Joel Langill
Why SCADA Firewalls Need to be Stateful – Part 2 of 3
Posted by Joel Langill on Apr 25 2012In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security. In this article I will show you just how dangerously insecure these devices are.
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
Why SCADA Firewalls Need to be Stateful – Part 1 of 3
Posted by Joel Langill on Apr 11 2012Following on from Eric Byres’ discussion of Deep Packet Inspection (DPI), this article discusses a second and equally important aspect of effective firewall security referred to as “stateful inspection”.
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
A Truly Portable SCADA Security Simulator
Posted by Eric Byres on Sep 29 2011It has been almost 25 years since I first started working in the industrial network field and 15 years since I first focused on SCADA and ICS security. From the start, I have been amazed at how difficult it is to get people to see the whole picture.
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
Siemens Cyber Security Report Card (Part 2 of 2) (plus Presentation)
Posted by Eric Byres on Jul 07 2011This article continues our review of Siemens’ announcements and posture regarding cyber security as reflected at their Automation Summit last week. Part 1 of this post was published yesterday.
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
Siemens Cyber Security Report Card (Part 1 of 2) (plus Presentation)
Posted by Eric Byres on Jul 06 2011The Siemens Automation Summit was held last week and both Joel Langill and I attended it, presented at it, and engaged in social media commentary regarding it. This article will summarize our opinion of Siemens’ announcements and posture regarding cyber security as we reflected o
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
Protecting your ICS from Zero-Day Attacks (plus Video)
Posted by Joel Langill on May 02 2011Nowadays Stuxnet has become a household term the second anyone talks about cyber security for industrial control systems (ICS). This sophisticated piece of malware first identified in 2010, showed just how powerful an ICS compromise could be in terms of both the impact to manufacturing operations and the possibility of mechanical damage.
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities (plus White Paper)
Posted by Joel Langill on Mar 25 2011As mentioned in a blog article we wrote earlier this week, an Italian “Security Researcher” named Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products (the complete list of vulnerabilities and compa
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
More SCADA Security Threats: Where There’s Smoke, There’s Fire
Posted by Joel Langill on Mar 23 2011One of the unfortunate facts about security is that if you can find one vulnerability, you can usually find lots more. Vulnerabilities are not just bad luck – they are caused by a poor Software Security Assurance (SSA) process (or a complete lack of one).
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
The Many Paths of Stuxnet – How Robust are Today’s Best Practice Systems?
Posted by Eric Byres on Feb 22 2011Over the past four months, Joel Langill, Andrew Ginter and I have been working on a really cool research project. We have been investigating how Stuxnet would infect an industrial site protected by a “high security architecture.”
© Tofino Security 2013 | All Rights Reserved | Tofino Security is a Belden Brand
