dealing with iot security do nothing do simple
play

Dealing with IoT Security- Do nothing, Do simple things, or Do it - PowerPoint PPT Presentation

Mar 22, 2023 •317 likes •437 views

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting IoT on A Rise IoT Security Frameworks and Standards NIST - International Cybersecurity Standardization for the Internet of

  1. Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting

  2. IoT on A Rise

  5. IoT Security Frameworks and Standards • NIST - International Cybersecurity Standardization for the Internet of Things (IoT) • OWASP - IoT Security Guidance • ISA/IEC 62443 - Standards to Secure Your Industrial Automation & Control Systems (IC32) • CTIA - Cybersecurity Certification Program for Cellular-Connected IoT Devices • Etc ….

  6. IoT Security Attack Surface Network – Services, Firewall IoT Security Application – Authentication, Authorization, Input Validation Device Hardware – Physical Security, Local Storage, Encryption Mobile – Client Data Storage, Data Transport, API Cloud – Backend Server, Authorization, Update Security

  7. Security Review of IoT Environment

  8. IoT Security Testing- Do it Right !!! IoT Network IoT Application & Cloud IoT Device Hardware IoT Mobile Interface • • • • Insecure Server Authentication Device Firmware Device End Security • • Configuration Authorization Analysis Sensitive information • • • Default System Encryption usage Binary Code Analysis stored in cache • • • Passwords Lockout Spoofing Unencrypted Data • • • Unpatched systems Brute force Login JTAG/UART Review Storage • • • • Known Vulnerabilities & Injection Attacks Fuzzing Files inspection • • • Exploits XSS Underlying Software & Excess Permissions • • Insecure Firewall SQL application evaluation and Privileges • • • Configuration Weak Password Unencrypted Device Lockout policy • • • Information Leakage Privilege Escalation Communication Dynamic Analysis • • Improper Error Handling Authentication • • Weak cryptographic keys Authorization • • Vulnerable Ciphers and Encryption usage Protocols • Data Exfiltration

  9. You are not alone. We Can Help.

  10. Spirent SecurityLabs Credentials Certified & Experienced Security Consultants  CATL CTIA- IoT Cybersecurity Certification  CREST Global Certified Ethical Security Testers  OSCP Offensive Security Certified Professional  CEH Certified Ethical Hacker  CISSP Certified Information Systems Security Professional  GXPN GIAC Certified Exploit Researcher and Advanced Penetration Tester 
  GPEN GIAC Penetration Tester  GICSP Global Industrial Cyber Security Professional  NSA ISAM NSA InfoSec Assessment Methodology Certification  CCENT Cisco Certified Entry Networking Technician  UCP Unix Certified Programmer  Security+, Server+

  11. Thank You! SecurityLabs@Spirent.com https://www.spirent.com/Products/SecurityLabs

Recommend

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By Sevan Janiyan What is pkgsrc Cross platform packaging system 23 listed platforms in 2015Q3 release notes Strive to keep local changes minimal

563 views • 44 slides
Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

3/23/2016 Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult conversations Dealing with angry customers Dealing with dissatisfied customers Problem solving model Three breakthrough techniques

637 views • 17 slides
CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO?

CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO?

CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO? NORTH DAKOTA CYBER SECURITY CONFERENCE Jay Beale, CTO and COO at InGuardians @jaybeale and @inguardians th , 2018 March 15

961 views • 50 slides
Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with

Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with

Clothing in the South Afric an CPI: E xc lusion of c le ar anc e sale s Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with clothing prices in absence of quality adjustments Index 100 120 140

213 views • 18 slides
Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem:

Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem:

Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem: I/O devices are slow Solution 1: wait for I/O CPU stops executing instructions

342 views • 9 slides
Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No answers are often wanted, but typically inappropriate. Security of an item depends much on the context in which it is used. Complex

770 views • 57 slides
Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research

Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research

Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research Daniel Crowley Head of Research X-Force Red Common Misconceptions #1: We Create Problems We do not create vulnerabilities, only find them QA

528 views • 37 slides
Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts

Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts

Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts for Portfolio Bonds Policies usually include a range of unit holdings and deposit accounts There is often a transaction or dealing account

78 views • 6 slides
Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the

Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the

Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the Inevitable! Conflicts of interest are inherent in all human relationships. Charlotte Jefferies Horty, Springer & Mattern Be Sensitive to,

222 views • 4 slides
Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

SEC204-S Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The cloud simplifies security. The cloud simplifies security. * When you understand how it works

1.76k views • 163 slides
SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (Joint work with Butler Lampson and Carl Ellison) 1 1 1 Outline context and history motivation and goals syntax

973 views • 38 slides
IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm - jvermillard@sierrawireless.com EclipseCON EU 2016 Introduction Managing connected devices Why it is simple to exploit non-secured systems How simple to have the minimum

1.14k views • 39 slides
8.1 Review In the previous lecture we began looking at algorithms for dealing with sequential

8.1 Review In the previous lecture we began looking at algorithms for dealing with sequential

CS/CNS/EE 253: Advanced Topics in Machine Learning Topic: Dealing with Partial Feedback #2 Lecturer: Daniel Golovin Scribe: Chris Berlind Date: Feb 1, 2010 8.1 Review In the previous lecture we began looking at algorithms for dealing with

505 views • 5 slides
Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black Hat Europe 2008/03/25 Lockpicking & Physical Security Deviant Ollam 1. Locks are not complicated mechanisms Simple components Simple

1.56k views • 123 slides
Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two

Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two

Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two foundation building workshops 2) Presented by Stanley Greene 3) Subject matter experts will lead subsequent workshops The Pennsylvania Treasury

700 views • 28 slides
WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping Radio broadcast Reduce TX powers! Encryption (WEP, TKIP, AES, IPsec) Authentication Shared secrets vs. stolen devices, large nets

964 views • 93 slides
Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry? Hacked site = Loss of business / reputation from loss of customer trust. Cleanup costs. Even small sites are at risk; bots dont discriminate!

326 views • 20 slides
Dealing With Angry Library Patron Behaviors With Andrew Sanderbeck Lets Talk About

Dealing With Angry Library Patron Behaviors With Andrew Sanderbeck Lets Talk About

Dealing With Angry Library Patron Behaviors With Andrew Sanderbeck Lets Talk About Where You Get Stuck Dealing With Angry Patrons Emotion vs. Logic in Dealing with Your Patrons Using the E+R=O technique to reduce stress and

478 views • 37 slides
DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S

DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S

DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S PERFORMANCE BEATING FORTRAN'S PERFORMANCE , PhD Student, Etvs Lornd University Gbor Horvth xazax.hun@gmail.com 1 ALIASING ALIASING int

1k views • 61 slides
NOT SORRY FOR DOING IT, BUT VERY SORRY FOR GETTING CAUGHT: DEALING WITH

NOT SORRY FOR DOING IT, BUT VERY SORRY FOR GETTING CAUGHT: DEALING WITH

NOT SORRY FOR DOING IT, BUT VERY SORRY FOR GETTING CAUGHT: DEALING WITH PLAGIARISM IN THE ASIA PACIFIC CLASSROOM Presented by Contribu5ng author LEANDA CARE YVONNE MCNULTY Partner,

338 views • 18 slides
EFFECTIVELY DEALING WITH DEADLINE PRESSURE DAVE MOORE 8TH LIGHT * EFFECTIVELY DEALING WITH

EFFECTIVELY DEALING WITH DEADLINE PRESSURE DAVE MOORE 8TH LIGHT * EFFECTIVELY DEALING WITH

EFFECTIVELY DEALING WITH DEADLINE PRESSURE DAVE MOORE 8TH LIGHT * EFFECTIVELY DEALING WITH DEADLINE PRESSURE WHO IS INVOLVED? Stakeholders (managers, executives, etc.) Engineers (dev, qa, ops, sys, etc.) Users (internal users,

689 views • 21 slides
Memcheck Reloaded: Memcheck Reloaded: dealing with compiler-generated branches dealing with

Memcheck Reloaded: Memcheck Reloaded: dealing with compiler-generated branches dealing with

Memcheck Reloaded: Memcheck Reloaded: dealing with compiler-generated branches dealing with compiler-generated branches on undefined values on undefined values Julian Seward, jseward@acm.org 2 February 2020. FOSDEM. Brussels. Motivation

330 views • 13 slides
Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A ccess C ontrol K ernel - Jos Bollo - - Jos Bollo - Con Contex text Jos Bollo Intel Eurogiciel Tizen Smack Linux 2

376 views • 20 slides
TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH VOLATILITY? Felice ADINOLFI OUTLINE Volatility drivers Factors affecting farmers income risk How we are currently dealing with volatility?

119 views • 9 slides

More recommend