Uploaded bylmelaine
DOCX, PDF36 views

Final Research Project - Securing IoT Devices What are the Challe.docx

The document discusses the importance of securing Internet of Things (IoT) devices, highlighting significant security challenges such as embedded passwords and lack of device authentication. It emphasizes that proactive steps must be taken by both manufacturers and organizations to mitigate these risks and protect vulnerable devices. Solutions include improving device design for security, ensuring proper authentication, and incorporating regular updates and monitoring mechanisms.

Embed presentation

Download to read offline
Final Research Project - Securing IoT Devices: What are the Challenges? Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important? The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.” IoT devices are quite a bit different from other internet- connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration. Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them. Some security practitioners suggest that key IoT security steps include: 1. Make people aware that there is a threat to security; 2. Design a technical solution to reduce security vulnerabilities; 3. Align the legal and regulatory frameworks; and 4. Develop a workforce with the skills to handle IoT security. Final Assignment - Project Plan (Deliverables): 1) Address each of the FOURIoT security steps listed above in
terms of IoT devices. 2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices. Bottom of Form Top of Form Bottom of Form IoT References: https://www.techrepublic.com/article/how-to-secure-your-iot- devices-from-botnets-and-other-threats/ https://www.peerbits.com/blog/biggest-iot-security- challenges.html https://www.bankinfosecurity.asia/securing-iot-devices- challenges-a-11138 https://www.sumologic.com/blog/iot-security/ https://news.ihsmarkit.com/press-release/number-connected-iot- devices-will-surge-125-billion-2030-ihs-markit-says https://cdn.ihs.com/www/pdf/IoT_ebook.pdf https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to %20IoT%20Security%20-Final.pdf https://www.techrepublic.com/article/smart-farming-how-iot- robotics-and-ai-are-tackling-one-of-the-biggest-problems-of- the-century/ Video Resources:What is the Internet of Things (IoT) and how can we secure it? https://www.youtube.com/watch?v=H_X6IP1-NDc What is the problem with IoT security? - Gary explains https://www.youtube.com/watch?v=D3yrk4TaIQQ What are the Challenges of IoT Security? IoT has many of the same security challenges that other systems have. There are, however, some challenges that are unique to IoT. 1. Embedded Passwords. Embedding passwords in IoT devices make it easy for remote support technicians to access devices for troubleshooting and simplifies the installation of multiple
devices. Of course, it also simplifies access to devices for malicious purposes. 2. Lack of device authentication. Allowing IoT devices access to the network without authenticating opens the network to unknown and unauthorized devices. Rogue devices can serve as an entry point for attacks or even as a source of attacks. 3. Patching and upgrading. Some IoT devices do not provide a simple (or any) means to patch or upgrade software. This results in many IoT devices with vulnerabilities continuing to be in use. 4. Physical hardening. Physical access to IoT devices can introduce risk if those devices are not hardened against physical attack. Such an attack may not be intended to damage the device, but rather to extract information. Simply removing a microSD memory card to read its contents can give an attacker private data, as well as information such as embedded passwords that may allow access to other devices. 5. Outdated components. When vulnerabilities are discovered in hardware or software components of IoT devices, it can be difficult and expensive for manufacturers or users to update or replace them. As with patches, this results in many IoT devices with vulnerabilities continuing to be used. 6. Device monitoring and management. IoT devices do not always have a unique identifier that facilitates asset tracking, monitoring, and management. IT personnel do not necessarily consider IoT devices among the hosts that they monitor and manage. Asset tracking systems sometimes neglect to include IoT devices, so they sit on the network without being managed or monitored. Most of these issues can be attributed to security being an afterthought (if a thought at all) in the design and manufacturing of IoT devices. Even those IoT developers who consider security in the design process struggle with implementation. Most IoT devices are limited by minimal processing power, memory, and data transfer speeds. This is a necessary evil in order to keep the size and cost of the devices
small. Accordingly, security controls must be implemented to compensate for these inherent weaknesses. The first step to implementing security controls is to determine where those controls are needed. This is another challenge for protecting IoT devices. Since IoT devices are often not recognized as network devices, they get overlooked when inventorying or mapping the network. If you do not know it is there, you cannot protect it. Fortunately, IoT device manufacturers are beginning to address these issues, but organizations that are planning or currently using IoT cannot sit back and wait for that to happen. There are measures that organizations can take right now to protect their IoT devices and networks from attacks.Security Requirements of IoT Manufacturers and implementers must implement security practices to mitigate IoT risks. Steps can be taken to better secure IoT and address known risks. Security Challenge Solution Embedded passwords Rather than embedding passwords in their products, manufacturers should require users to create a strong password during device setup. Lack of device authentication Manufacturers should provide a means for their devices to
authenticate to the network. IT personnel should require devices to authenticate before joining the network. Patching and upgrading Manufacturers need to make it easy for devices to be upgraded or patched. Ideally, this would be an automatic or one-click process. Physical hardening IoT devices should be made tamper-proof. Devices should be monitored to detect time offline and inspected after unexpectedly dropping offline. Outdated components Vulnerable devices should be updated or replaced. This can be difficult to remedy, especially in environments that have many IoT devices in remote locations. In those cases, tighter security controls and more vigilant monitoring should be implemented. Device monitoring and management Ensure that all IoT devices are included in asset tracking, monitoring, and management systems. Manufacturers should provide a unique identifier for each device. Clearly, many of these security issues can only be resolved by the manufacturer. One that organizations’ security, IT, and OT teams can address is device management. It is up to those planning and/or implementing the rollout of IoT devices to ensure that they are accounted for in asset management, systems monitoring, security monitoring, and incident response systems.
Breaches and Hacks There are two broad categories of attacks that involve IoT devices: those in which the IoT devices themselves are the end target of the attack, and those that use IoT devices to attack other targets. We have seen both types of attacks used in the real world and by security researchers as a proof of concept. In October of 2016, an attack against Dyn, a company that provides DNS services, made much of the internet inaccessible. Twitter, Spotify, Github, Netflix, The New York Times, Paypal and other major websites were down for hours. The attack used the Mirai IoT Botnet, taking control of over 600,000 IoT devices to flood Dyn with traffic in a massive DDoS attack. The devices seemed to be mostly routers and IP cameras. IP cameras are frequently targeted IoT devices. In a scary example of an attack where the IoT device was the target, the “device” was a car. Fortunately, this was a controlled demonstration by security researchers Charlie Miller and Chris Valasek. They demonstrated the attack for Wired writer Andy Greenberg, who was driving a Jeep Cherokee. Miller and Valasek, from miles away over a cellular internet connection, remotely turned on the A/C, radio, and windshield wipers. That was just the beginning. Next, they caused the Jeep to slow, remotely rendering the accelerator useless.How to Secure IoT Systems and Devices It is clear that IoT attacks can have serious consequences.
Securing IoT systems and devices must be done by both the manufacturers and the organizations using them. The security controls that organizations can put in place are similar to the controls they already use on their network. The key to securing IoT is to know what IoT devices are on your network and where they are in your network topology. Until you know that, you are flying blind. You cannot protect what you cannot see. One way to identify IoT devices on your network is to require all hosts and devices to authenticate when joining the network. Devices that fail authentication can then be identified. If they belong on the network, authentication can then be configured for that device. If they do not belong on the network, you have discovered a rogue device. You can further secure IoT devices by segmenting the network and dedicating one segment to IoT. This will allow you to firewall that segment and apply IoT-specific rules. It would also allow you to quickly block traffic from that segment in the event that an IoT device is compromised. Once you have IoT devices authenticated, you can then gain visibility into their activity using a cloud-native security monitoring and analytics platform like Sumo Logic. The Sumo Logic platform helps you make data-driven decisions and reduce the time to investigate security and operational issues so you can free up resources for more important activities. For even greater visibility into security events, integrated threat
intelligence from Crowdstrike is included for up-to-date IOC data that can be quickly cross-correlated to identify threats in your environment. Reference: https://www.sumologic.com/blog/iot-security/ Personal data breaches and securing IoT devices · By Damon Culbert (2019) The Internet of Things (IoT) is taking the world by storm as interconnected devices fill workplaces and homes across the US. While the intention of these devices is always to make our lives easier, their ability to connect to the internet turns them into ticking time bombs, lying in wait until their weaknesses can be exploited by opportunistic hackers. Personal data breaches are skyrocketing in America, increasing by 60% in the last year and by 157 percent since 2015. As our interconnectivity grows, so do the opportunities that our technology will be hacked. Since every IoT device is connected to the internet, each one is vulnerable to external access if not secured properly. In the rush to manufacture these devices and get them onto the market, security has been an afterthought which needs to be urgently addressed if the number of yearly data breaches is to be tackled. Not only is the actual security of IoT devices under constant debate but recent news stories surrounding both the Amazon
Alexa and Google Home products -- central machines to most home IoT set-ups -- show that even when used properly, the security implications of these devices can be suspect. Though many expect IoT to revolutionize our everyday lives, the potential holes they open up in our security infrastructures could become an insurmountable problem if not dealt with soon. Workplace IoT IoT in the workplace can range from integrated systems such as air conditioning and security systems to Wi-Fi enabled coffee machines. But every point of access in a system has potential for weakness, meaning the more connected devices there are the harder it is to protect. Many believe that blockchain technology has the answer for IoT security issues due to its decentralized nature and the ability to timestamp and identify each connected device, allowing for more accurate access records and a more stable network where no central point is vulnerable. The other key issue with workplace IoT is the necessity of regular updates to keep all devices secured. In working environments where machines are working 24/7, there is no time to take machines out of service to complete updates, meaning identified weaknesses can be left unresolved. This allows hackers multiple opportunities to exploit the insecurities in an individual device and gain access to the central network from there. Creators of IoT devices will need to address the concerns of
their consumers in order to create products which can be routinely secured and hold a high base standard of security. Integrated homes With an explosion of interconnected devices for the home comes a unique challenge that consumers are often completely oblivious to. Some IoT devices have no way to securely store the Wi-Fi password which connects them, meaning that a hacker who is able to gain access to this device can find the Wi-Fi password and exploit the entire network, risking data such as banking and personal details as well as general internet activity. It’s unrealistic to expect consumers to use blockchain security for their washing machines and digital cameras so necessary security changes are going to have to start with the brands making the products. Ensuring that safety is properly considered before marketing any IoT device is the surest way to keep consumers’ data safe within their own network. Google Home and Amazon Alexa While not directly at the mercy of hackers, the recent revelations that recordings taken by both Amazon’s Alexa and Google Home devices have been sent to human listeners within the company raises different privacy concerns. The companies have assured that the recordings have been shared with human employees for training and research purposes but as the recent leak shows, holding personal data on recordings makes it susceptible to malicious actors online.
Amazon have taken further steps to allow users to control how Alexa stores their data and have it deleted using voice commands, making it slightly easier to protect what you say in your own home. However, many consumers buy these products without thinking of the implications of keeping a device that is always listening in their home. Companies who produce home assistant speakers need to be more transparent with how they use consumer data and take further steps to ensure no sensitive personal data is kept in recordings to help reduce the number of data breaches each year. Trials are set to begin in the UK by Natwest bank where Google Home users will be able to check their balance with their voice. As this follows immediately on from the leaked recordings, it seems there is still little concern for the ways in which we share our personal data with the devices we use. However, online security will likely become a much bigger topic in the future as the number of internet-enabled devices rises. The Internet of Things is proving that technology continues to advance at a rapid pace. Although consumers will need to ensure that security is a high priority in order to protect their own data and data handled by organizations, the first step must be taken by manufacturers to ensure these products are created to high security standard. Reference: https://betanews.com/2019/08/13/securing-iot- devices/
Chapter 5 Are corporations moral agents? Why or why not? Do they have moral responsibilities? Or, do only human beings (moral agents) have moral agency and therefore, moral obligations? Your argument MUST show you read the section on corporations in Chapter 5. Post your argument yes/no, AS AN ARGUMENT FORMULA OUTLINE Follow the argument Formula Below

More Related Content

DOCX
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
byvrickens
 
DOCX
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
bymariuse18nolet
 
PPTX
IoT, Data Analytics and Big Data Security.pptx
byfizarcse
 
PPTX
Assign 1_8812814ctm.pptx
bypdevang
 
DOCX
Final Research Project - Securing IoT Devices What are the Challe.docx
byvoversbyobersby
 
PDF
IoT, Security & the Path to a Solution
byDr Laurent Guiraud
 
PDF
Strengthening IoT Security Against Cyber Threats.pdf
bySeasiaInfotech2
 
PDF
Developing surveillance challenges in theinternet of things
byDr. Raghavendra GS
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
byvrickens
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
bymariuse18nolet
 
IoT, Data Analytics and Big Data Security.pptx
byfizarcse
 
Assign 1_8812814ctm.pptx
bypdevang
 
Final Research Project - Securing IoT Devices What are the Challe.docx
byvoversbyobersby
 
IoT, Security & the Path to a Solution
byDr Laurent Guiraud
 
Strengthening IoT Security Against Cyber Threats.pdf
bySeasiaInfotech2
 
Developing surveillance challenges in theinternet of things
byDr. Raghavendra GS
 

Similar to Final Research Project - Securing IoT Devices What are the Challe.docx

PDF
White Paper: IoT Security – Protecting the Networked Society
byEricsson
 
PPTX
A Quick Guide On What Is IoT Security_.pptx
byTurboAnchor
 
PDF
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
byIRJET Journal
 
PPTX
IoT Security, Threats and Challenges By V.P.Prabhakaran
byKoenig Solutions Ltd.
 
PDF
Security in IoT
bySKS
 
PDF
An Internet of Things Reference Architecture
bySymantec
 
PDF
IoT Security.pdf
bySudhanshiBakre1
 
DOCX
Security and Privacy considerations in Internet of Things
bySomasundaram Jambunathan
 
PPTX
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
byPratimanChoubey
 
PDF
Safeguarding the Internet of Things
byCognizant
 
PDF
New Threats, Existing Remedies, and Unresolved Issues Related to the Effect o...
byijtsrd
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
PPTX
Introduction to IOT security
byPriyab Satoshi
 
DOCX
Addressing security and privacy in io t ecosystem v0.4
bySomasundaram Jambunathan
 
PDF
A Survey Report on : Security & Challenges in Internet of Things
byijsrd.com
 
PPTX
Security Testing for IoT Systems
bySecurity Innovation
 
DOCX
Cyber Security and the Internet of ThingsVulnerabilities, T.docx
bydorishigh
 
PDF
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
byKatedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
PPTX
IoT security
byYashKesharwani2
 
PPTX
IoT Security Briefing FBI 07 23-2017 final
byFrank Siepmann
 
White Paper: IoT Security – Protecting the Networked Society
byEricsson
 
A Quick Guide On What Is IoT Security_.pptx
byTurboAnchor
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
byIRJET Journal
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
byKoenig Solutions Ltd.
 
Security in IoT
bySKS
 
An Internet of Things Reference Architecture
bySymantec
 
IoT Security.pdf
bySudhanshiBakre1
 
Security and Privacy considerations in Internet of Things
bySomasundaram Jambunathan
 
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
byPratimanChoubey
 
Safeguarding the Internet of Things
byCognizant
 
New Threats, Existing Remedies, and Unresolved Issues Related to the Effect o...
byijtsrd
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
Introduction to IOT security
byPriyab Satoshi
 
Addressing security and privacy in io t ecosystem v0.4
bySomasundaram Jambunathan
 
A Survey Report on : Security & Challenges in Internet of Things
byijsrd.com
 
Security Testing for IoT Systems
bySecurity Innovation
 
Cyber Security and the Internet of ThingsVulnerabilities, T.docx
bydorishigh
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
byKatedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
IoT security
byYashKesharwani2
 
IoT Security Briefing FBI 07 23-2017 final
byFrank Siepmann
 

More from lmelaine

DOCX
Jan 18, 2013 at 217pmNo unread replies.No replies.Post yo.docx
bylmelaine
 
DOCX
Jan 10, 20141.Definition of law A set of rules and proced.docx
bylmelaine
 
DOCX
James RiverJewelryProjectQuesti.docx
bylmelaine
 
DOCX
Jacob claims the employer violated his rights. In your opinion, what.docx
bylmelaine
 
DOCX
Ive been promised A+ papers in the past but so far I have not seen .docx
bylmelaine
 
DOCX
It’s easy to dismiss the works from the Dada movement as silly. Cons.docx
bylmelaine
 
DOCX
Its meaning is still debated. It could be a symbol of the city of Fl.docx
bylmelaine
 
DOCX
Jaffe and Jordan want to use financial planning models to prepar.docx
bylmelaine
 
DOCX
Ive got this assinment due and was wondering if anyone has done any.docx
bylmelaine
 
DOCX
It is thought that a metabolic waste product produced by a certain g.docx
bylmelaine
 
DOCX
it is not the eassay it is about anwering the question with 2,3 pa.docx
bylmelaine
 
DOCX
It is now time to select sources and take some notes. You will nee.docx
bylmelaine
 
DOCX
Its a linear equations question...Neilsen Media Research surveys .docx
bylmelaine
 
DOCX
itively impact job satisfactionWeek 3 - Learning Team Paper - Due .docx
bylmelaine
 
DOCX
IT205 Management of Information SystemsHello, I am looking for he.docx
bylmelaine
 
DOCX
It is not an online course so i cannot share any login details. No d.docx
bylmelaine
 
DOCX
IT Strategic Plan, Part 1Using the case provided, analyze the busi.docx
bylmelaine
 
DOCX
It should be in API format.Research paper should be on Ethernet .docx
bylmelaine
 
DOCX
IT Strategic Plan, Part 2Using the case provided, build on Part .docx
bylmelaine
 
DOCX
It seems most everything we buy these days has the label made in Ch.docx
bylmelaine
 
Jan 18, 2013 at 217pmNo unread replies.No replies.Post yo.docx
bylmelaine
 
Jan 10, 20141.Definition of law A set of rules and proced.docx
bylmelaine
 
James RiverJewelryProjectQuesti.docx
bylmelaine
 
Jacob claims the employer violated his rights. In your opinion, what.docx
bylmelaine
 
Ive been promised A+ papers in the past but so far I have not seen .docx
bylmelaine
 
It’s easy to dismiss the works from the Dada movement as silly. Cons.docx
bylmelaine
 
Its meaning is still debated. It could be a symbol of the city of Fl.docx
bylmelaine
 
Jaffe and Jordan want to use financial planning models to prepar.docx
bylmelaine
 
Ive got this assinment due and was wondering if anyone has done any.docx
bylmelaine
 
It is thought that a metabolic waste product produced by a certain g.docx
bylmelaine
 
it is not the eassay it is about anwering the question with 2,3 pa.docx
bylmelaine
 
It is now time to select sources and take some notes. You will nee.docx
bylmelaine
 
Its a linear equations question...Neilsen Media Research surveys .docx
bylmelaine
 
itively impact job satisfactionWeek 3 - Learning Team Paper - Due .docx
bylmelaine
 
IT205 Management of Information SystemsHello, I am looking for he.docx
bylmelaine
 
It is not an online course so i cannot share any login details. No d.docx
bylmelaine
 
IT Strategic Plan, Part 1Using the case provided, analyze the busi.docx
bylmelaine
 
It should be in API format.Research paper should be on Ethernet .docx
bylmelaine
 
IT Strategic Plan, Part 2Using the case provided, build on Part .docx
bylmelaine
 
It seems most everything we buy these days has the label made in Ch.docx
bylmelaine
 

Recently uploaded

PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PPTX
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
java full stack programming and interview questions
byrajuashokit
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 

Final Research Project - Securing IoT Devices What are the Challe.docx

  • 1.
    Final Research Project- Securing IoT Devices: What are the Challenges? Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important? The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.” IoT devices are quite a bit different from other internet- connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration. Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them. Some security practitioners suggest that key IoT security steps include: 1. Make people aware that there is a threat to security; 2. Design a technical solution to reduce security vulnerabilities; 3. Align the legal and regulatory frameworks; and 4. Develop a workforce with the skills to handle IoT security. Final Assignment - Project Plan (Deliverables): 1) Address each of the FOURIoT security steps listed above in
  • 2.
    terms of IoTdevices. 2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices. Bottom of Form Top of Form Bottom of Form IoT References: https://www.techrepublic.com/article/how-to-secure-your-iot- devices-from-botnets-and-other-threats/ https://www.peerbits.com/blog/biggest-iot-security- challenges.html https://www.bankinfosecurity.asia/securing-iot-devices- challenges-a-11138 https://www.sumologic.com/blog/iot-security/ https://news.ihsmarkit.com/press-release/number-connected-iot- devices-will-surge-125-billion-2030-ihs-markit-says https://cdn.ihs.com/www/pdf/IoT_ebook.pdf https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to %20IoT%20Security%20-Final.pdf https://www.techrepublic.com/article/smart-farming-how-iot- robotics-and-ai-are-tackling-one-of-the-biggest-problems-of- the-century/ Video Resources:What is the Internet of Things (IoT) and how can we secure it? https://www.youtube.com/watch?v=H_X6IP1-NDc What is the problem with IoT security? - Gary explains https://www.youtube.com/watch?v=D3yrk4TaIQQ What are the Challenges of IoT Security? IoT has many of the same security challenges that other systems have. There are, however, some challenges that are unique to IoT. 1. Embedded Passwords. Embedding passwords in IoT devices make it easy for remote support technicians to access devices for troubleshooting and simplifies the installation of multiple
  • 3.
    devices. Of course,it also simplifies access to devices for malicious purposes. 2. Lack of device authentication. Allowing IoT devices access to the network without authenticating opens the network to unknown and unauthorized devices. Rogue devices can serve as an entry point for attacks or even as a source of attacks. 3. Patching and upgrading. Some IoT devices do not provide a simple (or any) means to patch or upgrade software. This results in many IoT devices with vulnerabilities continuing to be in use. 4. Physical hardening. Physical access to IoT devices can introduce risk if those devices are not hardened against physical attack. Such an attack may not be intended to damage the device, but rather to extract information. Simply removing a microSD memory card to read its contents can give an attacker private data, as well as information such as embedded passwords that may allow access to other devices. 5. Outdated components. When vulnerabilities are discovered in hardware or software components of IoT devices, it can be difficult and expensive for manufacturers or users to update or replace them. As with patches, this results in many IoT devices with vulnerabilities continuing to be used. 6. Device monitoring and management. IoT devices do not always have a unique identifier that facilitates asset tracking, monitoring, and management. IT personnel do not necessarily consider IoT devices among the hosts that they monitor and manage. Asset tracking systems sometimes neglect to include IoT devices, so they sit on the network without being managed or monitored. Most of these issues can be attributed to security being an afterthought (if a thought at all) in the design and manufacturing of IoT devices. Even those IoT developers who consider security in the design process struggle with implementation. Most IoT devices are limited by minimal processing power, memory, and data transfer speeds. This is a necessary evil in order to keep the size and cost of the devices
  • 4.
    small. Accordingly, securitycontrols must be implemented to compensate for these inherent weaknesses. The first step to implementing security controls is to determine where those controls are needed. This is another challenge for protecting IoT devices. Since IoT devices are often not recognized as network devices, they get overlooked when inventorying or mapping the network. If you do not know it is there, you cannot protect it. Fortunately, IoT device manufacturers are beginning to address these issues, but organizations that are planning or currently using IoT cannot sit back and wait for that to happen. There are measures that organizations can take right now to protect their IoT devices and networks from attacks.Security Requirements of IoT Manufacturers and implementers must implement security practices to mitigate IoT risks. Steps can be taken to better secure IoT and address known risks. Security Challenge Solution Embedded passwords Rather than embedding passwords in their products, manufacturers should require users to create a strong password during device setup. Lack of device authentication Manufacturers should provide a means for their devices to
  • 5.
    authenticate to thenetwork. IT personnel should require devices to authenticate before joining the network. Patching and upgrading Manufacturers need to make it easy for devices to be upgraded or patched. Ideally, this would be an automatic or one-click process. Physical hardening IoT devices should be made tamper-proof. Devices should be monitored to detect time offline and inspected after unexpectedly dropping offline. Outdated components Vulnerable devices should be updated or replaced. This can be difficult to remedy, especially in environments that have many IoT devices in remote locations. In those cases, tighter security controls and more vigilant monitoring should be implemented. Device monitoring and management Ensure that all IoT devices are included in asset tracking, monitoring, and management systems. Manufacturers should provide a unique identifier for each device. Clearly, many of these security issues can only be resolved by the manufacturer. One that organizations’ security, IT, and OT teams can address is device management. It is up to those planning and/or implementing the rollout of IoT devices to ensure that they are accounted for in asset management, systems monitoring, security monitoring, and incident response systems.
  • 6.
    Breaches and Hacks Thereare two broad categories of attacks that involve IoT devices: those in which the IoT devices themselves are the end target of the attack, and those that use IoT devices to attack other targets. We have seen both types of attacks used in the real world and by security researchers as a proof of concept. In October of 2016, an attack against Dyn, a company that provides DNS services, made much of the internet inaccessible. Twitter, Spotify, Github, Netflix, The New York Times, Paypal and other major websites were down for hours. The attack used the Mirai IoT Botnet, taking control of over 600,000 IoT devices to flood Dyn with traffic in a massive DDoS attack. The devices seemed to be mostly routers and IP cameras. IP cameras are frequently targeted IoT devices. In a scary example of an attack where the IoT device was the target, the “device” was a car. Fortunately, this was a controlled demonstration by security researchers Charlie Miller and Chris Valasek. They demonstrated the attack for Wired writer Andy Greenberg, who was driving a Jeep Cherokee. Miller and Valasek, from miles away over a cellular internet connection, remotely turned on the A/C, radio, and windshield wipers. That was just the beginning. Next, they caused the Jeep to slow, remotely rendering the accelerator useless.How to Secure IoT Systems and Devices It is clear that IoT attacks can have serious consequences.
  • 7.
    Securing IoT systemsand devices must be done by both the manufacturers and the organizations using them. The security controls that organizations can put in place are similar to the controls they already use on their network. The key to securing IoT is to know what IoT devices are on your network and where they are in your network topology. Until you know that, you are flying blind. You cannot protect what you cannot see. One way to identify IoT devices on your network is to require all hosts and devices to authenticate when joining the network. Devices that fail authentication can then be identified. If they belong on the network, authentication can then be configured for that device. If they do not belong on the network, you have discovered a rogue device. You can further secure IoT devices by segmenting the network and dedicating one segment to IoT. This will allow you to firewall that segment and apply IoT-specific rules. It would also allow you to quickly block traffic from that segment in the event that an IoT device is compromised. Once you have IoT devices authenticated, you can then gain visibility into their activity using a cloud-native security monitoring and analytics platform like Sumo Logic. The Sumo Logic platform helps you make data-driven decisions and reduce the time to investigate security and operational issues so you can free up resources for more important activities. For even greater visibility into security events, integrated threat
  • 8.
    intelligence from Crowdstrikeis included for up-to-date IOC data that can be quickly cross-correlated to identify threats in your environment. Reference: https://www.sumologic.com/blog/iot-security/ Personal data breaches and securing IoT devices · By Damon Culbert (2019) The Internet of Things (IoT) is taking the world by storm as interconnected devices fill workplaces and homes across the US. While the intention of these devices is always to make our lives easier, their ability to connect to the internet turns them into ticking time bombs, lying in wait until their weaknesses can be exploited by opportunistic hackers. Personal data breaches are skyrocketing in America, increasing by 60% in the last year and by 157 percent since 2015. As our interconnectivity grows, so do the opportunities that our technology will be hacked. Since every IoT device is connected to the internet, each one is vulnerable to external access if not secured properly. In the rush to manufacture these devices and get them onto the market, security has been an afterthought which needs to be urgently addressed if the number of yearly data breaches is to be tackled. Not only is the actual security of IoT devices under constant debate but recent news stories surrounding both the Amazon
  • 9.
    Alexa and GoogleHome products -- central machines to most home IoT set-ups -- show that even when used properly, the security implications of these devices can be suspect. Though many expect IoT to revolutionize our everyday lives, the potential holes they open up in our security infrastructures could become an insurmountable problem if not dealt with soon. Workplace IoT IoT in the workplace can range from integrated systems such as air conditioning and security systems to Wi-Fi enabled coffee machines. But every point of access in a system has potential for weakness, meaning the more connected devices there are the harder it is to protect. Many believe that blockchain technology has the answer for IoT security issues due to its decentralized nature and the ability to timestamp and identify each connected device, allowing for more accurate access records and a more stable network where no central point is vulnerable. The other key issue with workplace IoT is the necessity of regular updates to keep all devices secured. In working environments where machines are working 24/7, there is no time to take machines out of service to complete updates, meaning identified weaknesses can be left unresolved. This allows hackers multiple opportunities to exploit the insecurities in an individual device and gain access to the central network from there. Creators of IoT devices will need to address the concerns of
  • 10.
    their consumers inorder to create products which can be routinely secured and hold a high base standard of security. Integrated homes With an explosion of interconnected devices for the home comes a unique challenge that consumers are often completely oblivious to. Some IoT devices have no way to securely store the Wi-Fi password which connects them, meaning that a hacker who is able to gain access to this device can find the Wi-Fi password and exploit the entire network, risking data such as banking and personal details as well as general internet activity. It’s unrealistic to expect consumers to use blockchain security for their washing machines and digital cameras so necessary security changes are going to have to start with the brands making the products. Ensuring that safety is properly considered before marketing any IoT device is the surest way to keep consumers’ data safe within their own network. Google Home and Amazon Alexa While not directly at the mercy of hackers, the recent revelations that recordings taken by both Amazon’s Alexa and Google Home devices have been sent to human listeners within the company raises different privacy concerns. The companies have assured that the recordings have been shared with human employees for training and research purposes but as the recent leak shows, holding personal data on recordings makes it susceptible to malicious actors online.
  • 11.
    Amazon have takenfurther steps to allow users to control how Alexa stores their data and have it deleted using voice commands, making it slightly easier to protect what you say in your own home. However, many consumers buy these products without thinking of the implications of keeping a device that is always listening in their home. Companies who produce home assistant speakers need to be more transparent with how they use consumer data and take further steps to ensure no sensitive personal data is kept in recordings to help reduce the number of data breaches each year. Trials are set to begin in the UK by Natwest bank where Google Home users will be able to check their balance with their voice. As this follows immediately on from the leaked recordings, it seems there is still little concern for the ways in which we share our personal data with the devices we use. However, online security will likely become a much bigger topic in the future as the number of internet-enabled devices rises. The Internet of Things is proving that technology continues to advance at a rapid pace. Although consumers will need to ensure that security is a high priority in order to protect their own data and data handled by organizations, the first step must be taken by manufacturers to ensure these products are created to high security standard. Reference: https://betanews.com/2019/08/13/securing-iot- devices/
  • 12.
    Chapter 5 Are corporationsmoral agents? Why or why not? Do they have moral responsibilities? Or, do only human beings (moral agents) have moral agency and therefore, moral obligations? Your argument MUST show you read the section on corporations in Chapter 5. Post your argument yes/no, AS AN ARGUMENT FORMULA OUTLINE Follow the argument Formula Below