SlideShare a Scribd company logo

IoT security-arrow-roadshow #iotconfua

Andy Shutka
Andy Shutka

Intel Security - Безопасность мира Интернет Вещей http://conf.iotua.org/

Engineering
1 of 24
Download to read offline
Intel® IoT
Докладчик Розумей Роман Инженер-консультант по вопросам ИБ ERC
Что такое интернет вещь?...
1. IDC 2. MC/EDC: The Digital Universe of Opportunities 3. Goldman Sachs 4. IMS Research The Internet of Things is … Home Mobile Network Industrial Gateway DC/Cloud 3 COST OF SENSORS 2X PAST10 YEARS COST OF BANDWIDTH40X PAST10YEARS COST OF PROCESSING60X PAST10YEARS 50BDEVICES1 21 212BSensors
Чем чревато?...
Основные кибер-угрозы • Отказ в обслуживании - DDoS • Зловредное ПО • Утечки данных • Непреднамеренные утечки • Ослабление периметра безопасности
Internet of Things Количество атак на интернет вещи будет расти в связи с взрывным ростом количества подключенных устройств и все более критичной информацией хранящейся на устройствах. Source: McAfee, based on research by BI Intelligence, IDC, and Intel Source : HP Сегодня: 70% содержит уязвимости. 80% не требует паролей или испрльзует пароль небезопасной длины и сложности. 90% хранят персональные данные. 70% не имеют защиты от брутфорс атак.
Как бороться?...
IoT Ключевые аспекты безопасности • Целостность устройства • Идентификация устройства • Защита каналов передачи данных в ЦОД/Облако • Защита каналов передачи данных на устройство • Безопасность ЦОДа/Облака • Безопасность вспомогательных узлов
Чем бороться?...
Intel® IoT Platform: Logical Definition MCU • WiFi + LP WiFi • Bluetooth® Technology + BTLE • 3G/4G/LTE (GPRS) • ZigBee*, Zwave* • 6LoWPAN* • WiHART* • Ethernet • RFID Gateway I/O I/O Data Ingestion & Processing Data Transport Broker Query Storage Compute Gateway Device Attestation Persistence & Concurrency Device Attestation Analytics MCU I/O Sensor Actuator Sensor Actuator Sensor Sensor P M A P M A Asset Info, Policies & Metadata Security, Configuration & Management Data Center Management & Security (Monitoring, Auto-scaling, Logging, Eventing) Business Logic & Rules Services Orchestration VerticalIoTApps APIs, API Libraries, SDK Business Portal IT/BusinessSystems Network Infrastructure 3rd Party Systems Data Flow: MQTT, HTTPS, WebSockets, XMPP, CoAP, REST, AMQP, DDS, et al. Security & Mgmt Flow: MQTT, EPID, OMA-DM, TR-069, REST, et al. P M A Protocol Mapper & Adapter (formerly UPAL) Security on all Devices, Data, & Comms from Things to Cloud (Identity Protection, Integrity, Confidentiality, Trusted Execution, Attestation) *Other names and brands may be claimed as the property of others. Sensor Gateways Networks On-Premise or Off-Premise Data Center or Cloud Identity Integrity Data Protection Intrusion Prevention Intrusion Detection Managed Networks Database Security Services Management Security Information and Event Monitoring System Threat Intelligence Public Cloud Security Private Cloud Security Intel Management Platform
Intel® Security - IoT Portfolio Provides comprehensive protection of Critical infrastructure from physical and cyberattacks Intel®SecurityCriticalInfrastructureProtection PRIVATE / PUBLIC CLOUD SECURITY EVENT MANAGEMENT AND THREAT INTELLIGENCE DEVICE LEVEL SECURITY NETWORK SECURITY McAfee Security Information and Event Monitoring System (SIEM) Central security intelligence system for IOT‘s heterogenes architecture McAfee Threat Intelligence Exchange (TIE) & Data Exchange Layer (DXL) Tailors comprehensive threat intelligence from multiple intelligence data sources McAfee ePolicy Orchestrator (McAfee ePO) Security agent that connects with the McAfee security infrastructure for monitoring and managing security of the IoT McAfee Network Security Platform Helps detect and block attacks by enforcing security policies at the application, port and protocol levels Provides Intrustion Detection / Prevention Capabilities McAfee Network Security Platform McAfee Embedded/ Integrity Control (Whitelisting Technology) Helps block unauthorized applications and changes in IOT devices Intel Silicon Hardened Foundation Security capabilities that include Secure Boot, HW Root of Trust and EPID
Intel Security Whitelisting Technology Целостность устройств и проверенные обновления • Самостоятельное или централизовано- управляемое с McAfee ePolicy Orchestrator решение. • Часть Intel IoT Gateway • Интеграция McAfee Threat Intelligence Exchange (TIE) and Security Information and Event Monitoring Solution (SIEM) SYS STOP Unknown Binary is Unauthorized Whitelist
Intel® IoT Gateway Performance at the edge Advanced Security Scalability Manageability Fast, Flexible deployment
Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Sensor/Device Integrity & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Embedded Control Management Agents Signed Updates IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. UEFI Secure Boot 2. OS built-in capabilities Better 1. UEFI Secure Boot measured through TPM (Measure Boot) 2. McAfee Embedded Control 3. Remotly manageable via Intel AMT Best 1. UEFI Secure Boot and Device Attestation through TPM (Measure Boot, Attested) 2. McAfee Embedded Control 3. Management Agents to manage device and its security posture 4. Centralized managed and monitored
Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Data Protection & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® Advanced Encryption Standard - New Instructions (Intel® AES-NI) Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Drive Encryption Management Agents McAfee MNE IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. OS built-in capabilities like dmcrypt or Bitlocker 2. SSL Connections to Services and other devices Better 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections Best 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections 4. Centralized Management of Data Protection Software and Key Management SecureConnections
Итог • IoT Это не только устройства • Безопасность IoT начинается на этапе разработки • Безопасность IoT должна быть реализована на всех уровнях от микроконтроллера до датацентра. • В мире IoT необходима защита инфраструктуры и сервисов.
Q&A
IoT security-arrow-roadshow #iotconfua

Recommended

Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
Adel Barkam
 

Recommended

Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
Adel Barkam
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
webhostingguy
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
Kaspersky Lab
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
Mudassar Mehmud
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
Steven Russo
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptx
rutika12345
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Christopher Frenz
 
Leantegra #iotconfua
Leantegra #iotconfuaLeantegra #iotconfua
Leantegra #iotconfua
Andy Shutka
 
Bitlex #iotconfua
Bitlex #iotconfuaBitlex #iotconfua
Bitlex #iotconfua
Andy Shutka
 

More Related Content

What's hot

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
webhostingguy
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 

What's hot (20)

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptx
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 

Viewers also liked

Viewers also liked (17)

Leantegra #iotconfua
Leantegra #iotconfuaLeantegra #iotconfua
Leantegra #iotconfua
 
Bitlex #iotconfua
Bitlex #iotconfuaBitlex #iotconfua
Bitlex #iotconfua
 
IEEE Internet of Things (IoT) Initiative in Ukraine #iotconfua
IEEE Internet of Things (IoT) Initiative in Ukraine #iotconfuaIEEE Internet of Things (IoT) Initiative in Ukraine #iotconfua
IEEE Internet of Things (IoT) Initiative in Ukraine #iotconfua
 
SmartHome: от прототипа к продукту #iotconfua
SmartHome: от прототипа к продукту #iotconfuaSmartHome: от прототипа к продукту #iotconfua
SmartHome: от прототипа к продукту #iotconfua
 
How to Organise Massproduction in Chine #iotconfua
How to Organise Massproduction in Chine #iotconfuaHow to Organise Massproduction in Chine #iotconfua
How to Organise Massproduction in Chine #iotconfua
 
Global logic iot expertise #iotconfua
Global logic iot expertise #iotconfuaGlobal logic iot expertise #iotconfua
Global logic iot expertise #iotconfua
 
Cyber Bionics #iotconfua
Cyber Bionics #iotconfuaCyber Bionics #iotconfua
Cyber Bionics #iotconfua
 
IoT Protocols #iotconfua
IoT Protocols #iotconfuaIoT Protocols #iotconfua
IoT Protocols #iotconfua
 
IoT from Intersog #iotconfua
IoT from Intersog #iotconfuaIoT from Intersog #iotconfua
IoT from Intersog #iotconfua
 
M2M to IoT - standartization_and_security #iotconfua
M2M to IoT - standartization_and_security #iotconfuaM2M to IoT - standartization_and_security #iotconfua
M2M to IoT - standartization_and_security #iotconfua
 
#iotconfua
#iotconfua#iotconfua
#iotconfua
 
Ibeacon in real life #iotconfua
Ibeacon in real life #iotconfuaIbeacon in real life #iotconfua
Ibeacon in real life #iotconfua
 
High five iot #iotconfua
High five iot #iotconfuaHigh five iot #iotconfua
High five iot #iotconfua
 
IoT for Agro #iotconfua
IoT for Agro #iotconfuaIoT for Agro #iotconfua
IoT for Agro #iotconfua
 
Home Automation by ESP8266 #iotconfua
Home Automation by ESP8266 #iotconfuaHome Automation by ESP8266 #iotconfua
Home Automation by ESP8266 #iotconfua
 
BigData in IoT #iotconfua
BigData in IoT #iotconfuaBigData in IoT #iotconfua
BigData in IoT #iotconfua
 
Blynk.IoT #iotconfua
Blynk.IoT #iotconfuaBlynk.IoT #iotconfua
Blynk.IoT #iotconfua
 

Similar to IoT security-arrow-roadshow #iotconfua

IoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentationIoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentation
AuliaArifWardana
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
Hans Klos
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
Intel IT Center
 

Similar to IoT security-arrow-roadshow #iotconfua (20)

IoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentationIoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentation
 
IoT-Device-Security.pptx
IoT-Device-Security.pptxIoT-Device-Security.pptx
IoT-Device-Security.pptx
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARM
 
Grapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure CommunicationGrapeboard - Enabling Secure Communication
Grapeboard - Enabling Secure Communication
 
Day4
Day4Day4
Day4
 
Cloud Security Secure Your Infrastructure
Cloud Security Secure Your InfrastructureCloud Security Secure Your Infrastructure
Cloud Security Secure Your Infrastructure
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
Network Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptxNetwork Security v1.0 - Module 1.pptx
Network Security v1.0 - Module 1.pptx
 

Recently uploaded

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 

Recently uploaded (20)

Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 

IoT security-arrow-roadshow #iotconfua

  • 3.
  • 5.
  • 6. 1. IDC 2. MC/EDC: The Digital Universe of Opportunities 3. Goldman Sachs 4. IMS Research The Internet of Things is … Home Mobile Network Industrial Gateway DC/Cloud 3 COST OF SENSORS 2X PAST10 YEARS COST OF BANDWIDTH40X PAST10YEARS COST OF PROCESSING60X PAST10YEARS 50BDEVICES1 21 212BSensors
  • 8.
  • 9. Основные кибер-угрозы • Отказ в обслуживании - DDoS • Зловредное ПО • Утечки данных • Непреднамеренные утечки • Ослабление периметра безопасности
  • 10. Internet of Things Количество атак на интернет вещи будет расти в связи с взрывным ростом количества подключенных устройств и все более критичной информацией хранящейся на устройствах. Source: McAfee, based on research by BI Intelligence, IDC, and Intel Source : HP Сегодня: 70% содержит уязвимости. 80% не требует паролей или испрльзует пароль небезопасной длины и сложности. 90% хранят персональные данные. 70% не имеют защиты от брутфорс атак.
  • 12. IoT Ключевые аспекты безопасности • Целостность устройства • Идентификация устройства • Защита каналов передачи данных в ЦОД/Облако • Защита каналов передачи данных на устройство • Безопасность ЦОДа/Облака • Безопасность вспомогательных узлов
  • 14. Intel® IoT Platform: Logical Definition MCU • WiFi + LP WiFi • Bluetooth® Technology + BTLE • 3G/4G/LTE (GPRS) • ZigBee*, Zwave* • 6LoWPAN* • WiHART* • Ethernet • RFID Gateway I/O I/O Data Ingestion & Processing Data Transport Broker Query Storage Compute Gateway Device Attestation Persistence & Concurrency Device Attestation Analytics MCU I/O Sensor Actuator Sensor Actuator Sensor Sensor P M A P M A Asset Info, Policies & Metadata Security, Configuration & Management Data Center Management & Security (Monitoring, Auto-scaling, Logging, Eventing) Business Logic & Rules Services Orchestration VerticalIoTApps APIs, API Libraries, SDK Business Portal IT/BusinessSystems Network Infrastructure 3rd Party Systems Data Flow: MQTT, HTTPS, WebSockets, XMPP, CoAP, REST, AMQP, DDS, et al. Security & Mgmt Flow: MQTT, EPID, OMA-DM, TR-069, REST, et al. P M A Protocol Mapper & Adapter (formerly UPAL) Security on all Devices, Data, & Comms from Things to Cloud (Identity Protection, Integrity, Confidentiality, Trusted Execution, Attestation) *Other names and brands may be claimed as the property of others. Sensor Gateways Networks On-Premise or Off-Premise Data Center or Cloud Identity Integrity Data Protection Intrusion Prevention Intrusion Detection Managed Networks Database Security Services Management Security Information and Event Monitoring System Threat Intelligence Public Cloud Security Private Cloud Security Intel Management Platform
  • 15.
  • 16. Intel® Security - IoT Portfolio Provides comprehensive protection of Critical infrastructure from physical and cyberattacks Intel®SecurityCriticalInfrastructureProtection PRIVATE / PUBLIC CLOUD SECURITY EVENT MANAGEMENT AND THREAT INTELLIGENCE DEVICE LEVEL SECURITY NETWORK SECURITY McAfee Security Information and Event Monitoring System (SIEM) Central security intelligence system for IOT‘s heterogenes architecture McAfee Threat Intelligence Exchange (TIE) & Data Exchange Layer (DXL) Tailors comprehensive threat intelligence from multiple intelligence data sources McAfee ePolicy Orchestrator (McAfee ePO) Security agent that connects with the McAfee security infrastructure for monitoring and managing security of the IoT McAfee Network Security Platform Helps detect and block attacks by enforcing security policies at the application, port and protocol levels Provides Intrustion Detection / Prevention Capabilities McAfee Network Security Platform McAfee Embedded/ Integrity Control (Whitelisting Technology) Helps block unauthorized applications and changes in IOT devices Intel Silicon Hardened Foundation Security capabilities that include Secure Boot, HW Root of Trust and EPID
  • 17.
  • 18. Intel Security Whitelisting Technology Целостность устройств и проверенные обновления • Самостоятельное или централизовано- управляемое с McAfee ePolicy Orchestrator решение. • Часть Intel IoT Gateway • Интеграция McAfee Threat Intelligence Exchange (TIE) and Security Information and Event Monitoring Solution (SIEM) SYS STOP Unknown Binary is Unauthorized Whitelist
  • 19. Intel® IoT Gateway Performance at the edge Advanced Security Scalability Manageability Fast, Flexible deployment
  • 20. Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Sensor/Device Integrity & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Embedded Control Management Agents Signed Updates IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. UEFI Secure Boot 2. OS built-in capabilities Better 1. UEFI Secure Boot measured through TPM (Measure Boot) 2. McAfee Embedded Control 3. Remotly manageable via Intel AMT Best 1. UEFI Secure Boot and Device Attestation through TPM (Measure Boot, Attested) 2. McAfee Embedded Control 3. Management Agents to manage device and its security posture 4. Centralized managed and monitored
  • 21. Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Data Protection & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® Advanced Encryption Standard - New Instructions (Intel® AES-NI) Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Drive Encryption Management Agents McAfee MNE IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. OS built-in capabilities like dmcrypt or Bitlocker 2. SSL Connections to Services and other devices Better 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections Best 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections 4. Centralized Management of Data Protection Software and Key Management SecureConnections
  • 22. Итог • IoT Это не только устройства • Безопасность IoT начинается на этапе разработки • Безопасность IoT должна быть реализована на всех уровнях от микроконтроллера до датацентра. • В мире IoT необходима защита инфраструктуры и сервисов.
  • 23. Q&A