IoT Security

Published on Slideshow
Static slideshow
Download PDF version
Download PDF version
Embed video
Share video
Ask about this video

Scene 1 (0s)

IoT Security. Dr.R.Thirukkumaran, M.E, Ph.D Head - Research & Development (IoT) SkillsDA, Chennai E-mail: thiru@skillsda.com 9789697169.

Scene 2 (11s)

Outline. Introduction in IoT Challenges in IoT Common IoT Attacks Security Threats and Impacts Security Issues Simple Countermeasures Guidelines Best Practices.

Scene 3 (21s)

Introduction of IoT.

Scene 4 (27s)

IoT. IoT is the networked interconnection of everyday objects with embedded computers, sensors and actuators Internet of Things is an integrated part of Future Internet Dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols physical and virtual “things” have identities, physical attributes, and virtual personalities and use intelligent interfaces The physical and virtual “things” are seamlessly integrated into the information network.

Scene 5 (47s)

Components of IoT.

Scene 6 (53s)

How it works?. Devices o Any Connectivity 1 Rest API MOTT CoAP Custom Cloud Rules Engine Storage Data Push Data pull Application n.

Scene 7 (1m 0s)

IoT Statistics. There Will be 41 Billion IoT Devices by 2027 By 2023, 70% of Automobiles Will Be Connected to the Internet Every Second, Another 127 Devices Are Connected to The Internet There Will Be 1.9 Billion 5G Cellular Subscriptions by 2024 Companies Will Invest Up to $1.1 Trillion in IoT by 2023 The Total Economic Impact of IoT Could Range Between $4 and $11 Trillion per Year by 2025 The Home IoT Market is Expected to Grow to $53.45 Billion by 2022 By 2024, the Global IoT Healthcare Market is Expected to Reach $140 Billion Over 80 Percent of Industrial Manufacturing Companies Are Using or Planning to Use IoT Devices Ref: https://www.vxchnge.com/blog/iot-statistics.

Scene 8 (1m 33s)

Applications of IoT. /NTEPNET OF T///Ncg Everyday thing toe smarter connected.

Scene 9 (1m 40s)

Challenges in IoT.

Scene 10 (1m 46s)

Challenges in IoT. Heterogeneity Scalability Identity Confidentiality Integrity Availability Privacy Authentication Network resources.

Scene 11 (1m 55s)

IoT Applications. Home appliances Transport E-Governance Social networking Defense Home appliances Transport E-Governance Social net Defe tronics Telecommunication Smart grids Healthcare nces ort overnance Social networking Def ense Banking Consumer Electronics Smart Grids Healthcare.

Scene 12 (2m 3s)

IoT Attacks & Exploits.

Scene 13 (2m 9s)

Security Threats and Impacts.

Scene 14 (2m 15s)

OWASP Top 10 IoT. 1.Weak, guessable, or hardcoded passwords 2. Insecure network services 3. Insecure ecosystem interfaces 4. Lack of secure update mechanism 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management 9. Insecure default settings 10. Lack of physical hardening.

Scene 15 (2m 34s)

Attack Types. IP spoofing HTTPS spoofing DNS Spoofing SSL hijacking E-mail hijacking Browser cookies theft Wi-Fi eavesdropping.

Scene 16 (2m 44s)

Common IoT Attacks. o o o Vulnerability exploits The many components used in IoT devices mean they can have any number of vulnerabilities that can be exploited by attackers if not immediately patched..

Scene 17 (2m 55s)

Common IoT Attacks. Malware Malware like trojans, backdoors, and ransomware can be deployed through vulnerable applications, devices, firmware, protocols, and other components of IoT systems..

Scene 18 (3m 6s)

Common IoT Attacks.

Scene 19 (3m 12s)

Common IoT Attacks. Man-in-the-middle attacks Unsecure protocols and networks can allow attackers to position themselves between communication channels. o o o.

Scene 20 (3m 21s)

Common IoT Attacks.

Scene 21 (3m 26s)

Common IoT Attacks. o Eavesdropping and information theft The transmission and storage of data in IoT systems can be taken advantage of by attackers to gain access to critical information and even to carry out real-time monitoring..

Scene 22 (3m 38s)

Common IoT Attacks. Brute force attack: A definition + 6 types to know | Norton.

Scene 23 (3m 46s)

Common IoT Attacks. Types of Social Engineering Attacks Phishing: A scammer contacts victims posing as a reliable company or organization to collect sensitive data. Spear phishing: A phishing scam that targets a specific individual within a company or organization. Baiting: A scammer plants a digital storage device or link laced with malware where the target will find it. Tailgating: An attacker gains physical access to a restricted area by posing as a trusted individual..

Scene 24 (4m 4s)

Ransomware. Malware that encrypts a victim's files. The attacker then demands a payment from the victim to restore access to the data.

Scene 25 (4m 51s)

Common IoT Attacks. What Is Ransomware & How Does Ransomware Work? - Hashed Out by The SSL Store™.

Scene 26 (5m 0s)

Botnet. Traditional Botnet Collection of various computers or servers, often referred as zombies, which are infected with malware, thus allowing an attacker to control them Internet Relay Chat (IRC) DDOS Attack.

Scene 27 (5m 13s)

Botnet. IoT Botnet Collection of various IoT devices such as routers, wearables and embedded technologies infected with malware. This malware allows an attacker to control all the connected devices..

Scene 28 (5m 25s)

Cryptomining with IoT Bots. Mining cryptocurrency demands huge CPU and GPU resources, and another IoT security issue has emerged due to this precondition Infected botnets aimed at IoT devices, with the goal not to create damage, but mine cryptocurrency. IoT botnet miners have the potential to flood and disrupt the entire market in a single attack..

Scene 29 (5m 43s)

Case Study.

Scene 30 (5m 49s)

Case Study 1. Tampering. Normal operation 1 • of device 2 Sensor • Tampered 3 False decision • making 4 Service • Down.

Scene 31 (5m 58s)

Case Study 2. Man-in-the-Middle Attack. Normal operation 1 • of device 2 Attacker intercepts 3 1 Inject false readings 4 System Down.

Scene 32 (6m 7s)

Case Study 3. Unauthorized Access Using Default Password.

Scene 33 (6m 15s)

Case Study 4. Pacemaker 8,000 security flaws in pacemaker software.

Scene 34 (6m 30s)

Case Study 5. Unauthorized Syringe injections. Hackers Can Give You Fatal Overdoses.

Scene 35 (6m 38s)

Vulnerability Assessment & Penetration Testing (VAPT).

Scene 36 (6m 45s)

Introduction to VAPT. Definition of VAPT Vulnerability Assessment and Penetration Testing (VAPT) is a comprehensive security testing approach that combines two distinct methods to identify, evaluate, and address vulnerabilities in computer systems, networks, applications, and other digital assets.

Scene 37 (6m 59s)

Vulnerability Assessment. Vulnerability assessment is a systematic process of identifying, cataloging, and evaluating security vulnerabilities and weaknesses within an organization's information systems, networks, applications, and digital infrastructure. It involves the use of automated tools and manual techniques to scan, analyze, and categorize potential points of exploitability, helping organizations understand their exposure to cyber risks..

Scene 38 (7m 17s)

Penetration Testing. Penetration testing, often referred to as pen testing, is a proactive and controlled approach to assessing the security of an organization's systems, networks, applications, and digital assets. It involves simulating real-world cyberattacks by exploiting vulnerabilities to uncover potential weaknesses that malicious actors could exploit. The primary goal of penetration testing is to evaluate the effectiveness of an organization's security defenses, identify vulnerabilities that may not be apparent through other methods, and provide actionable insights to strengthen the overall cybersecurity posture. Through a combination of manual techniques and automated tools, penetration testing helps organizations uncover potential attack vectors and understand the potential impact of successful exploitation, aiding in risk management and targeted remediation efforts..

Scene 39 (7m 48s)

Phases of Penetration Testing. Pre-engagement Activities Scope Definition: Clearly defining the scope, objectives, and targets of the penetration test in collaboration with stakeholders. Authorization: Obtaining proper authorization from relevant parties to perform the test. Information Gathering Collecting as much information as possible about the target systems, applications, networks, and potential attack vectors. Using open-source intelligence (OSINT) and various tools to gather data on the target. Vulnerability Analysis Identifying potential vulnerabilities based on the collected information. Evaluating the vulnerabilities' severity and potential impact on the organization's security..

Scene 40 (8m 14s)

Phases of Penetration Testing. Exploitation Attempting to exploit identified vulnerabilities to gain unauthorized access or control over systems. Simulating real-world attacks to understand their feasibility and potential impact. Post-Exploitation Exploring the compromised systems to understand the extent of the compromise and potential lateral movement. Extracting valuable data or information to demonstrate the potential impact of a successful attack. Reporting Documenting findings, including details about vulnerabilities exploited, attack paths, and potential damage. Providing clear, concise, and actionable recommendations for remediation..

Scene 41 (8m 37s)

Phases of Penetration Testing. Remediation Collaborating with the organization's security team to address the identified vulnerabilities and weaknesses. Re-testing the systems to ensure that vulnerabilities have been effectively patched and remediated..

Scene 42 (8m 48s)

IoT Device Security.

Scene 43 (8m 54s)

Bluetooth Device Security.

Scene 44 (9m 0s)

WiFi Device Security.

Scene 45 (9m 6s)

Zigbee Device Security.

Scene 46 (9m 12s)

Prevention Strategies. Use a VPN Access only HTTPS websites Watch out for phishing scams Use strong router credentials Make sure your company has a software update policy.

Scene 47 (9m 23s)

Security Issues. Insecure network services Insecure web interface Insecure mobile interface Insecure cloud interface Insufficient authentication Insufficient authorization Lack of security configuration.

Scene 48 (9m 33s)

Simple Countermeasures. Network separations Firewalls Anti Virus Network analysis Patch management Intrusion Prevention System Intrusion Detection System.

Scene 49 (9m 42s)

Possible future scenarios. There will be an increase of attacks on all areas of the industrial infrastructure. Most attacks will not be targeted attacks (e.g. ransomware). We need to protect infrastructures against untargeted attacks. It is much more effort to protect oneself against targeted attacks. But the combination of countermeasures increases the security level..

Scene 50 (10m 0s)

Guidelines. All data being gathered and information being stored should be accounted Each device being connected to the network should be configured with security in mind The organization’s security strategy should be built on the assumption of compromise. Each device should be physically secured. Lightweight security protocol for constrained environments.