Cloud manufacturing has a tendency to expose the network in unexpected ways. Since the technology is largely untested and experimental, it can present a multitude of issues which need to be combated by an integrated set of security services. It is essential to use the firewall, anti-virus software, content filtering, and virtual private networks. All of these measures are required to protect the vulnerable network nodes from hacker attacks and possible intrusions. That is possible to achieve by utilizing the LAN gateway servers which allow the security managers to filter all the traffic going in and out of the network. Another common design is to create a buffer zone for the network which is used to store and transmit the data which is allowed to flow in and out of LAN. Such setup has the benefit of utilizing two firewalls one outer one with laxer security setting and the inner one which regulates the communications between the LAN users and the servers in the buffer zone, strictly limiting the traffic which is allowed through. This architecture fits poorly into the cloud system, since the elements of the LAN can often require access to vatious resources outside their network, and running too many traffic through the buffer can result in the connectivity issues.
Some other specialized solutions allow for the secure and efficient cloud operation. The specific network architecture offers an ability for the engineers to deploy all of these solutions as part of an integrated system while providing additional security. Security Overlay Network uses virtual architecture to run on-demand software on the third party physical servers. This arrangement allows the security engineers and managers to filter all the information flowing into the network by using a single gateway router. The virtual network conceals the actual architecture of the network. By using security overlay to cover the physical components of the cloud system, it is possible to integrate all of the necessary solutions efficiently. The system can protect communicators, producers, and human users alike. By using the unified protocols, all of the companies operating in the cloud can expect similar user behavior which will improve security. The architecture is also flexible which allows for quick adjustments and responses to new vulnerabilities. Overall, it can be concluded that the security overlay is one of the best possible solutions for the cloud manufacturers which can ensure security and adaptability that system requires (Salah et al. 53).
The core principle of smart manufacturing is “work in progress products, components and production machines will collect and share data in real time” (Shrouf, Ordieres and Miragliotta 698). That means that various systems within the manufacturing network should be able to gather, interpret, and analyze data eventually turning into useful information which can be used to manufacture the goods the customers need. That principle of customization and adaptability applies not only to the production process itself but also to the materials acquisition process and energy consumption optimization. The smart factory will optimize everything to get the best results with minimum resources by processing all of the related information to guide the workflow.
Smart factories are central to the Industry 4.0 framework since the principles of independent adaptability and optimization are the basis of that idea. Connectedness is one of the most important parts of the successful smart operation. All of the machines will be guided by the software infrastructure which will handle the data processing. Moreover, the software must also be able to transmit data to the network, to allow the smart programs to optimize and streamline the production process (Lee, Bagheri and Kao 23). By ensuring that the factory is internally connected, it is possible to achieve full autonomy. Maintaining the connectivity with the customers and suppliers is also important. The factory should be able to place customized orders for the necessary materials and receive the customer data to form the orders for the manufacturing machines. Without connectivity the Industry 4.0 model of smart production is impossible. That makes providing network security for such enterprises one of the top priorities in the future.
The vulnerabilities of the cloud manufacturing systems are similar to those of any other type of cloud network. The key difference is that a hacker has the potential to disrupt the work of the producer facilities causing more damage than in a conventional cloud. That makes securing the access to manufacturing software extremely important. The key vulnerabilities of the cloud manufacturing are account hijacking, traffic flooding, and side-channel attacks. Account hijacking can be performed through a multitude of means. In 2012, the owner of Cloudflare got his account stolen through the use of the fraudulent voicemail box. In that case, the access was promptly restored, but the hacker managed to use the admin privileges to reset user passwords and possibly steal personal data of the cloud service customers (Prince 1). In the case of the cloud manufacturing, such attacks can be even more devastating since the admin privileges can allow the intruder to shut down the production lines or disrupt the material acquisition process. That can lead to the loss of physical resources and failure to meet the production goals. This type of attack is especially dangerous for the cloud systems since they store huge amount of potentially valuable data which is used to run the manufacturing process.
Even if the intruder fails to gain access to the physical resources used by the network, viewing the order details can compromise the user confidentiality and lead to the leaks of crucial information. The intellectual property theft is another possibility. It is important to consider that the CAD files within the cloud have intrinsic value as original designs. They can be even more valuable than the personal info stored in the system. Traffic flooding is another threat especially dangerous to the cloud manufacturing systems. In 2011, a company named LastPass, which specializes in managing and storing passwords using the cloud, reported the unusual server behavior. More data was being transmitted by the servers, compared to the incoming traffic.
The company was capable of resolving the issue by changing the master passwords and ensuring the users took additional precautions. The corporate management reported that the attack was likely linked to an attempt to flood the company servers, causing them to go down and siphoning sensitive user data in the process (Barron, Yu and Zhan 4). This type of attacks can be extremely devastating to the cloud manufacturing systems. Since cloud systems are easy to access, it is possible for a hacker to create multiple accounts and flood the system with requests causing the servers to go down. The cloud manufacturing environment is highly integrated. Analytical software is linked to the production optimization software as well as the end-user interfaces. It means that without proper security precautions flooding attacks can bring down the whole manufacturing management system down by simply bombarding it with requests.
This type of attacks is mostly easily avoidable but can be so devastating to the smart factories that all potential vulnerabilities must be addressed during the pre-implementation risk assessment. The final threat is the side-channel attacks. This type of malicious activity is unique to the cloud manufacturing. It uses the resources of the cloud system itself to attack other users, disrupt the production process, and steal information. For example, one manufacturer who is using a similar production process to their competitor can reserve additional equipment to prevent the competing company from utilizing it (Wang et al. 4). In another example, the company can use the production schedule to determine certain qualities of the unreleased product by analyzing the machinery usage based on the requirements of various production technologies. If creating an opaque piece of glass requires ten more minutes than creating a transparent one, that knowledge available to all users can be used to gain a competitive advantage through a side-channel attack. This threat is unique, since the actions of the violator, while unethical, are completely legal. Eliminating this threat should be a part of the initial design process when creating a cloud-based manufacturing system. If the issue is not addressed during the setup, eliminating the possibility of the side-channel attacks later can be a task requiring a full overhaul of the end-user interface and order placement process.
Any smart factory can benefit from a secured LAN. Considering the potential damage hacker attacks can cause, it is crucial to ensure that the internal networking of the production facility is inaccessible to intruders. With a large variety of potential risks complemented by the fact that a cloud-based system is always more vulnerable makes LANs a preferable solution for the internal networking. Since the external applications present the hackers with more avenues for attack, filtering data and monitoring security are the crucial aspects of maintaining connectedness without compromising the necessary data exchange. For example, the system proposed by Babitha and Mathey allows the LAN administrator to control the data access by the cloud users (173). The project underlines the importance of the systems which control the data access within the cloud.
Without proper user access management, the smart factories risk compromising intellectual property and personal data of their customers. Such control programs require a secure network to be running properly. Otherwise, there exists a possibility of users accessing unauthorized data by exploiting the weakness of the IAM program by abusing the weaknesses of the local network. Secure LAN installations will allow the big factories to secure the personal data and prevent intrusions into the manufacturing process. Security Overlay Network also requires a secure LAN to run properly. If there are vulnerabilities inside the internal network, it is impossible to use the gateway router to effectively manage security (Salah et al. 54). It is also worth noting that many network vulnerabilities are connected to the human factor. Implementing a consistent and coherent set of security policies can minimize the risks. The secure and well-managed LAN ensures that the employees have less of a chance to compromise security. It also guarantees that it is impossible to gain the access to the production equipment from outside the network by using social engineering to target the factory personnel.
There are several obvious steps which need to be taken to ensure that the 3D-printed product is produced accurately, and its quality is satisfactory. Firstly, the compatibility of data protocols must be assured. The printer should be able to use the file format provided by the customer. Secondly, the quality of the model should be high to ensure that the process yields the required results. In fact, most of the modern CAD programs produce 3D modeling errors which need to be fixed before the printing process can begin. Ensuring that the model is properly processed beforehand is an important part of the production process. Other than that, it is crucial to select the proper printer and materials for the desired product. 3D printers are widely used in medicine, and the study of the bone grafts production shows that such factors as printing orientation and layer thickness can have a considerable effect on the resulting product (Farzadi et al. e108252). It can be deducted, that the quality and accuracy of the data used for the input plays a crucial role in determining the quality of the final product.
In the fields less demanding of the finesse than medical science, the data can be less detailed, but it is important to program the printer accordingly to receive proper results. For example, electing the appropriate support style and material can have a considerable effect both on the quality of the product and the amount of post-printing work needed to finalize the model (Lawrence par. 7). Ensuring the uninterrupted manufacturing process is also important since the power supply disruptions can lead to the mistakes during the production. Regular maintenance also plays a crucial role in the effective operation. Malfunctions, like filaments getting stuck, or the working area pollution with sand or dust particles can stop the production or negatively affect the accuracy of the final model. If the factory is utilizing the array of printers, it is also important to choose the right one for each order to use the available resources efficiently and provide the high-quality products. Different models have varying resolutions and ensuring that the model is printed out accurately is important. It is also crucial to divert less demanding models to lower resolution printer to ensure that the operation is running efficiently.
Architectures of the LAN
Cisco Packet Tracer is a network simulation program. It uses drag-and-drop interface which allows the user to easily add or remove devices from the simulated network. The working area can be used to place the objects within the network arranging them in a logical fashion. Various tools allow the user to draw connections between the elements of the network and display properties of each object. These properties can be modified to ensure compatibility and connectivity between the elements. The application is highly useful for designing complex networks and determining the most effective configurations.
Additionally, Packet Tracer allows multiple users to work together. It ensures that the teacher can work with students, or several students can work on the same project connecting their network together. Aside from the educational uses, the simulation can be utilized to plan the network and run the preliminary risk assessment. The program can simulate a wide range of Cisco routers and switches, as well as other devices. It allows users to visualize the data exchange within the network and simulate Ethernet and Wi-Fi connections. The interface is highly flexible and allows students to view full network information (Smith 6). That makes the program effective for the education as the resulting network can be analyzed extensively. Packet Tracer also allows the teachers to formulate the assignments for the students and work together with them to explain the subject and clarify certain points.
WANs have the advantage of easier connectivity by allowing the computer to interact directly with any other node in the network which can be in any part of the planet. However, for the business solutions utilizing direct WAN connections is less than advisable. WANs rely on the provider equipment and security software, which makes using them extremely dangerous. Even if the WAN is company-created, it is vulnerable by its nature since a large number of components and their interconnectedness presents a much larger number of opportunities for the attacker. WAN connections are easier to attack and tend to have higher latency. Using the LAN to connect the computers and equipment within the organization is advisable since LANs centralize the security management and provide the highest possible connectedness between the network nodes.
CAD file, like any other piece of information, is at a greater risk when transferred through the WAN. While in the local network the connections are limited and traffic is monitored, the WAN transmission can be intercepted at any of the servers the file goes through. Security in the wider network is harder to implement and requires a wide range of solutions on every direct connection to the network (Powell and Gallegos 2). In the LAN, the risks are lower since the security can be tightly managed and maintained in a centralized manner. However, the human factor is the common threat in any network and outgoing connections linking LANs and WANs can present an opportunity for hacker attacks. Implementing proper encryption protocols can allow the security specialist to mitigate that risks and prevent the intruders from siphoning valuable information. Partial encryption algorithms transmitting the encrypted data step by step can ensure high levels of protection (Cai et al. 259).
External attackers target the LAN from outside the network. They use various strategies to gain access to the internal resources through the router or server which is used to connect the network to the WAN. They can, for example, gain remote access to LAN security management by using social engineering to create the remote console which will allow them to change the security settings or plant spyware. They can also abuse the security oversights to join the VLAN used to manage the switches in the Ethernet network (Kiravuo, Sarela and Manner 1481). After becoming a part of the security network, it is easy to gain access to the user data including passwords and IP addresses. Tactics like flooding attacks can also be used to bring down the central server or switch. However, local networks are far more vulnerable to the internal attacks which are preformed from within the network. This type of attacks requires the intruder to have physical access to the element of the network. They can use various strategies to gain control over the LAN and steal data. A new element can be introduced to the network, for example, a computer which can be remotely accessed through the wireless connection.
After the device has access to the network, the hacker can utilize the software installed on the computer to interact with the network and compromise its inner security. Since the traffic within the network is generally not filtered, such attacks can be much more harmful than the external ones. Physically rebooting a switch within the network can be used to reset the passwords and gain access to it. This type of attack is easily traceable and risky for the intruder but can allow them to inject spyware into the network. If the violator manages to gain direct physical access to the central server or router, he can simply destroy it, bringing down the network. Alternatively, he can directly connect to it, creating a tap which can allow him to monitor the inner traffic of the network and potentially gain access to the full array of the security management tools. Wireless connections within the LAN make it considerably more vulnerable since they can potentially be accessed by third parties without trespassing on the company’s property. Wireless encryption protocols have been shown to be unreliable and can present a huge security threat. Utilizing wireless connections as a part of your local network is a risk, and an extensive assessment is required before such system can be implemented.
Nmap software is a tool which allows hackers and security testing specialists to penetrate networks by performing scans and finding vulnerabilities. The program is able to scan the target network to discover active IP addresses within it and then initiate the open port testing. The address resolution pings are used to determine the activity of the system elements. It is also possible to use ICMP echoes and DNS queries to avoid the traffic being blocked. If the network is utilizing a secure setup with both external and internal firewalls which provide double protection for the network members, Nmap is capable of creating a proxy node within the buffer zone of the network which is then used to ping the ports and gather the responses without being detected. The application is capable of using banner-grabbing and port response analysis to determine which service the port is being used for.
The program aggregates all of the data acquired into the visual topology of the network which can be used to scan for vulnerabilities, gather data on the internal network traffic or attempt brute force and denial-of-service attacks. The program comes with an integrated scripting tool which allows the user to design their own algorithms for the security checks and intrusions alike (Hutchens 12). The program can be used to compromise the security in a variety of ways. Firstly, the knowledge of the inner topology of the network can expose its weaknesses which can be used for future attacks. Secondly, the program can be used to execute denial-of-service attacks which have the potential to bring down the entire network by targeting specific nodes within the system. Finally, Nmap can be used to track the amount of traffic going through the network and deduce which services use it. That information, by itself, can expose valuable details about the workflow of the targeted company. Nmap is a versatile tool and can be used for penetration tests as well as for actual intrusions. It allows the hacker to get a complete map of the targeted network and execute attacks on the vulnerable parts of the system.
NetBios is the service used by the Windows OS to exchange data in the LAN. It uses TCP ports 139 and 445 to connect to the resources outside the computer, like file servers, printers, etc. Unfortunately, the protocol creates a critical vulnerability. The intruder may utilize various probing techniques to detect the active ports within the network. For example, the Nmap application, which I mentioned before, can be used. Once the hacker detects the activity of one of those ports, he can use footprinting techniques to gather the information about the user and the network. NetBios makes it extremely easy. That can be as simple as using the NBSTAT command to gather the information about the computer and the network.
Since NetBios does not conceal any information, the attacker will receive full data on the user’s computer, operating system, browser, connection type, and so on. With that information, it is possible to create the network topology and even connect to the target device, if the null responses are allowed. The hacker can also gain access to the carefully concealed inner IP addresses of the LAN (Olzac 2). Another possible method includes spoofing the network response. If the NetBios functionality is enabled, when the Internet Explorer query fails, it will be redirected to NetBios. The system is so insecure that it will send all of the credentials to the attacker if the user mistypes the network name. The hacker only needs to set up a copy of the page which the browser is trying to access and wait for somebody within the network to mistype the request. That will redirect the program to the hacker allowing him to acquire all of the user information (Zdrnja 1). Generally speaking, these attacks can be prevented by turning off various NetBios services especially null sessions. This approach does not guarantee the complete security, but some modern solutions allow the engineers to avoid using NetBios entirely eliminating the concern.
The networks are complicated systems which can be affected by the wide range of issues. The debugging process serves to detect and eliminate those issues. Since many network problems can affect the security, using the debugging tools can reveal many vulnerabilities and potential threats in the system. For example, some node might be susceptible to increased load and present a target for the denial-of-service attacks, or some PCs might not update the security policies correctly resulting in vulnerabilities. Most of the tools required to identify the network issues can be accessed through the Windows command line.
These include the ability to ping various devices, track active ports, and view specific IPs linked to the DNS servers. Diagnostic tools prebuilt into the routers and switches can also be used for troubleshooting. The survey shows that these methods are still the most widely used debugging tools (Zeng et al. 2). Currently, more complex and comprehensive solutions are required for the efficient network management and security issue analysis. One possible application is the program named SecGuru, which allows analyzing the policies across the network to ensure consistency. The tool can be used for the general survey of the network providing a complete set of data which can be used both for troubleshooting and improving security (Negi et al. 384). Such solutions can be used to improve any network.
VMWARE can be used in a variety of ways to improve network security. Firstly, the virtual machines allow for a safe and easily observable environment that can be used to study malware and test various intrusion methods. Similar systems can be used to educate the security specialists on the intrusion types and the telltale signs of the ongoing intrusion. Secondly, using virtualization allows the security specialists to implement innovative solutions for network monitoring and control. A good example is the Network Overlay system which utilizes a virtualized network to track and manage the data access within the physical network. One of the principle advantages of the virtual systems is their isolation.
The system runs in a simulated environment instead of the actual network allowing for additional security measures which can intercept and stop the attempted attacks. For example, lightweight virtual machines can be used on the mobile devices, which will make them more secure and prevent eavesdropping and intrusions through the poorly secured mobile channels (Lombardi and Di Pietro 246). Moreover, the malware requires specific configuration to escape the simulated environment. Currently, the level of isolation is not ideal. Hackers are able to break out the virtual machines and allow them to interface with the actual network. However, the study shows that VMWARE has a positive effect on the information security (Li et al. 8).
Works Cited
Babitha, Pallaty and Ravi Mathey. “Measurable, Safe and Secure Data Management for Sensitive Users in Cloud Computing.” International Journal of Research in Engineering and Technology 3.9 (2015): 171-174. Print.
Barron, Chimere, Huiming Yu, and Justin Zhan. “Cloud Computing Security Case Studies and Research.” Proceedings of the World Congress on Engineering 2 (2013): 1-5. Print.
Cai, X.T., F.Z. Hea, W.D. Lib, X.X. Lib, and Y.Q. Wua. “Encryption Based Partial Sharing Of CAD Models”. ICA 22.3 (2015): 243-260. Print.
Farzadi, Arghavan, Mehran Solati-Hashjin, Mitra Asadi-Eydivand, and Abu Osman. “Effect Of Layer Thickness And Printing Orientation On Mechanical Properties And Dimensional Accuracy Of 3D Printed Porous Samples For Bone Tissue Engineering”. PLoS ONE 9.9 (2014): e108252. Print.
Hutchens, Justin. Nmap: a “Hacker Tool” for Security Professionals, 2014. Web.
Kiravuo, Timo, Mikko Sarela, and Jukka Manner. “A Survey of Ethernet LAN Security.” IEEE Communications Surveys and Tutorials 15.3 (2013): 1477- 1491. Print.
Lawrence, Jon. 3D Printing Material and Support Build Options, 2015. Web.
Lee, Jay, Behrad Bagheri, and Hung-An Kao. “A Cyber-Physical Systems Architecture For Industry 4.0-Based Manufacturing Systems”. Manufacturing Letters 3 (2015): 18-23. Print.
Li, Shing-Han David C. Yen, Shih-Chih Chen, Patrick S. Chen,Wen-Hui Lu, and Chien-Chuan Cho. “Effects Of Virtualization On Information Security”. Computer Standards & Interfaces 42 (2015): 1-8. Print.
Lombardi, Flavio and Roberto Di Pietro. Virtualization and Cloud Security: Benefits, Caveats, and Future Developments, 2014. Web. 07 May 2016.
Negi, Vivek, Himanshu Verma, Ipsita Singh, Aditya Vikram, Kanika Malik, Archana Singh, and Gaurav Verma. “Network Security In Embedded System Using TLS”. IJSIA 10.2 (2016): 375-384. Print.
Olzac, Tom. The problem with NetBIOS, 2007. Web.
Powell, Steven and Frederick Gallegos. Strategies for Securing Wide Area Networks, n.d. Web.
Prince, Matthew. The Four Critical Security Flaws that Resulted in Last Friday’s Hack, 2012. Web.
Salah, Khaled, Jose M. Alcaraz Calero, Sherali Zeadally, Sameera Al-Mulla and Mohammed Alzaabi. Using Cloud Computing to Implement a Security Overlay Network, 2013. Web.
Shrouf, F., J. Ordieres, and G. Miragliotta. “Smart Factories In Industry 4.0: A Review Of The Concept And Of Energy Management Approached In Production Based On The Internet Of Things Paradigm”. 2014 IEEE International Conference on Industrial Engineering and Engineering Management (2014): 697-701. Print.
Smith, Andrew. “Development Of A Simulated Internet For Education”. Research in Learning Technology 19.1 (2012): n. pag. Print.
Wang, Weichao, Yu Wang, Wesley Williams, and Aidan Browne. Secure Cloud Manufacturing: Research Challenges and a Case Study, 2015. Web.
Zdrnja, Bojan. Is it time to get rid of NetBIOS? 2012. Web.
Zeng, Hongyi, Peyman Kazemian, George Varghese, Nick McKeown. A Survey on Network Troubleshooting, 2012. Web.