PCS, 3G and mobile security. Terra Incognita?

At InfoSecurity 2012 conference held in Moscow these days, a large number of topical issues of the information security sphere were considered. Our company took part in it, becoming the organizer of one of the sections devoted to those areas of information security for which, for the most part, adequate protective measures have not yet been developed. First of all, it is the protection of automated process control systems, practical approaches to the audit of SCADA, the construction of Compliance Management processes for telecommunication networks and the latest mobile device vulnerabilities. Details of reports, and also slides of the presentations of our employees under a cat.

Safety of industrial control system. Welcome to the last century!

In industrial companies, the most valuable IT resources are SCADA and ERP systems. The first controls the production process, the second controls sales and allows you to manage business activity. Recently, there has been a tendency to unite these systems, since the integration of the automated process control system and ERP allows increasing the efficiency of management and transparency of business management. However, from the point of view of safety, the objects with the highest risks are the most valuable.


During the report, experts from Positive Technologies Evgeny Zaitsev and Roman Ilyin demonstrated the disastrous consequences of combining these two systems without taking security requirements into account in such projects. In addition, the results of the practical analysis of the security of SCADA systems and the automated process control systems of leading manufacturers built on their basis were presented.
')

From SS7 to IP - the evolution of network security

The evolution of communication networks in telecommunications companies has led to the emergence of the term "converged IP network." Such a network began to unite previously disparate network segments of operators into a single network with IP addressing. In this regard, information security threats associated with ordinary corporate networks are now relevant for specialized networks, including broadband networks, mobile and fixed networks.


In his presentation, Head of Positive Technologies Telecom, Konstantin Gurzov, spoke about the prospects for the development of information security in such networks.

Our company already provides new services, such as an audit and penetration test for the VoIP segment, adaptation and development of new information security standards in the framework of technical networks. At the moment, in particular, the first stage of the project on monitoring the protection of technical networks for VimpelCom OJSC is being completed.

Mobile devices + BYOD + critical data =?

Today we use smartphones and tablet computers for a variety of tasks - from watching movies to payments in the bank, from surfing the web to working with important corporate data. In fact, a mobile device is an office in your pocket, and the attitude towards its protection should be no less serious than the protection of office systems and applications. However, our experience shows that the development of mobile versions of platforms practically ignores the developments that have been gained in the field of security of traditional applications and web systems.


As part of the report, an expert at Positive Technologies Artyom Chaykin examined the current problems of mobile security, cited recommendations on the protection of mobile devices and applications. In addition, the audience was presented with a demonstration of real vulnerabilities in popular applications for mobile platforms, including the recently resolved Chrome security issues for Android.