Donar $20 Donar $50 Donar $100 Donar mensualmente
 


Enviar respuesta 
 
Calificación:
  • 0 votos - 0 Media
  • 1
  • 2
  • 3
  • 4
  • 5
Buscar en el tema
[Aporte] Final Inglés 2 (Sistemas)
Autor Mensaje
Batman Sin conexión
Empleado del buffet
Gotham City
*

Ing. en Sistemas
Facultad Regional Buenos Aires

Mensajes: 24
Agradecimientos dados: 2
Agradecimientos: 60 en 15 posts
Registro en: Mar 2016
Mensaje: #1
[Aporte] Final Inglés 2 (Sistemas) Finales Inglés II
Buenas, dejo el texto que tomaron ayer para sistemas (5/12/17).... Nos dijeron que no marquemos la fotocopia así podían llegar a usarla en alguna otra fecha rollroll
El texto es el que está aca: https://eandt.theiet.org/content/article...eat-grows/ PERO le sacaron el parrafo "No connect between IT and control".
Lo copio por las dudas que lo desaparezcan de la web esa (?).
Spoiler: Mostrar
Infrastructure cyber attack threat grows
By Sean Davies - Published Monday, June 13, 2011

Despite high-profile attacks, there is still a lack of IT security in key public infrastructure. We ask if it will take a major meltdown to prompt governments to take action.

It is almost a year now since the attack on the control system of an Iranian nuclear reactor by the Stuxnet virus. However, despite this ominous development and recent reports that the threat of attacks has increased, a worrying amount of vital public infrastructure is still vulnerable.

Cyber-attacks are currently the single greatest threat to national security with many countries placing it at the forefront of their defence planning. Critical civilian infrastructure that depends most heavily on industrial control systems – such as power, water, oil and gas – is still under threat from cyber-attack, despite the increased security following Stuxnet. 'If you can't deal with a zero-day attack coming from a thumb-drive you have nothing,' former director of central intelligence Jim Woolsey says.

According to a recent report conducted by IT security specialists McAfee and the Centre for Strategic International Studies (CSIS) – an organisation that drafted US President Barak Obama's cyber-security strategy – vulnerabilities are also still growing. The report states that '40 per cent of executives believed that their industry's vulnerability had grown over the past year'.

Another report, from the Ponemon Institute, claims that 75 per cent of global energy organisations they polled admit to having suffered at least one data breach in the past 12 months. 'One of the scariest points that jumped out at me is that it takes on average 22 days to detect insiders making unauthorised changes, showing just how vulnerable organisations are today,' Dr Larry Ponemon, founder and chairman on the Ponemon Institute, says. 'These results show that energy and utility organisations are struggling to identify the relevant issues that are plaguing their companies from a security perspective. They have to bridge the gap to operations and IT, and make IT security a top priority within the organisation.'

'It is definitely a clear and present danger,' says Sal Viveros, security expert at McAfee. 'The number of attacks facing these types of companies is pretty large, with one in four of the companies that we spoke to having been a victim of extortion. We are seeing cyber-criminals trying to blackmail these people; apparently hundreds of millions of dollars have been extorted from US companies. This is really the biggest untold story about cyber-crime. That percentage is pretty high and that's only those who are willing to go on record and admit it.'

What is Stuxnet?
According to Eric Knapp, director critical infrastructure markets at NitroSecurity, the Stuxnet virus itself is a remarkably sophisticated form of malware, which has two characteristics that demonstrated the growing threat of cyber-attacks.

'First, it had no obvious criminal payoff,' he says. 'It was designed for sabotage and sabotage alone. It infects computer systems by exploiting a number of vulnerabilities on Microsoft Windows. Uploaded to the computer through, among other things, a USB drive, shared network files, or SQL databases, it targets a specific Siemens SCADA program.'

If this software is running, Stuxnet looks for a particular configuration of industrial equipment and then launches an attack designed to manipulate certain microcontrollers to perform erratically while reporting normal functioning to operators of the system.

'This is sabotage pure and simple,' Knapp adds. 'Stuxnet was a weapon; it was someone who tried to target a Scada system to cause actual harm, rather than to take control or extract information.'

There is no easy way to use the malware either for espionage or for extortion. It has been widely speculated that Stuxnet was aimed at infiltrating Iran's heavily protected Natanz facility for enriching uranium. The delicate centrifuges at Natanz are crucial for Iran's nuclear weapons programme, and they have suffered numerous unexplained failures since Stuxnet was launched.

Second, Stuxnet was an extraordinary advance in sophistication over the kinds of malware used by the criminal underground. The Belarusian security firm that initially identified Stuxnet at first believed it to be a backdoor for hackers. But closer inspection revealed the complex nature of the virus. It featured: multiple exploits that were previously unknown; Microsoft Windows driver modules that signed using genuine cryptographic certificates stolen from respectable companies; about 4,000 functions; and advanced anti-analysis techniques to render reverse-engineering difficult.

'It is almost certainly the work of a government, not a criminal gang,' Knapp says. 'Stuxnet is, in short, a weapon. It is a concrete demonstration that governments will develop malware to sabotage their adversaries' IT systems and critical infrastructure. It also shows that hostile governments can easily target the Scada systems on which a nation's power, gas, oil, water and sewage systems depend, defeating the defences upon which most companies rely.'

Life after Stuxnet
Knapp argues that the Stuxnet threat has heightened awareness. 'I think that since Stuxnet the attitude towards protection has changed considerably,' he adds. 'Everybody is looking at that worst-case scenario now. Someone successfully hacked in or successfully delivered malware that actually sabotaged a process, and there is nothing to stop that from happening again. Therefore people are now looking for things and usually if you are looking, patterns are quite easy to find. This is especially true in a manufacturing environment because automated processes are very well defined and most often also extremely well timed. If there was any sort of abnormal behaviour it would stand out very quickly.

'If a process is defined so that something happens in exactly the same way every single time, if some integration changes it has to be rectified pretty quickly. So if the security people can look at what is happening in the operational environment it would be relatively easy for them to spot evidence that something has happened. Predicting that something is about to happen is completely different.'

The emergence of Stuxnet points to an overriding need for critical infrastructure companies to acknowledge the changes in the cyber-threat landscape. It is clear that they need to focus attention not only on denial-of-service attacks, but also on more sophisticated threats, like stealthy infiltration from state-sponsored actors or cyber-extortionists.

'The days of having an anti-virus programme on your system and thinking you are protected are long gone,' Viveros says. There are plenty of technologies available to protect every entry point that these organisations need to look into, but a clear consensus is that application control is vital. If you know exactly what is running on each system you can ensure that nothing else is on that system – this makes it impossible for people to access the system via USB. The age of the firewall it seems is over. 'Firewalls have been used in the past, but now with Port 80 open to use various web applications you need application control as well,' Viveros adds.

'One barrier to closing this vulnerability and minimising the risk is the fact that organisations are not prioritising IT security,' Ponemon says. 'In fact, physical security budget is about nine times the physical security budget. There is also the fact that it is clear that preventing downtime is more critical than stopping an attack.'

With the talk of further attacks imminent and an admission from Siemens that they have failed to plug the holes – this was amply demonstrated by the company's request that NSS labs cancel a talk at a recent conference where they were due to explain how an attack could occur – urgent attention is required. The solution would be to make IT security a strategic initiative across every enterprise, but with finances stretched it may take another Stuxnet-like intrusion to trigger that change in emphasis.

Las preguntas eran:
1) Cual es la situación de los países y de las industrias con respecto a los ataques? (O algo así, pero se refería a la primer parte).
2) Cuales fueron los resultados o conclusiones de los 2 reportes que se mencionan.
3) Qué es Stuxnet y cuales son sus características?
4) Cual es la posición que tomaron las industrias después de Stuxnet? Explicar detalladamente. (Esta fue medio fruta... Traduje un par de las primeras oraciones de "Life after Stuxnet" y chau)
5) Cuales son los problemas que surgen? Y que solución propone el actor? (En resumen: las empresas no están dando importancia a la seguridad de IT, y la solución sería una iniciativa estratégica en todas las empresas sobre la seguridad IT).
6) Explicar cual es la función de DESPITE en el 1er párrafo (1er palabra del texto). SIN traducir, explicar que ideas conecta.

Obviamente dijeron que "no había que traducir sino interpretar"... JA, nadie le dice a Batman lo que tiene que hacer, así que traduje todo como un campeón... y clavé 9, así que no les crean nada. Obviamente algunas palabras las cambié porque sonaban horrible (o no tenía idea de como traducirlas en ese contexto), pero traté de seguir el orden de las ideas y oraciones así como están en el texto y funcionó thumbup3

"It's Not Who I Am Underneath, But What I Do That Defines Me."
06-12-2017 10:00
Encuentra todos sus mensajes Agregar agradecimiento Cita este mensaje en tu respuesta
[-] Batman recibio 8 Gracias por este post
CarooLina (06-12-2017), rod77 (06-12-2017), niramirez (06-12-2017), pugna23 (06-12-2017), Omnipresent (06-12-2017), Chalo (06-12-2017), diegomsaiz (12-12-2017), Gabriel4 (Ayer)
Omnipresent Sin conexión
Campeon del cubo Rubik
The Winter is gone
****

Ing. en Sistemas
Facultad Regional Buenos Aires

Mensajes: 150
Agradecimientos dados: 41
Agradecimientos: 44 en 38 posts
Registro en: Sep 2014
Mensaje: #2
RE: [Aporte] Final Inglés 2 (Sistemas)
Cita:nadie le dice a Batman lo que tiene que hacer


Off-topic:
jajajaja
[Imagen: dhMeAzK.gif]
06-12-2017 17:11
Encuentra todos sus mensajes Agregar agradecimiento Cita este mensaje en tu respuesta
mestrella Sin conexión
Empleado del buffet
Sin estado :(
*

Ing. en Sistemas
Facultad Regional Buenos Aires

Mensajes: 3
Agradecimientos dados: 11
Agradecimientos: 0 en 0 posts
Registro en: Jun 2013
Mensaje: #3
RE: [Aporte] Final Inglés 2 (Sistemas)
holaaaaa, como estan? yo voy a presentar a rendirla libre.
Es como hace unos años? te dejan llevar el diccionario?

Saludos y espero su rta!
rindo mañana!
12-12-2017 10:52
Encuentra todos sus mensajes Agregar agradecimiento Cita este mensaje en tu respuesta
Batman Sin conexión
Empleado del buffet
Gotham City
*

Ing. en Sistemas
Facultad Regional Buenos Aires

Mensajes: 24
Agradecimientos dados: 2
Agradecimientos: 60 en 15 posts
Registro en: Mar 2016
Mensaje: #4
RE: [Aporte] Final Inglés 2 (Sistemas)
(12-12-2017 10:52)mestrella escribió:  holaaaaa, como estan? yo voy a presentar a rendirla libre.
Es como hace unos años? te dejan llevar el diccionario?

Saludos y espero su rta!
rindo mañana!
Buenas! No se como era hace unos años, pero fueron las 6 preguntas que puse (preguntas y respuestas todo en castellano).
No había puntos de "Traducir X párrafo" (como sí me tomaron en Inglés 1 cuando lo rendí el año pasado). Y si, te dejan usar diccionario =)

"It's Not Who I Am Underneath, But What I Do That Defines Me."
12-12-2017 11:21
Encuentra todos sus mensajes Agregar agradecimiento Cita este mensaje en tu respuesta
[-] Batman recibio 1 Gracias por este post
mestrella (Ayer)
Buscar en el tema
Enviar respuesta 




Usuario(s) navegando en este tema: rocio96, 1 invitado(s)



    This forum uses Lukasz Tkacz MyBB addons.