SlideShare a Scribd company logo

Chandler Howell's AWS Chicago user group presentation "IoT Security in AWS"l

AWS Chicago
AWS Chicago

"IoT Security in AWS" - Chandler Howell, Director of Engineering Services at Nexum Inc This presentation was given at the AWS Chicago user group event on 22 March 2017 on the Internet of Things (IoT) https://www.meetup.com/AWS-Chicago/events/237737145/ @chandlerhowell

Technology
1 of 36
Download to read offline
Building Secure IoT Ecosystems With AWS
Topic: IoT/Security/TOC/# { { “Message”: “Background, The Ecosystem, Precursors, AWS Overall, Infrastructure, Multi-Tenancy, Transport, Clients, LWT, Resources” } }
IoT/Security/Background/WhoAmI I’m Chandler Howell Director of Engineering at Nexum chandler@nexuminc.com @chandlerhowell on Twitter Nexum is a Network & Security Reseller & Consultancy Headquartered in Chicago Presence East of the Mississippi River http://nexuminc.com
Iot/Security/Background/Why Hopefully, to have wasted your time Started talking IoT Security in 2015 How it sucked Why it sucked Why it mattered
IoT/Security/Ecosystem/# AWS AWS IoT Infrastructure Transport RESTful HTTP WebSocket MQTT Things Sensors Devices Clients Apps API’s Web portals Gotta Secure ‘em All!
Iot/Security/Precursors/HowToFAIL What am I hoping you’ll avoid? FAILURE Harming people Being in the news Device recalls/updates Getting sued Corporate bankruptcy Bringing bad products to market
IoT/Security/Precursors/BakedIn Security happens before the Things Baked in, not painted on
IoT/Security/Precursors/Challenge I’m here to pose questions It’s up to you to answer them
IoT/Security/Precursors/Policies You’re in the Data Business now What data do you collect? How long do you retain it? Who owns the data you collect? Do you have a published Privacy Policy? Have you calibrated your business model with it? Does it cover both Internal & Third Party Use, Sharing and Disclosure? Do you have a published Service Level Agreement? Do you have Incident Response & Disaster Recovery Plans?
IoT/Security/Precursors/Assumptions If you must assume, assume things will go wrong. * Connectivity will fail * Network * Device Association * Vulnerabilities will be found * Devices will be compromised * Keys/Credentials will be compromised * Retail (client) * Wholesale (server keys) * Data might be breached or destroyed How will each of these affect ...your customers? ...your product? ...your company?
IoT/Security/Precursors/Challenges How will you… * Push updates to Things * When would you force an update? * Cryptographically verify those updates * Track versions * Deal with version incompatibilities * Deal with potential downtime
IoT/Security/Precursors/Transport * How much data can you lose to outages? * How much data can you queue? * If you can’t publish to a Thing... * What telemetry is lost? * What functionality is lost? * How will you handle network limits * Blocking MQTT * Blocking HTTPs * Blocking un-inspected SSL/TLS
IoT/Security/AWS Expect to use LOTS of services * Manage access through IAM Policies & Roles * Segment where it makes sense * Consider CRUD needs for all access * (Create, Read, Update, Delete) AWS Provides some features by default * DDoS Protection
IoT/Security/AWS/EC2 * This is a great place to get pwned * “Traditional” IT brings Traditional problems * ALL SERVERS SHOULD BE EPHEMERAL * “Pets vs. Cattle” * Amazon Inspector is your friend * https://aws.amazon.com/inspector/ * Security Scanning * Can be automated with Lambda & SNS * Ticketing, e.g. into Jira
IoT/Security/AWS/Monitoring You can’t find what you don’t look for Log & alert changes to: * Running instances * Policies * IAM Roles * Accounts * Security Groups * Billing Events * Workload spikes * Errors & Exceptions
IoT/Security/AWS/HowToWin * Harden the environment * Delete the Root Access Keys * Enable Multi-Factor/Strong Authentication * Adhere to the Principle of Least Privilege * Don’t just hand out Permissions * RTFM on Policies & Permissions * AWS Provides Sample Policies * Don’t forget your processes * User Management * IT Inventory & Asset Management * Vulnerability & Configuration Management
IoT/Security/AWS/HowToWin/2 Minimize your Attack Surfaces * Only expose Public Services to the Internet * Segment where it makes sense * Limit internal access to Production * Make use of AWS’ IAM & RBAC * RBAC is a de facto inter-service firewall Use real remote access * Direct Connect * Layer 3 VPN * Bastion Host/Jump Box * Assuming you absolutely HAVE to access instances directly
IoT/Security/AWS/Infrastructure/PSA Public Service Announcement: Don’t put your infrastructure raw on the Internet! Don’t be a… MongoDB or ElasticSearch Mass hack victim Vtech Hack Victim CloudPets Hack Victim
IoT/Security/AWS/MultiTenancy Assume you need multi-tenancy… * How distinct must the segregation be? * Separate accounts * Cumbersome, but most effective * Separate data stores * Do-able, but shifts complexity into the business logic * Common data stores with key fields * Best option if it is an option
IoT/Security/Multi-Tenancy/IAM * Not complete or by default in all services * Fine-grained access control through AWS Identity & Access Management (IAM) But…some Control Plane calls are not (yet) e.g. “list-things” will show all devices, not just a tenant’s devices * Wrap that API to filter to just the tenant via device registry
IoT/Security/Multi-Tenancy/HowToWin * Define Requirements up front * How much segregation is enough? * Review each service’s capabilities * Make sure you solve before you commit * Include tests for cross-tenant failure * Can you CRUD resources you should not be able to?
IoT/Security/AWS/Lambda * This is where the magic happens * Good Magic * like working code * Bad Magic * AppSec vulnerabilities * Resources like OWASP apply here, too * http://www.owasp.org * Open Web Application Security Project * SANS Also has great AppSec training * http://sans.org
IoT/Security/AWS/Transport/+ * 3 Options within AWS * HTTP (RESTful) * WebSocket * Message Queue Telemetry Transport (MQTT)
IoT/Security/Transport/HTTP * HTTP * POST to a RESTful API * Only scales so far * Included for completeness * <AWS IoT Endpoint>/topics/<url_encoded_topic_name>?qos=1 * Uses AWS Signature Version 4 * Add either a Query String param or an Authorization: header GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7 content-type: application/x-www-form-urlencoded; charset=utf-8 host: iam.amazonaws.com x-amz-date: 20150830T123600Z
IoT/Security/Transport/WebSocket * WebSocket tunnels MQTT over HTTP(s) * Good for passing firewalls * Runs over port 443 * Uses the HTTP UPGRADE verb * Also AWS uses Signature Version 4 * URL Format: wss://<endpoint>.iot.<region>.amazonaws.com/mqtt * Best if you have a hub forwarding traffic * Either no MQTT allowed * or older, crypto-incapable devices
IoT/Security/Transport/MQTT * Publish-Subscribe protocol * 1st implementation 1999 * Designed for high-latency, low bandwidth * Lightweight * Bandwidth * CPU * Can be secure, but can be Not Secure, too
IoT/Security/Transport/MQTT/QoS * 3 Quality of Service (QoS) Options * 0 – At most once * Best Effort * No retry, no acknowledgement * 1 – At least once * Retry until acknowledgement received * May result in multiple deliveries * 2 – Guaranteed single delivery * Full send-ack transaction & queueing
IoT/Security/Transport/MQTT/Authentication * Multiple Options * No Authentication (Don’t do this) * Topic-based Pseudo-auth (Another NOPE) * Username/Password (Dont’ do this either) * X.509 Certificates (Do this) * AWS makes this easy
IoT/Security/Transport/MQTT/HowToFail * Authentication * No Authentication * Weak Authentication * Not encrypting Traffic * MQTT+TLS For The Win * (Unless absolutely necessary)
IoT/Security/Transport/MQTT/HowToWin * Use X.509 Certificates for Authentication * Always use TLS if possible * Use AWS IAM to define device roles * Follow Principle of Least Privilege * Test for Information Leakage * e.g. aws iot list-devices in multi- tenant environments * If you have insecure legacy devices, use a broker for secure upstream transport
(Yes, that’s the username & password being sent in the clear!) IoT/Security/Transport/MQTT/PSA Public Service Announcement: Username & Password are even less of your friend than usual
IoT/Security/Clients * Researcher focus has largely been on clients * Soft targets * Riddled with Amateur Hour vulnerabilities * Weak machines * Under their physical control * Fewer legal issues * Ecosystem testing still the realm of authorized testers * They don’t generally publish * So less data to to assume against
IoT/Security/Clients/HowToFail * A few pitfalls to avoid * Use of no/default credentials * Re-use of keys or credentials * Hard coding credentials * Assuming a friendly deployment environment * Running unnecessary services * Especially network services * Not using signed/secure images
IoT/Security/Clients/HowToWin * Incorporate security into your design * Threat Model * Educate yourself on AppSec * Scan/Attack your services & device ports * Dynamic Analysis tools * Run Static Analysis tools on your source code * Or at least include failure-mode tests * Consider credential storage on the client * How hard is credential (key) compromise? * What do those keys get you? * Do you leak credentials, e.g. Wi-Fi?
IoT/Security/LWT I’ve asked you a lot of questions, so I guess it’s only fair to let you ask me some.
IoT/Security/Resources * Security & Identity for AWS IoT * https://docs.aws.amazon.com/iot/latest/developerguide/iot-security-identity.html * Things I wish I’d known before I started working with AWS * https://wblinks.com/notes/aws-tips-i-wish-id-known-before-i-started/ * especially this change monitoring script * https://s3.amazonaws.com/reinvent2013-sec402/SecConfig.py * AWS Security Blog Post: Automatic Remediation with AWS Inspector * https://aws.amazon.com/blogs/security/how-to-remediate-amazon-inspector-security-findings- automatically/ * MQTT Security Fundamentals * http://www.hivemq.com/mqtt-security-fundamentals/ * AWS IoT Protocols * https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html * How to bridge Mosquitto MQTT Broker to AWS IoT * https://aws.amazon.com/blogs/iot/how-to-bridge-mosquitto-mqtt-broker-to-aws-iot/ * Multi-Tenant Storage with DynamoDB * https://aws.amazon.com/blogs/apn/multi-tenant-storage-with-amazon-dynamodb/ * AWS Access Management * https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html

Recommended

Zinnov Zones for IoT Services 2017
Zinnov Zones for IoT Services 2017Zinnov Zones for IoT Services 2017
Zinnov Zones for IoT Services 2017Zinnov
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart CityDr. Mazlan Abbas
 
A management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesA management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesSven Beauprez
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)Anand Bagmar
 
NashTech - Azure IoT Solutions on Microsoft Azure
NashTech - Azure IoT Solutions on Microsoft AzureNashTech - Azure IoT Solutions on Microsoft Azure
NashTech - Azure IoT Solutions on Microsoft AzurePhi Huynh
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 

Recommended

Zinnov Zones for IoT Services 2017
Zinnov Zones for IoT Services 2017Zinnov Zones for IoT Services 2017
Zinnov Zones for IoT Services 2017Zinnov
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart CityDr. Mazlan Abbas
 
A management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesA management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesSven Beauprez
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)
The What, Why and How of (Web) Analytics Testing (Web, IoT, Big Data)Anand Bagmar
 
NashTech - Azure IoT Solutions on Microsoft Azure
NashTech - Azure IoT Solutions on Microsoft AzureNashTech - Azure IoT Solutions on Microsoft Azure
NashTech - Azure IoT Solutions on Microsoft AzurePhi Huynh
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"AWS Chicago
 
Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016AWS Chicago
 
One Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech TalksOne Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech TalksAmazon Web Services
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterpriseGabriella Davis
 
Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016AWS Chicago
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshopNitesh Malviya
 
AWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK StackAWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK StackAWS Chicago
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014AWS Chicago
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveAWS Chicago
 
M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.Pedro Menendez-Valdes
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Amazon Web Services
 
Edge patterns in the IIoT
Edge patterns in the IIoTEdge patterns in the IIoT
Edge patterns in the IIoTBrad Nicholas
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
IoT Applications based on LoRaWan
IoT Applications based on LoRaWanIoT Applications based on LoRaWan
IoT Applications based on LoRaWanDaniel Koller
 
Internet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergInternet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergDr. Mazlan Abbas
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxAWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaAWS Chicago
 

More Related Content

Viewers also liked

Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"AWS Chicago
 
Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016AWS Chicago
 
One Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech TalksOne Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech TalksAmazon Web Services
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterpriseGabriella Davis
 
Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016AWS Chicago
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshopNitesh Malviya
 
AWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK StackAWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK StackAWS Chicago
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014AWS Chicago
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveAWS Chicago
 
M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.Pedro Menendez-Valdes
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Amazon Web Services
 
Edge patterns in the IIoT
Edge patterns in the IIoTEdge patterns in the IIoT
Edge patterns in the IIoTBrad Nicholas
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
IoT Applications based on LoRaWan
IoT Applications based on LoRaWanIoT Applications based on LoRaWan
IoT Applications based on LoRaWanDaniel Koller
 
Internet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergInternet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergDr. Mazlan Abbas
 

Viewers also liked (17)

Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
 
Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016Mark Johnson's AWS Chicago Healthcare Slides - 2016
Mark Johnson's AWS Chicago Healthcare Slides - 2016
 
One Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech TalksOne Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
One Click Enterprise IoT Services - March 2017 AWS Online Tech Talks
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterprise
 
Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016Scott Paddock's AWS Chicago Healthcare slides - 2016
Scott Paddock's AWS Chicago Healthcare slides - 2016
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
AWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK StackAWS Chicago 2016 Lessons Learned Deploying the ELK Stack
AWS Chicago 2016 Lessons Learned Deploying the ELK Stack
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group - 2014
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
 
M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.M2M transitioning to IoT opportunity for telcos. Success references.
M2M transitioning to IoT opportunity for telcos. Success references.
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Edge patterns in the IIoT
Edge patterns in the IIoTEdge patterns in the IIoT
Edge patterns in the IIoT
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
IoT Applications based on LoRaWan
IoT Applications based on LoRaWanIoT Applications based on LoRaWan
IoT Applications based on LoRaWan
 
Internet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An IcebergInternet of Things (IoT) - We Are at the Tip of An Iceberg
Internet of Things (IoT) - We Are at the Tip of An Iceberg
 

More from AWS Chicago

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxAWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaAWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxAWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxAWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxAWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxAWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfAWS Chicago
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfAWS Chicago
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxAWS Chicago
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxAWS Chicago
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxAWS Chicago
 

More from AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Chandler Howell's AWS Chicago user group presentation "IoT Security in AWS"l

  • 2. Topic: IoT/Security/TOC/# { { “Message”: “Background, The Ecosystem, Precursors, AWS Overall, Infrastructure, Multi-Tenancy, Transport, Clients, LWT, Resources” } }
  • 3. IoT/Security/Background/WhoAmI I’m Chandler Howell Director of Engineering at Nexum chandler@nexuminc.com @chandlerhowell on Twitter Nexum is a Network & Security Reseller & Consultancy Headquartered in Chicago Presence East of the Mississippi River http://nexuminc.com
  • 4. Iot/Security/Background/Why Hopefully, to have wasted your time Started talking IoT Security in 2015 How it sucked Why it sucked Why it mattered
  • 6. Iot/Security/Precursors/HowToFAIL What am I hoping you’ll avoid? FAILURE Harming people Being in the news Device recalls/updates Getting sued Corporate bankruptcy Bringing bad products to market
  • 7. IoT/Security/Precursors/BakedIn Security happens before the Things Baked in, not painted on
  • 8. IoT/Security/Precursors/Challenge I’m here to pose questions It’s up to you to answer them
  • 9. IoT/Security/Precursors/Policies You’re in the Data Business now What data do you collect? How long do you retain it? Who owns the data you collect? Do you have a published Privacy Policy? Have you calibrated your business model with it? Does it cover both Internal & Third Party Use, Sharing and Disclosure? Do you have a published Service Level Agreement? Do you have Incident Response & Disaster Recovery Plans?
  • 10. IoT/Security/Precursors/Assumptions If you must assume, assume things will go wrong. * Connectivity will fail * Network * Device Association * Vulnerabilities will be found * Devices will be compromised * Keys/Credentials will be compromised * Retail (client) * Wholesale (server keys) * Data might be breached or destroyed How will each of these affect ...your customers? ...your product? ...your company?
  • 11. IoT/Security/Precursors/Challenges How will you… * Push updates to Things * When would you force an update? * Cryptographically verify those updates * Track versions * Deal with version incompatibilities * Deal with potential downtime
  • 12. IoT/Security/Precursors/Transport * How much data can you lose to outages? * How much data can you queue? * If you can’t publish to a Thing... * What telemetry is lost? * What functionality is lost? * How will you handle network limits * Blocking MQTT * Blocking HTTPs * Blocking un-inspected SSL/TLS
  • 13. IoT/Security/AWS Expect to use LOTS of services * Manage access through IAM Policies & Roles * Segment where it makes sense * Consider CRUD needs for all access * (Create, Read, Update, Delete) AWS Provides some features by default * DDoS Protection
  • 14. IoT/Security/AWS/EC2 * This is a great place to get pwned * “Traditional” IT brings Traditional problems * ALL SERVERS SHOULD BE EPHEMERAL * “Pets vs. Cattle” * Amazon Inspector is your friend * https://aws.amazon.com/inspector/ * Security Scanning * Can be automated with Lambda & SNS * Ticketing, e.g. into Jira
  • 15. IoT/Security/AWS/Monitoring You can’t find what you don’t look for Log & alert changes to: * Running instances * Policies * IAM Roles * Accounts * Security Groups * Billing Events * Workload spikes * Errors & Exceptions
  • 16. IoT/Security/AWS/HowToWin * Harden the environment * Delete the Root Access Keys * Enable Multi-Factor/Strong Authentication * Adhere to the Principle of Least Privilege * Don’t just hand out Permissions * RTFM on Policies & Permissions * AWS Provides Sample Policies * Don’t forget your processes * User Management * IT Inventory & Asset Management * Vulnerability & Configuration Management
  • 17. IoT/Security/AWS/HowToWin/2 Minimize your Attack Surfaces * Only expose Public Services to the Internet * Segment where it makes sense * Limit internal access to Production * Make use of AWS’ IAM & RBAC * RBAC is a de facto inter-service firewall Use real remote access * Direct Connect * Layer 3 VPN * Bastion Host/Jump Box * Assuming you absolutely HAVE to access instances directly
  • 18. IoT/Security/AWS/Infrastructure/PSA Public Service Announcement: Don’t put your infrastructure raw on the Internet! Don’t be a… MongoDB or ElasticSearch Mass hack victim Vtech Hack Victim CloudPets Hack Victim
  • 19. IoT/Security/AWS/MultiTenancy Assume you need multi-tenancy… * How distinct must the segregation be? * Separate accounts * Cumbersome, but most effective * Separate data stores * Do-able, but shifts complexity into the business logic * Common data stores with key fields * Best option if it is an option
  • 20. IoT/Security/Multi-Tenancy/IAM * Not complete or by default in all services * Fine-grained access control through AWS Identity & Access Management (IAM) But…some Control Plane calls are not (yet) e.g. “list-things” will show all devices, not just a tenant’s devices * Wrap that API to filter to just the tenant via device registry
  • 21. IoT/Security/Multi-Tenancy/HowToWin * Define Requirements up front * How much segregation is enough? * Review each service’s capabilities * Make sure you solve before you commit * Include tests for cross-tenant failure * Can you CRUD resources you should not be able to?
  • 22. IoT/Security/AWS/Lambda * This is where the magic happens * Good Magic * like working code * Bad Magic * AppSec vulnerabilities * Resources like OWASP apply here, too * http://www.owasp.org * Open Web Application Security Project * SANS Also has great AppSec training * http://sans.org
  • 23. IoT/Security/AWS/Transport/+ * 3 Options within AWS * HTTP (RESTful) * WebSocket * Message Queue Telemetry Transport (MQTT)
  • 24. IoT/Security/Transport/HTTP * HTTP * POST to a RESTful API * Only scales so far * Included for completeness * <AWS IoT Endpoint>/topics/<url_encoded_topic_name>?qos=1 * Uses AWS Signature Version 4 * Add either a Query String param or an Authorization: header GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7 content-type: application/x-www-form-urlencoded; charset=utf-8 host: iam.amazonaws.com x-amz-date: 20150830T123600Z
  • 25. IoT/Security/Transport/WebSocket * WebSocket tunnels MQTT over HTTP(s) * Good for passing firewalls * Runs over port 443 * Uses the HTTP UPGRADE verb * Also AWS uses Signature Version 4 * URL Format: wss://<endpoint>.iot.<region>.amazonaws.com/mqtt * Best if you have a hub forwarding traffic * Either no MQTT allowed * or older, crypto-incapable devices
  • 26. IoT/Security/Transport/MQTT * Publish-Subscribe protocol * 1st implementation 1999 * Designed for high-latency, low bandwidth * Lightweight * Bandwidth * CPU * Can be secure, but can be Not Secure, too
  • 27. IoT/Security/Transport/MQTT/QoS * 3 Quality of Service (QoS) Options * 0 – At most once * Best Effort * No retry, no acknowledgement * 1 – At least once * Retry until acknowledgement received * May result in multiple deliveries * 2 – Guaranteed single delivery * Full send-ack transaction & queueing
  • 28. IoT/Security/Transport/MQTT/Authentication * Multiple Options * No Authentication (Don’t do this) * Topic-based Pseudo-auth (Another NOPE) * Username/Password (Dont’ do this either) * X.509 Certificates (Do this) * AWS makes this easy
  • 29. IoT/Security/Transport/MQTT/HowToFail * Authentication * No Authentication * Weak Authentication * Not encrypting Traffic * MQTT+TLS For The Win * (Unless absolutely necessary)
  • 30. IoT/Security/Transport/MQTT/HowToWin * Use X.509 Certificates for Authentication * Always use TLS if possible * Use AWS IAM to define device roles * Follow Principle of Least Privilege * Test for Information Leakage * e.g. aws iot list-devices in multi- tenant environments * If you have insecure legacy devices, use a broker for secure upstream transport
  • 31. (Yes, that’s the username & password being sent in the clear!) IoT/Security/Transport/MQTT/PSA Public Service Announcement: Username & Password are even less of your friend than usual
  • 32. IoT/Security/Clients * Researcher focus has largely been on clients * Soft targets * Riddled with Amateur Hour vulnerabilities * Weak machines * Under their physical control * Fewer legal issues * Ecosystem testing still the realm of authorized testers * They don’t generally publish * So less data to to assume against
  • 33. IoT/Security/Clients/HowToFail * A few pitfalls to avoid * Use of no/default credentials * Re-use of keys or credentials * Hard coding credentials * Assuming a friendly deployment environment * Running unnecessary services * Especially network services * Not using signed/secure images
  • 34. IoT/Security/Clients/HowToWin * Incorporate security into your design * Threat Model * Educate yourself on AppSec * Scan/Attack your services & device ports * Dynamic Analysis tools * Run Static Analysis tools on your source code * Or at least include failure-mode tests * Consider credential storage on the client * How hard is credential (key) compromise? * What do those keys get you? * Do you leak credentials, e.g. Wi-Fi?
  • 35. IoT/Security/LWT I’ve asked you a lot of questions, so I guess it’s only fair to let you ask me some.
  • 36. IoT/Security/Resources * Security & Identity for AWS IoT * https://docs.aws.amazon.com/iot/latest/developerguide/iot-security-identity.html * Things I wish I’d known before I started working with AWS * https://wblinks.com/notes/aws-tips-i-wish-id-known-before-i-started/ * especially this change monitoring script * https://s3.amazonaws.com/reinvent2013-sec402/SecConfig.py * AWS Security Blog Post: Automatic Remediation with AWS Inspector * https://aws.amazon.com/blogs/security/how-to-remediate-amazon-inspector-security-findings- automatically/ * MQTT Security Fundamentals * http://www.hivemq.com/mqtt-security-fundamentals/ * AWS IoT Protocols * https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html * How to bridge Mosquitto MQTT Broker to AWS IoT * https://aws.amazon.com/blogs/iot/how-to-bridge-mosquitto-mqtt-broker-to-aws-iot/ * Multi-Tenant Storage with DynamoDB * https://aws.amazon.com/blogs/apn/multi-tenant-storage-with-amazon-dynamodb/ * AWS Access Management * https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html