Ads 468x60px

Featured Posts

22 April 2019

Security on the Internet for teenagers

From time to time I have to give a speech about security, networking or technology. This week, my colleague Marco has scheduled a talk about “Security on the Internet for teenagers” where I’m going to speak about best practices and risks there are on the net. Actually, there are lots of things I can tell about Security on the Internet. I can speak about Social Networks, Privacy, Sexting, Cyber Bullying, Grooming, etc, etc.


Social Networks are well known by most teenagers. Most of them know WhatsApp, Snapchat, Pinterest or even Tik Tok. They know the benefits of using this kind of applications. We can be in touch with friends. We can share pictures. We can meet people with the same hobbies. There are lots of benefits. However, it’s important to highlight there are also risks we have to take into account. The severity of these risks can be very dangerous. From a fight to commit suicide. For this reason the use of social networks must be done carefully.

Privacy seems something boring. Most teenagers don’t mind the privacy. There are lots of letters to read. There are lots of sentences to understand. Nobody read them. However, privacy is not like stuff, which we can recover if someone else picks them up. I mean, if someone steal your bike, you can recover it but if someone steal your identity, your pictures or your information, you’ll never recover it.

Social Networks and Privacy are just two topics I’m going to speak in the talk but I will also speak about Sexting, Bullying, Grooming, etc where I’m going to play videos and ask lots of questions to teenagers. We’ll see the feedback of the audience. I hope this talk will be rewarding for the future of teenagers on the net.

We will see on the stage!! ;-)

15 April 2019

ISA-95 levels for Industrial Systems

One of the first certification exams I applied was the ITIL Foundation 8 years ago, where I learnt about IT Service Management (ITSM). Afterwards, I worked for Ariadnex to get ISO 20000, where I learnt more about IT Service Management. I also worked for Ariadnex to get ISO 27001, where I learnt a lot about Information Security. These last two years I’ve also been working with PCI-DSS and ISO 22301. I mean, I think reading standards and applying best practices is important, and much of the time, mandatory to do a good job.

Today, I want to write about a new standard I’m reading lately. It’s the ISA99 standard. I didn’t know this standard till four or five months ago when I started working on a new project. If you know the ISA99 standard, you’ll know I’m talking about an industrial project. Actually, the ISA99 committee has developed the ISA/IEC 62443 series of standards and, then, the ISA99 standard is no longer developed by the committee. What I would like to highlight today is the levels defined by the ISA95 and ISA88 standards.

ISA-95 levels

The first two levels, level 0 and level 1, of process control are focused on the control of equipments which execute the production processes. On the one hand, level 0 is the equipment and human resources which are required for the industrial process. Level 0 is a set of physical assets into the enterprise. On the other hand, automations-systems such as PLCs, DCSs or RTUs are in the level 1. These automations-systems work with the physical assets, which are in the level 0. The level 1 devices are electric and control devices.

PLC - Programmable Logic Controller

The next level, level 2, is very good defined by the ISA88 standard. HMI and SCADA systems are in this second level. HMI are operation monitors to control specific processes while SCADA systems are applications to control and monitor the whole industrial system. As a rule, a PLC is controlled by an HMI while lots of PLCs are monitored with an SCADA system. Therefore, the first interaction between the human being and the hardware is in the level 2.

SCADA - Supervisory Control And Data Acquisition

The next two levels, level 3 and level 4, are well defined by the ISA95 standard. We have the Batch, Historian and MES in the third level. The Batch is like an SCADA with databases for batch production. The Historian is a database where industrial data is store. The MES is the interface between the level 2 and level 4. Therefore, the level 4 is where the business intelligence is located. For instance, ERPs and CRMs are in the level 4.

MES - Manufacturing Execution System

Once all levels are defined, how can we protect an industrial enterprise? The bottom levels can be secured with an Intrusion Prevention System (IPS) with industrial signatures which block attacks against communication protocols (e.g. Modbus, PROFIBUS, Conitel, etc) while the up levels can be secured with Application Control and Web Filtering. In addition, I would like to highlight the importance to segment the network into zones.

FortiGate Rugged

Keep learning and keep studying my friends!! All comments are welcome.
Related Posts Plugin for WordPress, Blogger...

Entradas populares