• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Anti Virus
#1
Dear Armin,

You may know that I don't have enough knowledge by asking this question.:-)

To protect against not only data theft but Malware, do we need anti virus software to netPI?
If we install 'Trend micro IoT security', is it installed in each container or the Linux running Docker?

Thank you very much for your information.
Best regards,
  Reply
#2
Hi,

I agree that any computer alike system might be subject to be threatened by intrusion, spying or data theft. This is why any computer alike system needs to be protected against different vectors of attack. A team created the IEC 62443 specification as "cyber security standard for industrial automation" that dedicates all chapters exactly all those known threats. If one follows this specification he is getting a very secure system overall.

This specification IEC 62443 starts with saying that security is all about training of IT personnel first of all to get a feeling of what security really means. So imagine you have a password for netPI's web UI but untrained staff personnel make it public on the internet so that any anybody can read it. Wouldn't this be bad? It sounds trivial to keep a password secret but if no one tells at a time there is no feeling about security. Or another chapter of the IEC 62443 says simply that any computer alike system has to be enclosed by a lockable control cabinet so nobody can get access to it physically. And and ...

What I want to say is that any system needs to be analyzed in all details what are its vectors of attack and then a decision has to be made which counter measures need to be taken. We also have read the IEC 62443. As a result with netPI we avoided from the beginning to install SSH service to get access to Linux from remote over a console. So nobody is able to get access to Host Linux. Also we are using Docker as intermediate safely layer between any application and Linux for example guaranteeing the data integrity of a container when loaded. Or netPI's Host Linux of netPI can only install Hilscher approved and signed software if there is an update. Also we have installed AppArmor between Docker and Linux which is a security framework that allows Docker daemon and its underlying container application to access host Linux only restricted.

Also we decided for Linux as OS. This is the most monitored OS in the whole world since it is open and thousands of developer check day by day each software change if it is allowed, makes sense and does not violate Linux security. Also the human influence factor on netPI is low compared to a Windows Desktop system where people can click on different insecure internet pages and download malware by mistake without knowing it. So Viruses are not known with Linux if you search on the internet. This does not mean of course not to think about any kind of protection.

But back to your initial question. I don't know "Trend micro IoT security" and I don't know what it can do and what it exactly protects. What I recommend to you is first of all to analyze the vector of attack in your system. So imagine if you build a container that is just sending data to the internet and has not incoming port open, so why to protect this container if nobody can intrude it? This does not make any sense. Then as next if you have an incoming port open and for example an MQTT broker running in the background listing to this port. Then it is worth it to think to a next level and to analyze deeper. MQTT is a data only protocol you cannot send any Linux commands across, just data. So you can trust the MQTT engine. So also in this scenario there is no threat. But if you load any container from the internet you don't know the source of then you don't know the software that is inside and then things can get difficult easily. Then you need protection maybe. Or very trivial do not take containerized software from the internet you don't know the source of. Build your own containers instead where you know the software that's inside or load Docker certified software https://hub.docker.com/search?q=&type=im...=certified.

Since I don't know "Trend micro IoT security" I can't give you a better answer. I think you need a training course from the manufacturer explaining to you where this software helps you and your customer to add further protections
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#3
Hello Armin,

Thank you very much for your detail explanations!
I understand how to protect my netPI with them and lots of information from Internet after that.

By the way, if an own container is developed with Raspbian OS, I found 'Trend Micro Deep security' can be used to protect each Docker container.
https://help.deepsecurity.trendmicro.com...ocker.html
I want to study how to adapt it someday though it seems difficult for me.

Best regards,
  Reply
#4
I read the link.

This security suite can be installed on standard Docker hosts where the Docker Deamon is not restricted like our special "Hilscher" Docker used on netPI.

On netPI no Docker container can get any access to the Linux Host system. We removed all the possibilities a user could ever configure in container start parameter to open its access to Docker host system. So no chance with netPI. In my opinion using "Trend Micro Deep securit" on netPI makes no sense at all.

Thx
Armin
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)