RealiteQ Cloud based SCADA and Telemetry SOLUTION Security

Reali Technologies is an Israeli leader in Web SCADA and Telemetry Technology. 

Reali Technologies established as an Israeli breakthrough technology startup in 2007 that developed a new generation of SCADA & Telemetry Solution named RealiteQ. 

Today, Reali Technologies has an advanced proven End-to-End web base SCADA & Telemetry System for a wide range of Water and Wastewater applications, with thousands of remote sites that operate in five continents.

Reali Technologies invests in resources for providing the RealiteQ highly Secured Cloud based SCADA and Telemetry SOLUTION, by utilizing several Security Levels: 

 Reliable Service – Multiple hosting. Our servers are running at Amazon but for different customers and territories, we have two more separated hosting's, one in Germany and one in Israel. 

RealiteQ, has three different Amazon servers, one for real time, one for history and one for backup of the other two servers. 

 Each project has its own database. 

 Most advanced Security procedures applied which the main ones are: No static IP, SSL, 128 hash code S-Key, no transparent connection, All are clients but the COMP, password encryption, adaptive delays and blocking of users with wrong passwords, and more... 

 Software can't track the RealiteQ  ICEX device location because it needs no fix IP, which therefore prevents hacker attacks!

 Remote operational alert – any remote operation of critical values will generate notification to the relevant personal. 

 Option for monitoring only (Model "M") – remote operation is blocked and only remote monitoring is running.

RealiteQ is composed of the following parts: 

 State server (COMP) - a machine handling all application state and user interface. 

 Backup state server - a machine identical to the State server, in hot standby in case the first server fails. 

 History DB server - a machine serving historical data. 

 ICEX units (Producers) - field units transmitting real-time process data to the state server. 

 User Interface (UI) – Browser based interface (Consumers) connected to the state server, in order to display and control process data and historical data. 

 Users use HTTP/HTTPS on browsers to connect to the state server. HTTPS/SSL communication is performed using SHA-256 encryption. 

 Communication between the state server and the backup server is done over SSL. 

 Communication between the state server and the history DB server is done over SSL. 

 Each user on the system is assigned a username and password. Passwords are stored salted by generating a random UUID for each user, and encrypted using MD5 hashing. 

 Log-In on browsers is always performed using HTTPS, so passwords are never sent in plain text on the wire. 

 User sessions expire automatically after 10 minutes of inactivity. The user’s access token, generated on log-in, is valid for starting session for one hour. After it expires, the user will need to provide their credentials in order to access the system. 

 There is automatic reminder for every user every 90 days to change to new password. 

 User password strength is scored. Complex password is required for a high score approval. 

 Detailed credentials for users with several separated rules. 

 False user log-in activates a delay algorithm that block hacking. After 2 more retries the access is blocked for 30 minutes. 

 ICEX units (Producers) connect as clients to the state server using HTTP/HTTPS (port 443). That's make the system "firewall Friendly" and no "holes" should be opened. 

 Each ICEX has a unique user name. ICEX are required to sign into the server either as with a unique password (just like normal user) or, for better security, by using a unique Access Token that is generated for the specific iCeX/URL by the COMP. 

 All sessions secured (in addition to SSL) by a 128 bits hash code (S-Key) that is manipulated with the actual IP and routinely changed. The manipulated and encrypted S-Key and is attached to every HTTP/HTTPS transmission. 

 Historical data is stored using AES-256 encryption. 

 No static IP is in use by the producer nor the consumer. RealiteQ Producers and Consumers support DHCP with all networks (fix or landline). 

 Both Producers and Consumers are clients. Only the clients initialize the connection to COMP. 

 Working with DHCP behind firewalls or routers, there is no way to expose from remote the actual (Dynamic) IP of the Producers. As so it is impossible to remotely connect to Producers (the Producers initiate the connection and Log-In to COMP). 

Conclusion: By virtue of being a Control System for critical infrastructure, 

RealiteQ is protected with the highest Security algorithm and all the Data is protected by Technologies that are used in banking and military applications. 

The RealiteQ System uses an advanced algorithm that makes remote operation Secure and Safe. 

In the last 8 years, RealiteQ has been Safely installed in many Water & Wastewater utilities, Natural Gas distribution Systems, as well as in other thousands of sites in five continents, and among our users you can find Global & American leading enterprises.