SlideShare uma empresa Scribd logo

New challenges to secure the IoT (with notes)

Caston Thomas
Caston Thomas

We have a pretty good handle on this!

Internet
1 de 30
Baixar para ler offline
Most think of IOT like BYoD We try to identify & control IoT coined 15 years ago - 4 THINGS!!! devices can alter the way we interact with & collect data in all aspects of our lives. Most companies put the IoT into the BYOD (Bring Your Own Device) bucket in terms of. BYOD & the IoT are two very different concepts. The IoT encompasses a larger set of devices enterprises utilize that include not only personal devices, but those that are built into emerging technologies such as building control systems (think ZigBee/Wi-Fi enabled light bulbs), security systems (Bluetooth locks), health & fitness (collecting/transmitting data on our vitals). Most of the time these new technologies are deployed in an environment without the company knowing the inherent security risk. Not long ago the only wireless protocol was WiFi & many companies have mature WiFi security controls in place. However, there are many protocols on IoT devices that cannot be detected with traditional WiFi scanners. These protocols include Bluetooth, Bluetooth Smart (or Low Energy), ZigBee, Zwave, ANT, NFC, Nike+ (yes, the shoe manufacturer has their own protocol). A new protocol is in the works by giants Google/Samsung called Thread. study by HP's Fortify group Of 10 popular devices tested: 7 contained immediately noticeable security exposures 25 holes or risks of compromising the home network, on average, found for each device 8 did not require passwords of sufficient complexity & length 9 collected at least one piece of personal information 7 allowed an attacker to identify a valid account through account enumeration For IT security professionals, the list above is a reflection of what they have spent their careers policing. The potential problems introduced by rogue IoT devices are similar to those of wired hardware/software: Lack of encryption Weak or default authentication Lack of software update processes Default services enabled even if not used So what is a company to do? How do you secure that which you cannot detect? Like all good security programs, your IoT security efforts will be on multiple fronts: • Education about the risks of IoT devices will drive more users to your door to stay compliant. • Implement segregation of devices that introduce new networks or connection points. • For example, the vendor that provides HVAC controls may attempt to deploy "smart" units that create their own mesh network for exchange of data. If these units also have an Ethernet connection to your environment then you have just introduced a new path into your core. • Require certification & penetration testing of new suppliers & devices. 3
• Keep an eye out for the latest security technologies that help you increase your posture by scanning your IoT space & doing regular security assessments of your environment. 3
4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 4
4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 5
4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 6
#2 STUXNET targeted intelligence #3 WHITEHOUSE friendliness – email came from a state department source – assumed to be trusted Accepted by security professionals that any network can be compromised eventually. - Year-over-year increases in # of attacks - Increasingly sophisticated - What was sophisticated yesterday is easy today – script kitties using Metaspoilt - Multiple methods - Evade detection – average time from penetration to detection = 18 mo.’s - Detection to correction – average of 27 days - Utilities are a high value target (59% of attacks reported in 2013 to DHS) Not if but when
8
9
#4 PII Does not include: Home automation Entertainment Personal fitness Location (BIG DATA!!! ANALYTICS!!! HABITS!!! PERSONALITY PROFILES!!!) 10
#4 PII Does not include: Home automation Entertainment Personal fitness Location (BIG DATA!!! ANALYTICS!!! HABITS!!! PERSONALITY PROFILES!!!) 11
2020 Dumpster Diving route2work 3 trips urologist coffee on sat morn PII (Society of Surveillance!) DARK WEB! CC AT&T GPS on car – TV camera – camera or mic – Appliances Home automation (early warning system) Ultra Spear fishing (Your wife’s credit card.) MY new AT&T router installed. 12
13
old frameworks won’t work! How do we update them? Risk Model Information Flow & Gap Analysis Game Theory Process Oriented (NOT Event Oriented!) 14
THIS SLIDE IS FOR REFERENCE Step-by-step – OWASP refer to OWASP.org. It’s a pretty cool step by step model Externalities • Device owner or data custodian don’t always feel the bulk of the impact • Reputational harm only goes so far • Regulation should focus on where the harm occurs Typical Stakeholders • Data subjects • Those using the devices (possible physical harm) • Public at-large/community • Device owners • Data custodians • Regulators (local, state, national, global) 15
16
THIS SLIDE IS FOR REFERENCE Step-by-step – OWASP refer to OWASP.org. It’s a pretty cool step by step model Externalities • Device owner or data custodian don’t always feel the bulk of the impact • Reputational harm only goes so far • Regulation should focus on where the harm occurs Typical Stakeholders • Data subjects • Those using the devices (possible physical harm) • Public at-large/community • Device owners • Data custodians • Regulators (local, state, national, global) 17
New Kill Chain – Frig SPAM relay Blackmail/Sabotague Behavior Habits Attack -> Intel Easier to Gather Build Target Rich Victims for very targeted spear fishing Thermostat TV Mic/cam/motion detector on every device in your home GPS tracker 18
Begin to think of security more and MORE LIKE A PROCESS rather than EVENTS OR SEQUENCES that can occur somewhere in the kill chain. CHECKERS -> CHESS InfoSec has been a game of checkers and we are fast moving into a game of chess. 19
Let’s take a quick look at the process flow of the seemingly simple smart meter that was installed a year or so back. Now overlay that complexity with… Your home automation system… Your home entertainment system… Your personal health monitoring system… Your automobile… Your shopping list… Your to-do list… And then tie all those systems together. That’s the IoT from a security systems viewpoint. 20
Game theory… We could spend an entire semester course applying all the concepts in this diagram. When I saw this the first time, it jumped out at me as quite profound. Essentially, we’re matching the defense to the offense – taking the high level assessment of the attacks and optimizing how we use our resources to defend against or prevent the most likely & most dangerous attacks. LOOK AT EACH VECTOR LIKE A CAMPAIGN! 21
Taking this concept just a little deeper, the approach on each attack vector looks like this You want to identify potential threats early & plot course accordingly! Tracking campaigns is enormously beneficial. We are not trying to stop 1s & 0s, we are trying to stop people, so we need to understand the how & the when of the operation – even the why can be critical to understand. The principle goal of campaign analysis is to determine the patterns & behaviors of attackers, their tactics, techniques, & procedures (TTP), to detect “how" they operate rather than specifically “what" they do. The campaign heatmap allows us to quickly hone in on which adversaries are active over a particular timeframe & understand when & how they attack. The use of the heat-map has been important to understanding what triggers an APT attack (i.e. new zero-day vulnerabilities, or other significant events). This allows us to assess our defensive posture on a campaign-by-campaign basis, & based on the assessed risk of each, develop strategic courses of action to cover any gaps.
Game theory… The concept takes all the complexity of the previous two slides and codifies our approach. Essentially, we’re matching the defense to the offense & applying the relative cost in a way that helps us understand the places where our resources are best devoted. 23
NAC – the folly of 802.1x – I’ve been saying this for 3 years Anyone who has implemented NAC that has a premise of 802.1x has painted themselves into a corner and will have to re-architect their entire network security strategy. Meta trends: Watson intelligence in event monitoring Merging of physical & info security Interfaces between security systems Listen & Learn – Younger workers have a completely different view on privacy I know a CISO who has cultivated a ‘vendor mentor’ Trusted Wide perspective Not product oriented Rules of Engagement – no talk about products of the vendor 24
25
CounterTack & Tanium 26
27
28
29
30
31

Recomendados

IRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET Journal
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
IRJET - Safety and Security Aspects of Smart Home Applications using Face...
IRJET - Safety and Security Aspects of Smart Home Applications using Face...IRJET - Safety and Security Aspects of Smart Home Applications using Face...
IRJET - Safety and Security Aspects of Smart Home Applications using Face...IRJET Journal
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 

Recomendados

IRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET Journal
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
IRJET - Safety and Security Aspects of Smart Home Applications using Face...
IRJET - Safety and Security Aspects of Smart Home Applications using Face...IRJET - Safety and Security Aspects of Smart Home Applications using Face...
IRJET - Safety and Security Aspects of Smart Home Applications using Face...IRJET Journal
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
SE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John PragnellSE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John PragnellAMD Developer Central
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)GOPAL BASAK
 
IoT, Security & the Path to a Solution
IoT, Security & the Path to a SolutionIoT, Security & the Path to a Solution
IoT, Security & the Path to a SolutionDr Laurent Guiraud
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Raspberypi iot indian
Raspberypi iot indianRaspberypi iot indian
Raspberypi iot indianbalaji raja rajan Venkatachalam
 
Disrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of ThingsDisrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of Thingstodbotdotcom
 
SE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and AccessSE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and AccessAMD Developer Central
 
IOTAS
IOTASIOTAS
IOTASSce Pike
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014Patrick Bouillaud
 
internet of things
internet of thingsinternet of things
internet of thingsAshwanpreet Singh
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Smart home solutions
Smart home solutionsSmart home solutions
Smart home solutionsSteve Xing
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptxssuserc5ee4c
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptxJanasudhan1
 

Mais conteúdo relacionado

Mais procurados

SE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John PragnellSE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John PragnellAMD Developer Central
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)GOPAL BASAK
 
IoT, Security & the Path to a Solution
IoT, Security & the Path to a SolutionIoT, Security & the Path to a Solution
IoT, Security & the Path to a SolutionDr Laurent Guiraud
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Disrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of ThingsDisrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of Thingstodbotdotcom
 
SE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and AccessSE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and AccessAMD Developer Central
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Smart home solutions
Smart home solutionsSmart home solutions
Smart home solutionsSteve Xing
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 

Mais procurados (20)

SE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John PragnellSE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
SE-4060, Securing the Mobile World, by Norman Shaw and John Pragnell
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)
 
IoT, Security & the Path to a Solution
IoT, Security & the Path to a SolutionIoT, Security & the Path to a Solution
IoT, Security & the Path to a Solution
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of Things
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
Raspberypi iot indian
Raspberypi iot indianRaspberypi iot indian
Raspberypi iot indian
 
Disrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of ThingsDisrupting and Enhancing Healthcare with the Internet of Things
Disrupting and Enhancing Healthcare with the Internet of Things
 
SE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and AccessSE-4111 Max Berman, User Authentication for Mobile Devices and Access
SE-4111 Max Berman, User Authentication for Mobile Devices and Access
 
IOTAS
IOTASIOTAS
IOTAS
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014
 
internet of things
internet of thingsinternet of things
internet of things
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
Smart home solutions
Smart home solutionsSmart home solutions
Smart home solutions
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
IoT Security
IoT SecurityIoT Security
IoT Security
 

Semelhante a New challenges to secure the IoT (with notes)

02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptxssuserc5ee4c
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptxJanasudhan1
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptxSourajitMaity1
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisDaksh Raj Chopra
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply Chain
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply ChainSensors, Identifiers & Digital Twins: Tracking Identity on the Supply Chain
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply ChainHeather Vescent
 
02_Internet-of-things-Final PPT.pdf
02_Internet-of-things-Final PPT.pdf02_Internet-of-things-Final PPT.pdf
02_Internet-of-things-Final PPT.pdfPunamSurwase
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxvrickens
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsJay Nagar
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...[IoTs & Wearables] Future proof your business for the Wearables & Internet of...
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...Globant
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 

Semelhante a New challenges to secure the IoT (with notes) (20)

02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
 
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
02_Internet-of-things-IOT-by-Davis-M-Onsakia_ISOC-IoT-SIG.pptx
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security Analysis
 
Driving secureiot innovation
Driving secureiot innovationDriving secureiot innovation
Driving secureiot innovation
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply Chain
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply ChainSensors, Identifiers & Digital Twins: Tracking Identity on the Supply Chain
Sensors, Identifiers & Digital Twins: Tracking Identity on the Supply Chain
 
02_Internet-of-things-Final PPT.pdf
02_Internet-of-things-Final PPT.pdf02_Internet-of-things-Final PPT.pdf
02_Internet-of-things-Final PPT.pdf
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...[IoTs & Wearables] Future proof your business for the Wearables & Internet of...
[IoTs & Wearables] Future proof your business for the Wearables & Internet of...
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
iot_ppt.pptx
iot_ppt.pptxiot_ppt.pptx
iot_ppt.pptx
 

Mais de Caston Thomas

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Caston Thomas
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoTCaston Thomas
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
How to adapt to the IOT
How to adapt to the IOTHow to adapt to the IOT
How to adapt to the IOTCaston Thomas
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3Caston Thomas
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare itCaston Thomas
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODCaston Thomas
 

Mais de Caston Thomas (9)

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoT
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
How to adapt to the IOT
How to adapt to the IOTHow to adapt to the IOT
How to adapt to the IOT
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare it
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYOD
 

Último

Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Último (20)

Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

New challenges to secure the IoT (with notes)

  • 1. Most think of IOT like BYoD We try to identify & control IoT coined 15 years ago - 4 THINGS!!! devices can alter the way we interact with & collect data in all aspects of our lives. Most companies put the IoT into the BYOD (Bring Your Own Device) bucket in terms of. BYOD & the IoT are two very different concepts. The IoT encompasses a larger set of devices enterprises utilize that include not only personal devices, but those that are built into emerging technologies such as building control systems (think ZigBee/Wi-Fi enabled light bulbs), security systems (Bluetooth locks), health & fitness (collecting/transmitting data on our vitals). Most of the time these new technologies are deployed in an environment without the company knowing the inherent security risk. Not long ago the only wireless protocol was WiFi & many companies have mature WiFi security controls in place. However, there are many protocols on IoT devices that cannot be detected with traditional WiFi scanners. These protocols include Bluetooth, Bluetooth Smart (or Low Energy), ZigBee, Zwave, ANT, NFC, Nike+ (yes, the shoe manufacturer has their own protocol). A new protocol is in the works by giants Google/Samsung called Thread. study by HP's Fortify group Of 10 popular devices tested: 7 contained immediately noticeable security exposures 25 holes or risks of compromising the home network, on average, found for each device 8 did not require passwords of sufficient complexity & length 9 collected at least one piece of personal information 7 allowed an attacker to identify a valid account through account enumeration For IT security professionals, the list above is a reflection of what they have spent their careers policing. The potential problems introduced by rogue IoT devices are similar to those of wired hardware/software: Lack of encryption Weak or default authentication Lack of software update processes Default services enabled even if not used So what is a company to do? How do you secure that which you cannot detect? Like all good security programs, your IoT security efforts will be on multiple fronts: • Education about the risks of IoT devices will drive more users to your door to stay compliant. • Implement segregation of devices that introduce new networks or connection points. • For example, the vendor that provides HVAC controls may attempt to deploy "smart" units that create their own mesh network for exchange of data. If these units also have an Ethernet connection to your environment then you have just introduced a new path into your core. • Require certification & penetration testing of new suppliers & devices. 3
  • 2. • Keep an eye out for the latest security technologies that help you increase your posture by scanning your IoT space & doing regular security assessments of your environment. 3
  • 3. 4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 4
  • 4. 4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 5
  • 5. 4 concepts we have to understand when it comes to IoT… #1… IoT is NOT BYoD!!! Father’s Day campaign ‘14 Brazil Johnnie Walker 100,000 bottles Smart labels create personalized tributes & shared For their Father’s day campaign in 2014 in Brazil, Johnnie Walker built a platform that connected 100,000of their whiskey bottles to the Internet. With innovations in smart labeling, the whiskey brand allowed anyone to create a personalized film tribute. Gifters & receivers could opt into further promotions & share the video on social channels 6
  • 6. #2 STUXNET targeted intelligence #3 WHITEHOUSE friendliness – email came from a state department source – assumed to be trusted Accepted by security professionals that any network can be compromised eventually. - Year-over-year increases in # of attacks - Increasingly sophisticated - What was sophisticated yesterday is easy today – script kitties using Metaspoilt - Multiple methods - Evade detection – average time from penetration to detection = 18 mo.’s - Detection to correction – average of 27 days - Utilities are a high value target (59% of attacks reported in 2013 to DHS) Not if but when
  • 7. 8
  • 8. 9
  • 9. #4 PII Does not include: Home automation Entertainment Personal fitness Location (BIG DATA!!! ANALYTICS!!! HABITS!!! PERSONALITY PROFILES!!!) 10
  • 10. #4 PII Does not include: Home automation Entertainment Personal fitness Location (BIG DATA!!! ANALYTICS!!! HABITS!!! PERSONALITY PROFILES!!!) 11
  • 11. 2020 Dumpster Diving route2work 3 trips urologist coffee on sat morn PII (Society of Surveillance!) DARK WEB! CC AT&T GPS on car – TV camera – camera or mic – Appliances Home automation (early warning system) Ultra Spear fishing (Your wife’s credit card.) MY new AT&T router installed. 12
  • 12. 13
  • 13. old frameworks won’t work! How do we update them? Risk Model Information Flow & Gap Analysis Game Theory Process Oriented (NOT Event Oriented!) 14
  • 14. THIS SLIDE IS FOR REFERENCE Step-by-step – OWASP refer to OWASP.org. It’s a pretty cool step by step model Externalities • Device owner or data custodian don’t always feel the bulk of the impact • Reputational harm only goes so far • Regulation should focus on where the harm occurs Typical Stakeholders • Data subjects • Those using the devices (possible physical harm) • Public at-large/community • Device owners • Data custodians • Regulators (local, state, national, global) 15
  • 15. 16
  • 16. THIS SLIDE IS FOR REFERENCE Step-by-step – OWASP refer to OWASP.org. It’s a pretty cool step by step model Externalities • Device owner or data custodian don’t always feel the bulk of the impact • Reputational harm only goes so far • Regulation should focus on where the harm occurs Typical Stakeholders • Data subjects • Those using the devices (possible physical harm) • Public at-large/community • Device owners • Data custodians • Regulators (local, state, national, global) 17
  • 17. New Kill Chain – Frig SPAM relay Blackmail/Sabotague Behavior Habits Attack -> Intel Easier to Gather Build Target Rich Victims for very targeted spear fishing Thermostat TV Mic/cam/motion detector on every device in your home GPS tracker 18
  • 18. Begin to think of security more and MORE LIKE A PROCESS rather than EVENTS OR SEQUENCES that can occur somewhere in the kill chain. CHECKERS -> CHESS InfoSec has been a game of checkers and we are fast moving into a game of chess. 19
  • 19. Let’s take a quick look at the process flow of the seemingly simple smart meter that was installed a year or so back. Now overlay that complexity with… Your home automation system… Your home entertainment system… Your personal health monitoring system… Your automobile… Your shopping list… Your to-do list… And then tie all those systems together. That’s the IoT from a security systems viewpoint. 20
  • 20. Game theory… We could spend an entire semester course applying all the concepts in this diagram. When I saw this the first time, it jumped out at me as quite profound. Essentially, we’re matching the defense to the offense – taking the high level assessment of the attacks and optimizing how we use our resources to defend against or prevent the most likely & most dangerous attacks. LOOK AT EACH VECTOR LIKE A CAMPAIGN! 21
  • 21. Taking this concept just a little deeper, the approach on each attack vector looks like this You want to identify potential threats early & plot course accordingly! Tracking campaigns is enormously beneficial. We are not trying to stop 1s & 0s, we are trying to stop people, so we need to understand the how & the when of the operation – even the why can be critical to understand. The principle goal of campaign analysis is to determine the patterns & behaviors of attackers, their tactics, techniques, & procedures (TTP), to detect “how" they operate rather than specifically “what" they do. The campaign heatmap allows us to quickly hone in on which adversaries are active over a particular timeframe & understand when & how they attack. The use of the heat-map has been important to understanding what triggers an APT attack (i.e. new zero-day vulnerabilities, or other significant events). This allows us to assess our defensive posture on a campaign-by-campaign basis, & based on the assessed risk of each, develop strategic courses of action to cover any gaps.
  • 22. Game theory… The concept takes all the complexity of the previous two slides and codifies our approach. Essentially, we’re matching the defense to the offense & applying the relative cost in a way that helps us understand the places where our resources are best devoted. 23
  • 23. NAC – the folly of 802.1x – I’ve been saying this for 3 years Anyone who has implemented NAC that has a premise of 802.1x has painted themselves into a corner and will have to re-architect their entire network security strategy. Meta trends: Watson intelligence in event monitoring Merging of physical & info security Interfaces between security systems Listen & Learn – Younger workers have a completely different view on privacy I know a CISO who has cultivated a ‘vendor mentor’ Trusted Wide perspective Not product oriented Rules of Engagement – no talk about products of the vendor 24
  • 24. 25
  • 26. 27
  • 27. 28
  • 28. 29
  • 29. 30
  • 30. 31