There is provided a network security method in a computer network. The method comprises detecting, by a gateway computer, a target device being connected to the computer network, detecting the target device transmitting a DNS query for resolving a hostname into an IP address, transmitting a query to a content rating system, wherein the query comprises the resolved hostname related to the DNS query of the target device, receiving, from the content rating system, a list of categorization categories assigned to the resolved hostname, determining a type of the target device on the basis of the received list of categorization categories assigned to the hostname, and generating a security related decision on the basis of the determined type of the target device.

A relay device includes a first communication unit that communicates with an information management apparatus connected to the Internet via a firewall, a second communication unit that performs near field communication with a terminal apparatus, a storage unit that acquires from the information management apparatus, using the first communication unit, information for identifying the terminal apparatus and mode instruction information that is instruction information indicating that an operation is to be performed in a second mode for acquiring data having a larger data amount than in a first mode, and stores the acquired information, and a control unit that in a case where the terminal apparatus connected using the second communication unit is a terminal apparatus that needs to operate in the second mode, performs control so as to transmit mode instruction information for instructing the operation in the second mode, to the terminal apparatus, and transmit data acquired from the terminal apparatus by using the second communication unit, to the information management apparatus by using the first communication unit.

Provided is a method for data transmission between at least one first network and at least one second network, wherein a) for at least one data transmission between the at least one first network and the at least one second network, at least one connection between the first network and the second network is established and a datum or data are directed by means of a resource allocation unit arranged between the networks, and b) for the establishment of the at least one connection, the resource allocation unit exclusively allocates at least one net access resource, e.g. network cards or network adapters, which can be coupled to the second net, and a one-way communication unit arranged upstream of the net access resource for establishing a feedback-free data transmission direction.

A system includes an engine manufacturer database communicatively coupled to a blockchain database through a network and a ground station configured to wirelessly communicate with a communication adapter of a gas turbine engine of an aircraft. The communication adapter includes a communication interface configured to communicate with an engine control of a gas turbine engine. The system is further configured to monitor the blockchain database for a configuration update associated with the aircraft and update the engine manufacturer database based on the configuration update. The system is further configured to command a synchronization of the configuration update from the engine manufacturer database to a communication adapter of the gas turbine engine tracked by the engine manufacturer database and transmit the configuration update wirelessly to the communication adapter through the communication interface to update a data storage unit of the gas turbine engine with the configuration update.

Embodiments include a system, method, and computer program product that enable secure access to cameras in smart buildings. Some embodiments control outbound video from an environment such as a local network through an intelligent on-event video pushing mechanism. The local intelligent on-event video pushing mechanism hides the IP address of a source video camera, transcodes the video to a reduced size for wide area distribution, and pushes video to a recipient upon an event triggered received within the local environment (e.g., the local network.) Embodiments enable a remote video client on the far-side of the local network firewall to view the video streams of cameras on the near-side of the local network firewall when an event or trigger occurs.

A method for operating a communications system, in particular a communications system based on software-defined networking, which has at least one network infrastructure component, in particular an SDN switch, and at least one communications device, the network infrastructure component being developed for forwarding data to and/or from the at least one communications device. The method includes the following steps: allocating the communications device to at least one security zone; specifying at least one forwarding rule for forwarding data by the network infrastructure component to and/or from the communications device, the specification of the forwarding rule taking place under consideration of the security zone.

A gateway module includes: a module housing, an operating device arranged on the module housing, which can be put, by user actuation, into a plurality of visually distinguishable operating device states, a first communication interface for communication with field level devices, a second communication interface for communication with an external server, and a control unit configured to receive field data from the field level devices via the first communication interface and to provide the field data to the external server via the second communication interface, wherein the control unit is further configured to provide, depending on which operating device state the operating device is in, a manipulation function for influencing the operation of the gateway module and/or the field level devices.

A machine and process for remotely controlling a vessel. The system may include a land-based computing system configured to communicate control signals via a communications system that communicates the control signals to the vessel and a controller network on the vessel configured to control at least certain functions of the vessel. The controller network may further be configured to receive the control signals from the land-based computing system. The controller may include a switch including an input port and multiple output ports. A remote control computing device may be configured to control the vessel via at least one other computing device. A one-way Ethernet cable may be communicatively coupled between one of the output ports of the switch and the remote control computing device. The control signals may be received by the switch being communicated to the remote control computing device via the one-way Ethernet cable.

Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent executes an attestation algorithm to generate a first secure attestation for the first I/O device and a second secure attestation for the second I/O device, obtains a peer-to-peer communication key, and forwards the peer-to-peer communication key to the first I/O device and a second I/O device to enable secure peer-to-peer communication between the first I/O device and the second I/O device over a communication link secured by the peer-to-peer communication key. Other embodiments are described and claimed.

A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.