QeeqBox

Category: OT Security

  • Message Queuing Telemetry Transport Protocol

    Network Protocol

    A network protocol is a standardized set of rules procedures and conventions that govern how data is formatted transmitted and received between devices on a network These protocols ensure that devices regardless of their manufacturer operating system or hardware can communicate reliably and efficiently enabling the seamless exchange of information across networks.

    Network protocols define several critical aspects of communication including how devices initiate and terminate connections how data is packaged into packets how errors are detected and corrected and how devices address each other to ensure messages reach the correct destination They also determine how devices respond in case of congestion interruptions or conflicting requests.

    Examples of widely used network protocols include TCP/IP which underlies the internet and governs how data travels between computers HTTP/HTTPS which enables web communication FTP used for file transfers and SMTP which manages email transmission By following these standardized rules devices can understand each other interpret data correctly and maintain reliable and secure communication even across diverse networks or geographical locations.

    Network protocols are the foundation of all digital communication ensuring that information flows smoothly accurately and securely between devices in both small local networks and vast global networks like the internet.

    Message Queuing Telemetry Transport (MQTT)

    MQTT is a publish-and-subscribe communication protocol designed for IoT devices, enabling them to communicate effectively in high-latency and low-bandwidth environments.

    • For Windows, use the MQTT installer
    • For Linux-bases or Mac OS, use brew install mosquitto
    • Go to terminal or command line and type mosquitto -v

    Light switch & Mobile App MQTT Example

    In a smart home, a light switch is equipped with the capability to send information to a home mobile app.

    • MQTT Broker: The MQTT broker serves as a central server that receives messages and distributes them to all clients subscribed to specific topics.
      • mosquitto -v
    • MQTT Subscriber: The home app acts as an MQTT subscriber. It subscribes to the topic smarthome/lights/office. When the smart light switch publishes an update, the home app receives the message and updates the light’s status accordingly
      • mosquitto_sub -t 'smarthome/lights/office'
    • MQTT Publisher: The smart light switch functions as an MQTT publisher. When you turn the light on or off, the switch sends a message to a specific topic on the MQTT broker, such as smarthome/lights/office.
      • mosquitto_pub -t 'smarthome/lights/office' -m 'ON'

    Open 3 terminal windows or tabs and paste the following

    Demo (Tab 1)

    (RPi) mosquitto -v
    1757318742: mosquitto version 2.0.22 starting
    1757318742: Using default config.
    1757318742: Starting in local only mode. Connections will only be possible from clients running on this machine.
    1757318742: Create a configuration file which defines a listener to allow remote access.
    1757318742: For more details see https://mosquitto.org/documentation/authentication-methods/
    1757318742: Opening ipv4 listen socket on port 1883.
    1757318742: Opening ipv6 listen socket on port 1883.
    1757318742: mosquitto version 2.0.22 running

    Demo (Tab 2)

    (RPi) mosquitto_sub -t 'smarthome/lights/office'
    ON

    Demo (Tab 3)

    (RPi) mosquitto_pub -t 'smarthome/lights/office' -m 'Hello, MQTT!'

    You can also do the same thing using Python

    Demo (Tab 1)

    (RPi) mosquitto -v
    1757318742: mosquitto version 2.0.22 starting
    1757318742: Using default config.
    1757318742: Starting in local only mode. Connections will only be possible from clients running on this machine.
    1757318742: Create a configuration file which defines a listener to allow remote access.
    1757318742: For more details see https://mosquitto.org/documentation/authentication-methods/
    1757318742: Opening ipv4 listen socket on port 1883.
    1757318742: Opening ipv6 listen socket on port 1883.
    1757318742: mosquitto version 2.0.22 running

    MQTT in Python

    You can create an MQTT server in Python. In MQTT terminology, you can create an MQTT server in Python. In MQTT terminology, the server is called a broker, which receives messages from publishers and distributes them to subscribers. Python can be used either to run an MQTT broker (server) or to create MQTT clients, which are devices or programs that publish messages to topics or subscribe to topics to receive messages.

    listener.py (Listens to one topic)

    import paho.mqtt.client as mqtt_client # Import the Paho MQTT client library
    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2, client_id=”client_1″) # Create MQTT client with API version 2 and client ID

    def on_connect(client, userdata, flags, rc, properties): # Callback function triggered when the client connects to the broker
        print(f”Connected: reason_code={rc}”) # Print the connection result code

    def on_message(client, userdata, msg): # Callback function triggered when a subscribed message is received
        print(f”{msg.topic}: {msg.payload.decode()}”) # Print the topic and decoded message payload

    def on_disconnect(client, userdata, rc): # Callback function triggered when the client disconnects
        print(f”Disconnected: reason_code={rc}”) # Print the disconnection reason code

    client.on_connect = on_connect # Assign the connection callback function
    client.on_message = on_message # Assign the message callback function

    if client.connect(“localhost”, 1883, 60) == 0: # Connect to the MQTT broker on localhost using port 1883 with 60s keepalive
        try:
            client.subscribe(“smarthome/lights/office”, qos=1) # Subscribe to the topic with Quality of Service level 1
            client.loop_forever() # Start the network loop and listen for messages continuously
        except Exception: # Catch any runtime errors
            print(“Error”) # Print error message if an exception occurs
        finally:
            client.disconnect() # Disconnect from the broker when the program exits

    import paho.mqtt.client as mqtt_client

    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2, client_id="client_1")

    def on_connect(client, userdata, flags, rc, properties):
        print(f"Connected: reason_code={rc}")
     
    def on_message(client, userdata, msg):
        print(f"{msg.topic}: {msg.payload.decode()}")

    def on_disconnect(client, userdata, rc):
        print(f"Disconnected: reason_code={rc}")

    client.on_connect = on_connect
    client.on_message = on_message

    if client.connect("localhost", 1883, 60) == 0:
        try:
            client.subscribe("smarthome/lights/office", qos=1)
            client.loop_forever()
        except Exception:
            print("Error")
        finally:
            client.disconnect()

    client.py (Publish to a topic)

    import paho.mqtt.client as mqtt_client # Import the Paho MQTT client library

    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2) # Create an MQTT client using callback API version 2

    def on_connect(client, userdata, flags, rc, properties): # Function called when the client connects to the broker
        print(f”Connected: reason_code={rc}”) # Print the connection result code

    def on_disconnect(client, userdata, rc): # Function called when the client disconnects from the broker
        print(f”Disconnected: reason_code={rc}”) # Print the disconnection reason code

    client.on_connect = on_connect # Assign the connect callback function to the client

    if client.connect(“localhost”, 1883, 60) == 0: # Connect to the MQTT broker running on localhost using port 1883
        try:
            client.publish(“smarthome/lights/office”, “ON”, 0) # Publish the message “ON” to the topic with QoS level 0
        except Exception as e: # Catch any exceptions that occur during publishing
            print(e) # Print the error message
        finally:
            client.disconnect() # Disconnect from the MQTT broker

    import paho.mqtt.client as mqtt_client

    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2)

    def on_connect(client, userdata, flags, rc, properties):
        print(f"Connected: reason_code={rc}")

    def on_disconnect(client, userdata, rc):
        print(f"Disconnected: reason_code={rc}")

    client.on_connect = on_connect

    if client.connect("localhost", 1883, 60) == 0:
        try:
            client.publish("smarthome/lights/office", "ON", 0)
        except Exception as e:
            print(e)
        finally:
            client.disconnect()

    Output

    Connected: reason_code=Success
    smarthome/lights/office: ON

  • IT, OT, IoT, and IIoT Networks

    Computer Network

    A computer network is a system of interconnected devices such as computers, servers, routers, and other hardware that communicate to share data, resources, and services. Networks create pathways and infrastructure for the flow of information between devices, enabling activities such as sending emails, browsing the web, streaming video, or participating in video calls.

    Computer networks vary in scale and complexity. Local Area Networks (LANs) connect devices within a small area, such as a home, office, or school, while Wide Area Networks (WANs) span larger geographic regions, linking offices, data centers, or even countries. The internet is the largest global network, connecting billions of devices worldwide.

    Networks are essential for daily digital activities, supporting personal communication, business operations, online education, healthcare systems, financial transactions, cloud computing, and more. They rely on protocols, hardware, and security measures to ensure efficient, reliable, and safe data transmission between devices.

    Network Security

    Network security involves methods, technologies, and procedures to protect computer networks and their resources from unauthorized access, misuse, modification, or disruption. It ensures that sensitive information such as personal data, financial records, and confidential business information remains safe while maintaining the availability and integrity of network services.

    Network security includes:

    • Access Control: Restricting who can connect to the network or access specific resources using passwords, authentication systems, or multi-factor authentication (MFA).
    • Firewalls: Devices or software that monitor and filter network traffic to block malicious activity.
    • Intrusion Detection and Prevention: Systems that detect unusual or suspicious activity and respond to potential threats.
    • Encryption: Protecting data in transit by converting it into a format unreadable by unauthorized users.
    • Network Monitoring: Continuously observing network traffic and performance to identify potential security breaches or vulnerabilities.
    • Regular Updates and Patching: Ensuring network devices and software are up to date to protect against known vulnerabilities.

    Effective network security not only prevents unauthorized access but also reduces the risk of data breaches, malware infections, and service disruptions, helping maintain trust, reliability, and operational continuity for individuals and organizations.

    Information Technology (IT) Network

    An Information Technology (IT) network combines hardware, software, and protocols to monitor, manage, and control the flow of electronic data within an organization or between interconnected systems. This setup allows devices such as computers, servers, routers, and storage systems to communicate, share resources, and access information efficiently and securely.

    Hardware components in an IT network include servers, switches, routers, firewalls, and cables. Software components encompass network management tools, monitoring systems, security programs, and communication applications. Together, these elements enable organizations to store, transmit, and protect data, ensuring the smooth operation of digital services and facilitating user collaboration.

    IT networks can vary in size and scope, from small local area networks (LANs) in offices to large wide area networks (WANs) that connect multiple sites across cities, countries, or continents. They rely on standards and protocols to ensure interoperability, reliability, and security of data transmission.

    A well-managed IT network is critical to the daily operations of modern organizations, supporting tasks such as email, cloud computing, database management, video conferencing, and online transactions. By integrating monitoring, control, and security mechanisms, IT networks help maintain operational efficiency, protect sensitive information, and respond quickly to disruptions or threats.

    Overview

    • Purpose: Handle data and information within organizations.
    • Focus: Computers, servers, databases, email, cloud services.
    • Protocols/Technologies: TCP/IP, HTTP/HTTPS, DNS, VPN, Wi-Fi, Ethernet.
    • Characteristics:
      • Security-focused
      • Data-centric
      • High reliance on standardized IT hardware and software
    • Example: Corporate LANs, cloud servers, email systems.
    • CIAAN Prioritization
      • Confidentiality
        • Data should not be accessed without permission (Data is stored in a safe place)
          • Sending a message to a specific target
      • Integrity
        • Data should not be modified by unauthorized users/objects (Data is reliable and accurate)
          • Sending a message to a specific target and ensuring that the target receives the exact message without being tampered with
      • Availability
        • Data should be available to authorized users/objects whenever they need it (Data is available when needed)
          • Sending a message to a target, and the target can receive it
      • Authenticity
        • The identity and origin of a user, system, or data are trusted
          • The sender and the communication channel are trusted
      • Non-repudiation
        • The individual or system cannot deny having carried out a specific action.
          • The sender cannot deny having sent a message

    Topology

    Internet <-> Firewall <-> IT Network
    • Internet (Untrusted): The public web. By default, all unsolicited inbound traffic is blocked to prevent external intrusions.
    • Firewall (The Gatekeeper): A physical or virtual appliance using Stateful Packet Inspection (SPI). It ensures that the only data entering the network is a direct, verified response to a request initiated by an internal user.
    • IT Network (Trusted / Corporate): Houses workstations, Electronic Health Record (EHR) systems, and administrative servers. It is protected from the public web but remains the most likely entry point for phishing.

    Operational Technology (OT) Network

    An Operational Technology (OT) network combines hardware, software, and communication systems designed to monitor, control, and manage industrial equipment and operational processes. Unlike traditional IT networks, which primarily handle data and information, OT networks focus on the physical operation of machinery, production lines, utilities, and other critical industrial systems.

    Hardware components in OT networks include sensors, actuators, programmable logic controllers (PLCs), industrial robots, and supervisory control and data acquisition (SCADA) systems. Software components consist of control applications, monitoring platforms, and analytics tools that help operators manage processes, optimize performance, and respond to events in real time.

    OT networks are widely used in industries such as manufacturing, energy, transportation, water treatment, and oil and gas. They enable organizations to automate complex processes, ensure safety, maintain efficiency, and reduce downtime by providing precise control over physical operations.

    Security and reliability are critical in OT networks because disruptions can cause physical damage, production losses, environmental hazards, or safety risks. OT systems often operate in environments where downtime is costly or dangerous, making real-time monitoring, fail-safes, and secure communication protocols essential.
    OT networks bridge the digital and physical worlds, enabling control, monitoring, and coordination of industrial systems to ensure operational efficiency, safety, and regulatory compliance.

    Overview

    • Purpose: Manage and control physical devices, machinery, and industrial processes.
    • Focus: Sensors, actuators, PLCs (Programmable Logic Controllers), SCADA systems.
    • Protocols/Technologies: Modbus, DNP3, OPC UA, PROFIBUS, EtherNet/IP.
    • Characteristics:
      • Safety and reliability-critical
      • Real-time or near real-time operations
      • Legacy systems often coexist with modern ones
    • Example: Factory floor control systems, water treatment plants, power grids.’
    • CIAAN Prioritization
      • Availability
        • Data should be available to authorized users/objects whenever they need it (Data is available when needed)
          • Sending an event to a specific actuator, and the actuator can receive it
      • Integrity
        • Data should not be modified by unauthorized users/objects (Data is reliable and accurate)
          • Sending an event to a specific actuator and ensuring that the actuator receives the exact event without being tampered with.
      • Confidentiality
        • Data should not be accessed without permission (Data is stored in a safe place)
          • Sending an event to a specific actuator
      • Authenticity
        • The identity and origin of a user, system, or data are trusted
          • The sender and the communication channel are trusted
      • Non-repudiation
        • The individual or system cannot deny having carried out a specific action.
          • The sender cannot deny having sent a message 

    Topology

    Internet <-> Firewall <-> IT Network <-> Secure Gateway / DMZ <-> OT Network
    • Secure Gateway / DMZ (The Air-Lock): The most critical security layer. It creates a physical and logical “buffer” so that the IT and OT networks never communicate directly.
      • Data Brokerage: It terminates the connection from one side and starts a new one on the other, acting as a middleman for machine data.
      • Protocol Isolation: It strips away IT-based protocols (which carry malware/ransomware) and only allows specific industrial “languages” (Modbus, BACnet, DICOM) to pass.
    • OT Network (Mission-Critical Zone): The “Heart” of the facility (e.g., life-support, surgery robots, PLCs). It is protected by two layers of security, making it invisible to the public internet.

    Internet of Things (IoT) Network

    An Internet of Things (IoT) network is a system of interconnected devices, sensors, appliances, and software that communicate and exchange information autonomously without direct human intervention. These devices collect data from their environment, share it across the network, and can respond or act based on the information they receive, creating a dynamic ecosystem of smart automated systems.

    IoT networks include a wide variety of devices, such as smart home appliances like thermostats, lights, and security cameras, wearable health monitors, industrial sensors, connected vehicles, and even environmental monitoring equipment. Each device is equipped with the necessary hardware and software to sense, transmit, process, or act on data, often using wireless communication protocols such as Wi-Fi, Bluetooth, Zigbee, or cellular networks.

    The primary goal of an IoT network is to enhance efficiency, automation, and decision-making by enabling devices to work together intelligently. For example, a smart thermostat can adjust room temperature based on occupancy data collected from motion sensors. In contrast, industrial IoT sensors can monitor machinery performance and trigger maintenance alerts before failures occur.

    IoT networks rely heavily on data analytics, cloud computing, and edge computing to process large volumes of information generated by connected devices. Security is a major consideration, as unsecured IoT devices can be vulnerable to cyberattacks, potentially affecting privacy, safety, and the network’s functionality.

    IoT networks are revolutionizing how humans interact with technology, providing automation, convenience, and real-time insights across homes, businesses, and industries while enabling smarter, more responsive systems.

    Overview

    • Purpose: Connect everyday devices to the internet for monitoring, control, and data collection.
    • Focus: Consumer devices, home automation, wearables, smart appliances.
    • Protocols/Technologies: MQTT, CoAP, Zigbee, LoRaWAN, Wi-Fi, Bluetooth.
    • Characteristics:
      • Often low-power devices
      • Cloud connectivity and analytics-driven
      • Usually not mission-critical (compared to OT)
    • Example: Smart thermostats, fitness trackers, connected cameras.
    • CIAAN Prioritization
      • Availability
        • Data should be available to authorized users/objects whenever they need it (Data is available when needed)
          • Sending an event to a specific actuator, and the actuator can receive it
      • Integrity
        • Data should not be modified by unauthorized users/objects (Data is reliable and accurate)
          • Sending an event to a specific actuator and ensuring that the actuator receives the exact event without being tampered with.
      • Confidentiality
        • Data should not be accessed without permission (Data is stored in a safe place)
          • Sending an event to a specific actuator
      • Authenticity
        • The identity and origin of a user, system, or data are trusted
          • The sender and the communication channel are trusted
      • Non-repudiation
        • The individual or system cannot deny having carried out a specific action.
          • The sender cannot deny having sent a message 

    Topology

    Internet <-> Firewall <-> IT Network <-> Secure Gateway / DMZ (IoT inside)
    • Secure Gateway / DMZ (Semi-Trusted / IoT Sandbox): By isolating IoT (Smart TVs, HVAC, Printers) here, you prevent “Lateral Movement.”
      • Inbound Control: The Gateway allows IoT devices to reach the Internet for necessary firmware updates.
      • Outbound Restriction: The Gateway strictly blocks IoT devices from initiating any connection to the IT Network, ensuring a hacked “Smart TV” cannot access private patient data.

    Industrial Internet of Things (IIoT) Network

    An Industrial Internet of Things (IIoT) network is a system of interconnected sensors, devices, machines, and software designed specifically for industrial environments, allowing them to communicate. Exchange information autonomously without direct human intervention. Unlike general IoT networks, which often focus on consumer applications, IIoT networks are tailored to industries such as manufacturing, energy, transportation, oil and gas, and utilities, where reliable, real-time monitoring and control of equipment is critical.

    IIoT devices collect data from industrial processes, machinery, or environmental conditions and share it across the network to enable automation, predictive maintenance, operational optimization, and safety improvements. Examples include vibration sensors on factory equipment to predict failures, smart meters in energy grids to monitor consumption, and temperature and humidity sensors in warehouses to maintain optimal storage conditions.

    The network typically combines hardware components like sensors, actuators, and programmable logic controllers PLCs with software platforms for data collection, processing, and analytics. Communication often occurs via industrial protocols or wireless standards suitable for harsh environments, ensuring reliability, low latency, and secure data transmission.

    IIoT networks enable organizations to reduce downtime, increase efficiency, and make data-driven decisions by continuously monitoring industrial operations. Security and resilience are major concerns, as disruptions or breaches can lead to production loss, equipment damage, or safety hazards. Therefore, IIoT networks often include strong cybersecurity measures, redundant systems, and monitoring tools to maintain operational continuity.

    An IIoT network integrates advanced sensing, connectivity, and analytics in industrial settings, enabling machines and systems to operate more intelligently, safely, and efficiently with minimal human intervention.

    Overview

    • Purpose: Industrial version of IoT for operational efficiency, predictive maintenance, and automation.
    • Focus: Industrial machinery, sensors, robotics, heavy equipment.
    • Protocols/Technologies: Industrial Ethernet, MQTT, OPC UA, Modbus TCP, edge computing.
    • Characteristics:
      • Combines IT and OT principles
      • Real-time monitoring and control
      • Data-driven decision making and analytics
    • Example: Smart factories, automated manufacturing lines, predictive maintenance systems.
    • CIAAN Prioritization
      • Availability
        • Data should be available to authorized users/objects whenever they need it (Data is available when needed)
          • Sending an event to a specific actuator, and the actuator can receive it
      • Integrity
        • Data should not be modified by unauthorized users/objects (Data is reliable and accurate)
          • Sending an event to a specific actuator and ensuring that the actuator receives the exact event without being tampered with.
      • Confidentiality
        • Data should not be accessed without permission (Data is stored in a safe place)
          • Sending an event to a specific actuator
      • Authenticity
        • The identity and origin of a user, system, or data are trusted
          • The sender and the communication channel are trusted
      • Non-repudiation
        • The individual or system cannot deny having carried out a specific action.
          • The sender cannot deny having sent a message 

    Topology

    Internet <-> Firewall <-> IT Network <-> Secure Gateway / DMZ (IoT inside) <-> OT Network (IIoT inside)
    • Zone Separation (IoT vs. IIoT):
      • IoT (In DMZ): Non-critical facility devices (Cameras, Guest Wi-Fi) are sandboxed in the DMZ. If compromised, the impact is contained.
      • IIoT (In OT Zone): Industrial sensors and smart clinical tools (IIoT) live inside the OT Network. Their data is vital for real-time operations, and they are protected by the full “Air-Lock” logic of the Secure Gateway.
    • Ultimate Isolation: This flow ensures that a breach on the Internet or a malware in the IT Office cannot physically reach or disrupt the mission-critical machines in the OT zone.