due to the lack of trained professionals. This is not a problem that solely affects Spain; it also affects the whole of Europe and the U.S.A. But, what is it that is asked of industrial security experts?
SNMP, is it as simple as the name implies?

SNMP, is it as simple as the name implies?

Posted on 09/14/2017, by INCIBE
The Simple Network Management Protocol or SNMP, used in most industrial devices, went from an information exchange protocol related to device configuration to an actual configuration control protocol. Manufacturers add far too many functionalities for SNMP in their devices. These functionalities are often unknown by operators so they do not pay much attention to the hardening of this protocol.
Transparent firewalls, cristal bricks

Transparent firewalls, cristal bricks

Posted on 08/31/2017, by INCIBE
The architecture of our industrial control systems is not as static as it was some years ago. The adapting of new standards, or simply trying to improve the security of our industrial networks, creates the need to introduce one or various firewalls within our network. Thinking about having to change a network's architecture, the IP of our devices, tests, etc. when introducing a new firewall often leads to the bad decision to not install it. But, do we know about transparent firewalls and how they can be installed with almost no impact in our network? These solutions have advanced a lot in the industry and may be a true plus to our security.
PRP and HSR: Redundancy protocols

PRP and HSR: Redundancy protocols

Posted on 08/03/2017, by INCIBE
The evolution of industrial systems towards an almost complete automation entails new challenges in communications. New functionalities acquired by the process, such as the use of digital relays to manage emergency interruptions, are transmitted by the communications network and this cannot fail. Given this need for zero tolerance to any failure, the redundancy offered by the HSR and PRP protocols can be a key factor.
Robots and drones in the Industry 4.0

Robots and drones in the Industry 4.0

Posted on 07/20/2017, by INCIBE
Industry 4.0 integrates a large amount of devices used to provide the industrial processes with more intelligence. Among said devices we can find many different types of equipment such as drones or robots that perform specific tasks or tasks requiring precision. The use of these devices –quite well known nowadays– has certain implications for the security of control systems.

Pages