RealiteQ Cloud based SCADA and Telemetry SOLUTION Security
Reali Technologies is an Israeli leader in Web SCADA and Telemetry Technology.
Reali
Technologies established as an Israeli breakthrough technology startup in 2007 that
developed a new generation of SCADA & Telemetry Solution named RealiteQ.
Today, Reali Technologies has an advanced proven End-to-End web base SCADA & Telemetry System for a wide range of Water and Wastewater applications, with thousands of
remote sites that operate in five continents.
Reali Technologies invests in resources for providing the RealiteQ highly Secured Cloud based SCADA and Telemetry SOLUTION, by utilizing several Security Levels:
Reliable Service – Multiple hosting. Our servers are running at Amazon but
for different customers and territories, we have two more separated
hosting's, one in Germany and one in Israel.
RealiteQ, has three
different Amazon servers, one for real time, one for history and one for backup of the other two servers.
Each project has its own database.
Most advanced Security procedures applied which the main ones are: No
static IP, SSL, 128 hash code S-Key, no transparent connection, All are clients
but the COMP, password encryption, adaptive delays and blocking of users
with wrong passwords, and more...
Software can't track the RealiteQ ICEX device location because it needs no
fix IP, which therefore prevents hacker attacks!
Remote operational alert – any remote operation of critical values will generate
notification to the relevant personal.
Option for monitoring only (Model "M") – remote operation is blocked and only
remote monitoring is running.
RealiteQ is composed of the following parts:
State server (COMP) - a machine handling
all application state and user interface.
Backup state server - a machine identical to
the State server, in hot standby in case the
first server fails.
History DB server - a machine serving
historical data.
ICEX units (Producers) - field units
transmitting real-time
process data to the state server.
User Interface (UI) – Browser based interface (Consumers) connected to the state
server, in order to display and control process data and historical data.
Users use HTTP/HTTPS on browsers to connect to the state server. HTTPS/SSL
communication is performed using SHA-256 encryption.
Communication between the state server and the backup server is done over SSL.
Communication between the state server and the history DB server is done over SSL.
Each user on the system is assigned a username and password. Passwords are
stored salted by generating a random UUID for each user, and encrypted using MD5
hashing.
Log-In on browsers is always performed
using HTTPS, so passwords are never
sent in plain text on the wire.
User sessions expire automatically after 10 minutes
of inactivity. The user’s access token, generated on
log-in, is valid for starting session for one hour. After
it expires, the user will need to provide their
credentials in order to access the system.
There is automatic reminder for every user every 90
days to change to new password.
User password strength is scored. Complex password is required for a high score
approval.
Detailed credentials for users with several separated rules.
False user log-in activates a delay algorithm that block hacking. After 2 more retries
the access is blocked for 30 minutes.
ICEX units (Producers) connect as clients to the state server using HTTP/HTTPS (port
443). That's make the system "firewall Friendly" and no "holes" should be opened.
Each ICEX has a unique user name. ICEX are required to sign into the server either as
with a unique password (just like normal user) or, for better security, by using a
unique Access Token that is generated for the specific iCeX/URL by the COMP.
All sessions secured (in addition to SSL) by a 128 bits hash code (S-Key) that is
manipulated with the actual IP and routinely changed. The manipulated and
encrypted S-Key and is attached to every HTTP/HTTPS transmission.
Historical data is stored using AES-256 encryption.
No static IP is in use by the producer nor the consumer. RealiteQ Producers and
Consumers support DHCP with all networks (fix or landline).
Both Producers and Consumers are clients. Only the clients initialize the connection
to COMP.
Working with DHCP behind firewalls or routers, there is no way to expose from
remote the actual (Dynamic) IP of the Producers. As so it is impossible to remotely
connect to Producers (the Producers initiate the connection and Log-In to COMP).
Conclusion:
By virtue of being a Control System for critical infrastructure,
RealiteQ is protected with the
highest Security algorithm and all the Data is protected by Technologies that are used in
banking and military applications.
The RealiteQ System uses an
advanced algorithm that makes remote operation Secure and Safe.
In the last 8 years, RealiteQ has been Safely installed in many Water & Wastewater utilities, Natural
Gas distribution Systems, as well as in other thousands of sites in five continents, and among
our users you can find Global & American leading enterprises.