Download as PDF, PPTX
Uploaded byAndy Shutka
IoT security-arrow-roadshow #iotconfua
This document discusses security issues related to the Internet of Things (IoT). It notes that as the number of connected devices grows, so too will cyber attacks targeting IoT devices, as they often contain personal information and have existing vulnerabilities. Common IoT security threats mentioned include denial of service attacks, malware, data breaches, and weakening of security perimeters. The document advocates addressing IoT security across all levels from devices to cloud infrastructure. It presents Intel's IoT security portfolio as providing comprehensive protection from physical attacks and cyber threats, including features like secure boot, whitelisting, encryption, and centralized management of devices and data.
More Related Content
![IoT Security: Cases and Methods [CON5446]](https://cdn.slidesharecdn.com/ss_thumbnails/j1-2016-con5446-security-160927112335-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to IoT security-arrow-roadshow #iotconfua
![[Ebooks PDF] download Platform Embedded Security Technology Revealed 1st Edit...](https://cdn.slidesharecdn.com/ss_thumbnails/47659-241219103822-5611a8db-thumbnail.jpg?width=640&height=640&fit=bounds)
IoT security-arrow-roadshow #iotconfua
- 1.
- 2. Докладчик Розумей Роман Инженер-консультант повопросам ИБ ERC
- 4. Что такое интернетвещь?...
- 6. 1. IDC 2. MC/EDC:The Digital Universe of Opportunities 3. Goldman Sachs 4. IMS Research The Internet of Things is … Home Mobile Network Industrial Gateway DC/Cloud 3 COST OF SENSORS 2X PAST10 YEARS COST OF BANDWIDTH40X PAST10YEARS COST OF PROCESSING60X PAST10YEARS 50BDEVICES1 21 212BSensors
- 7.
- 9. Основные кибер-угрозы • Отказв обслуживании - DDoS • Зловредное ПО • Утечки данных • Непреднамеренные утечки • Ослабление периметра безопасности
- 10. Internet of Things Количествоатак на интернет вещи будет расти в связи с взрывным ростом количества подключенных устройств и все более критичной информацией хранящейся на устройствах. Source: McAfee, based on research by BI Intelligence, IDC, and Intel Source : HP Сегодня: 70% содержит уязвимости. 80% не требует паролей или испрльзует пароль небезопасной длины и сложности. 90% хранят персональные данные. 70% не имеют защиты от брутфорс атак.
- 11.
- 12. IoT Ключевые аспекты безопасности •Целостность устройства • Идентификация устройства • Защита каналов передачи данных в ЦОД/Облако • Защита каналов передачи данных на устройство • Безопасность ЦОДа/Облака • Безопасность вспомогательных узлов
- 13.
- 14. Intel® IoT Platform:Logical Definition MCU • WiFi + LP WiFi • Bluetooth® Technology + BTLE • 3G/4G/LTE (GPRS) • ZigBee*, Zwave* • 6LoWPAN* • WiHART* • Ethernet • RFID Gateway I/O I/O Data Ingestion & Processing Data Transport Broker Query Storage Compute Gateway Device Attestation Persistence & Concurrency Device Attestation Analytics MCU I/O Sensor Actuator Sensor Actuator Sensor Sensor P M A P M A Asset Info, Policies & Metadata Security, Configuration & Management Data Center Management & Security (Monitoring, Auto-scaling, Logging, Eventing) Business Logic & Rules Services Orchestration VerticalIoTApps APIs, API Libraries, SDK Business Portal IT/BusinessSystems Network Infrastructure 3rd Party Systems Data Flow: MQTT, HTTPS, WebSockets, XMPP, CoAP, REST, AMQP, DDS, et al. Security & Mgmt Flow: MQTT, EPID, OMA-DM, TR-069, REST, et al. P M A Protocol Mapper & Adapter (formerly UPAL) Security on all Devices, Data, & Comms from Things to Cloud (Identity Protection, Integrity, Confidentiality, Trusted Execution, Attestation) *Other names and brands may be claimed as the property of others. Sensor Gateways Networks On-Premise or Off-Premise Data Center or Cloud Identity Integrity Data Protection Intrusion Prevention Intrusion Detection Managed Networks Database Security Services Management Security Information and Event Monitoring System Threat Intelligence Public Cloud Security Private Cloud Security Intel Management Platform
- 16. Intel® Security -IoT Portfolio Provides comprehensive protection of Critical infrastructure from physical and cyberattacks Intel®SecurityCriticalInfrastructureProtection PRIVATE / PUBLIC CLOUD SECURITY EVENT MANAGEMENT AND THREAT INTELLIGENCE DEVICE LEVEL SECURITY NETWORK SECURITY McAfee Security Information and Event Monitoring System (SIEM) Central security intelligence system for IOT‘s heterogenes architecture McAfee Threat Intelligence Exchange (TIE) & Data Exchange Layer (DXL) Tailors comprehensive threat intelligence from multiple intelligence data sources McAfee ePolicy Orchestrator (McAfee ePO) Security agent that connects with the McAfee security infrastructure for monitoring and managing security of the IoT McAfee Network Security Platform Helps detect and block attacks by enforcing security policies at the application, port and protocol levels Provides Intrustion Detection / Prevention Capabilities McAfee Network Security Platform McAfee Embedded/ Integrity Control (Whitelisting Technology) Helps block unauthorized applications and changes in IOT devices Intel Silicon Hardened Foundation Security capabilities that include Secure Boot, HW Root of Trust and EPID
- 18. Intel Security WhitelistingTechnology Целостность устройств и проверенные обновления • Самостоятельное или централизовано- управляемое с McAfee ePolicy Orchestrator решение. • Часть Intel IoT Gateway • Интеграция McAfee Threat Intelligence Exchange (TIE) and Security Information and Event Monitoring Solution (SIEM) SYS STOP Unknown Binary is Unauthorized Whitelist
- 19. Intel® IoT Gateway Performanceat the edge Advanced Security Scalability Manageability Fast, Flexible deployment
- 20. Intel® IoT Gateway Linux*Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Sensor/Device Integrity & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Embedded Control Management Agents Signed Updates IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. UEFI Secure Boot 2. OS built-in capabilities Better 1. UEFI Secure Boot measured through TPM (Measure Boot) 2. McAfee Embedded Control 3. Remotly manageable via Intel AMT Best 1. UEFI Secure Boot and Device Attestation through TPM (Measure Boot, Attested) 2. McAfee Embedded Control 3. Management Agents to manage device and its security posture 4. Centralized managed and monitored
- 21. Intel® IoT Gateway Linux*Operating System Microsoft Windows® OS Intel® IoT Gateway Linux* Operating System Microsoft Windows® OSIntel® IoT Gateway Linux* Operating System Microsoft Windows® OS Data Protection & Security Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs Intel® Advanced Encryption Standard - New Instructions (Intel® AES-NI) Intel® IoT Gateway Linux* Operating System Microsoft Windows® OS Secure Boot (UEFI) McAfee Drive Encryption Management Agents McAfee MNE IoT Security and Device Management McAfee ePolicy Orchestrator* (ePO) and/or Wind River* Helix Device Cloud Good 1. OS built-in capabilities like dmcrypt or Bitlocker 2. SSL Connections to Services and other devices Better 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections Best 1. McAfee Drive Encryption or McAfee Native Management Agents 2. Utilization of Intel AES-NI for Encryption 3. Use of certified and/or hardened SSL libraries to establish secure connections 4. Centralized Management of Data Protection Software and Key Management SecureConnections
- 22. Итог • IoT Этоне только устройства • Безопасность IoT начинается на этапе разработки • Безопасность IoT должна быть реализована на всех уровнях от микроконтроллера до датацентра. • В мире IoT необходима защита инфраструктуры и сервисов.
- 23.