Abstract
High data rate optical fiber links are usually deployed in core IP networks to transport bulky [...]

Abstract
Security attacks using USB interfaces and devices are becoming more advanced, which boost efforts to develop counter measures in order to protect systems and data. One of the most recent attacks using USB devices is the BadUSB attack, performed by spoofing the device’s firmware and allowing the attackers to execute a set of malicious actions, e.g. an USB storage device could be mounted as USB keyboard in order to inject malicious scripts into the system. This paper proposes a protection agent against BadUSB attack developed for Windows operative systems. It allows a user to check the class of an USB device ready to be mounted, though enabling the detection of a potential attack if the expected functionality of the device does not match with its class type. The results show that the proposed protection agent is capable of detecting potential intrusions by blocking the installation of the device, scanning the device for something that identifies it, searching for a description locally and finally warning the user about the device meaning that all devices must be approved by the user when plugged in if the system protection agent is running. Copyright

Abstract
The security standard ISO/IEC 27001 provides orientations to support organizations to set adequate best practices in information security management, specifying requirements that enable the appropriate selection and implementation of security controls. This standard assists organizations to protect their information assets, achieve their adequate levels of security and thus help them to succeed their business goals. Currently, an increasing number of Portuguese organizations seek to comply ISO/IEC 27001:2013 standard and obtain the respective certification. This paper presents the result of a research conducted in order to detail the main difficulties and limitations evidenced by Portuguese organizations while meeting the ISO/IEC 27001:2013 standard. Moreover, this paper provides discussion on the results obtained, to better understand the progress and status quo of this standard implementation. From the research conducted it can be seen that organizations are becoming heavily concerned with information security issues, mainly due it to the recent cybersecurity incidents occurred. Additionally, certification is recognized as an important instrument to give confidence and demonstrate to all organizational' customers, suppliers and stakeholders that information security components are verified and organized within the organization.

Abstract
Intrusion Detection Systems (IDS) are used to prevent attacks by detecting potential harmful intrusion attempts. Currently, there are a set of available Open Source IDS with different characteristics. The Open Source Host-based Intrusion Detection System (OSSEC) supports multiple features and its implementation consists of Agents that collect and send event logs to a Manager that analyzes and tests them against specific rules. In the Manager, if certain events match a specific rule, predefined actions are triggered in the Agents such as to block or unblock a particular IP address. However, once an action is triggered, the systems administrator is not able to centrally check and obtain detailed information of the past event logs. In addition, OSSEC may assume false positive or negative detections and their triggered actions: previously harmless but blocked IP addresses by OSSEC have to be unblocked in order to reestablish normal operation or potential harmful IP addresses not previously blocked by OSSEC should be blocked in order to increase protection levels. These operations to override OSSEC actions must be manually performed in every Agent, thus requiring time and human resources. Both these limitations have a higher impact on large scale OSSEC deployments assuming tens or hundreds of Agents. This paper proposes an extension to OSSEC that improves the administrator analysis capability by maintaining, organizing and presenting Agent logs in a central point, and it allows for blocking or unblocking IP addresses in order to override actions triggered by false detections. The proposed extension aims to increase efficiency of time and human resources management, mainly considering large scale OSSEC deployments.

Abstract
An increase number of cyberattacks on public and private organizations have been performed by exploiting their social and technological vulnerabilities. Mainly, these attacks aim to obtain illegal profits by extorting organizations, affecting their reputation and normal operation. In order to minimize the impact of these attacks, it is essential that these organizations not only implement preventive actions and efficient security mechanisms, but also continually evaluate the security risks their staff are exposed to when performing their job tasks. This paper presents a case study to assess the private and public Portuguese organizations security related practices followed by their staff. The results obtained by a conducted survey allow the analysis of behaviours and practices followed by the staff of these organizations and also allow to draw conclusions about their security procedures and risk awareness.

Abstract
The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.