China
Africa
Explore chapters and articles related to this topic
Network Security for EIS and ECS Systems
Published in Barney L. Capehart, Timothy Middelkoop, Paul J. Allen, David C. Green, Handbook of Web Based Energy Information and Control Systems, 2020
Address resolution protocol (ARP) is the communications protocol through which the network determines what transmissions should go to which computers. When a computer is logged onto a network, it receives an internet protocol (IP) address, which will serve as its address on the network, and all transmissions to or from that computer will be routed using that address. Each computer’s network card has its own unique media access control (MAC) address, which serves as a physical address of the computer. The address resolution protocol maintains a table of IP-MAC address relationships called the ARP cache. ARP spoofing involves altering the ARP cache so that communications on the network are routed to a machine that the attacker chooses.
Digital Transformation and the Cybersecurity of Infrastructure Systems in the Oil And Gas Sector
Published in Edward Ochieng, Tarila Zuofa, Sulafa Badi, Routledge Handbook of Planning and Management of Global Strategic Infrastructure Projects, 2020
Since the oil and gas sector has embraced automation and network connectivity, it is becoming more reliant on cloud services technology. Automation is utilised in monitoring the crucial functions that measure the onsite equipment pressure, temperature, chemical reactions, and oil leaks (Drias et al., 2015). The safety and instrument systems (SIS) emergency system termination is also dynamically monitored and controlled remotely. However, such systems experience considerable threats of compromise by attackers. For example, in man-in-the-middle (MITM) attacks an attacker positions themself between two parties’ conversation channels and obtains sensitive information these parties are exchanging on a private line, unaware that an attacker is monitoring their communication. Such attacks can lead to data theft, corruption of information, and obstruction of communication, which consequently result in loss of confidentiality and potential loss of control over equipment, devices, and operation systems (Conti et al., 2016; Rob et al., 2014). The different types of MITM attacks are distinguished by the methods used or the vulnerabilities exploited to execute the attack. One example is targeting the address resolution protocol (ARP), which is responsible for resolving an IP address into a corresponding media access control (MAC) address (Tripathi and Mehtre, 2014). It is vulnerable to attacks because it is unauthenticated. In the ARP poisoning attack mechanism, the attacker sends ARP spoofed messages to two communicating hosts, tricking them by claiming that it is the other host, which leads to both hosts updating their ARP cache with the attacker's MAC address. This deception results in these hosts forwarding all the communications to the attacker.
Review of Layer 2 and Layer 3 Forwarding
Published in James Aweya, Designing Switch/Routers, 2023
The adjacency information in a router can be integrated with the Layer 3 forwarding table or implemented as a separate table to be used by the Layer 3 forwarding engine. Either way, the Layer 2 address entries of the next-hop can be populated using any one of the following methods:Created by Sending ARP Requests: These entries are obtained from ARP requests sent by the local routing device to the next-hop node and neighbor devices on directly attached networks (i.e., routers and hosts on the same IP subnet or VLAN).Gleaned from ARP Request Received: These entries are gleaned from ARP request sent by neighbor devices to devices on the same IP subnet or VLAN including the local routing device (as explained in Figure 5.9).Gleaned during Packet Forwarding to Directly Attached Networks: These entries are gleaned when the local routing device sends packets to directly attached networks – the entry is gleaned for a specific host-route adjacency.Manual Configuration: These entries are configured manually by the network administrator by considering the devices that are directly connected to the local routing device, i.e., connected by a Layer 2 network (point-to-point, VLAN/IP subnet).In the first method, upon receiving an ARP reply, the router stores the information in an ARP cache so that it can use this information the next time a packet is to be forwarded to the same node. Each entry of the ARP cache contains the IP address (of the next-hop), the learned next-hop MAC address, the local interface through which the MAC address was learned, a timer indicating the age (i.e., elapsed time) of the entry from the moment of MAC address insertion, and flags indicating whether the state of the entry is “complete”, “incomplete”, “expired”, etc. The interface through which the MAC address is learned is important because when routing changes occur, the IP address of the next-hop may be reachable via another interface, and the MAC address of the next-hop may be different. This makes the old MAC address learned via the previous interface ineligible for use on the new interface.
Smart building energy management based on network occupancy sensing
Published in Journal of International Council on Electrical Engineering, 2018
Xianing Jin, Guanqun Wang, Yi Song, Chongbo Sun
The implicit sensor used to determine occupancy information can be classified into three types. Type I sensor requires no modification to existing systems. The typical type I sensors include the Address Resolution Protocol (ARP) and Dynamic Host Control Protocol (DHCP) [4]. ARP is always used by routers to determine the Ethernet or Wi-Fi Medium Access Control (MAC) address of all hosts on a subnet and associate it with the host’s IP address. Routers use the ARP protocol to maintain a table, or ARP cache, of associated IP and MAC addresses to enable forwarding of packets from a router to a host. The ARP table is a measure of the number of active hosts in the local network. ARP data collected from routers and Wi-Fi Access Points (AP) within a building can serve as implicit occupancy measures.