dealing with iot security do nothing do simple
play

Dealing with IoT Security- Do nothing, Do simple things, or Do it - PowerPoint PPT Presentation

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting IoT on A Rise IoT Security Frameworks and Standards NIST - International Cybersecurity Standardization for the Internet of


  1. Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting

  2. IoT on A Rise

  3. IoT Security Frameworks and Standards • NIST - International Cybersecurity Standardization for the Internet of Things (IoT) • OWASP - IoT Security Guidance • ISA/IEC 62443 - Standards to Secure Your Industrial Automation & Control Systems (IC32) • CTIA - Cybersecurity Certification Program for Cellular-Connected IoT Devices • Etc ….

  4. IoT Security Attack Surface Network – Services, Firewall IoT Security Application – Authentication, Authorization, Input Validation Device Hardware – Physical Security, Local Storage, Encryption Mobile – Client Data Storage, Data Transport, API Cloud – Backend Server, Authorization, Update Security

  5. Security Review of IoT Environment

  6. IoT Security Testing- Do it Right !!! IoT Network IoT Application & Cloud IoT Device Hardware IoT Mobile Interface • • • • Insecure Server Authentication Device Firmware Device End Security • • Configuration Authorization Analysis Sensitive information • • • Default System Encryption usage Binary Code Analysis stored in cache • • • Passwords Lockout Spoofing Unencrypted Data • • • Unpatched systems Brute force Login JTAG/UART Review Storage • • • • Known Vulnerabilities & Injection Attacks Fuzzing Files inspection • • • Exploits XSS Underlying Software & Excess Permissions • • Insecure Firewall SQL application evaluation and Privileges • • • Configuration Weak Password Unencrypted Device Lockout policy • • • Information Leakage Privilege Escalation Communication Dynamic Analysis • • Improper Error Handling Authentication • • Weak cryptographic keys Authorization • • Vulnerable Ciphers and Encryption usage Protocols • Data Exfiltration

  7. You are not alone. We Can Help.

  8. Spirent SecurityLabs Credentials Certified & Experienced Security Consultants  CATL CTIA- IoT Cybersecurity Certification  CREST Global Certified Ethical Security Testers  OSCP Offensive Security Certified Professional  CEH Certified Ethical Hacker  CISSP Certified Information Systems Security Professional  GXPN GIAC Certified Exploit Researcher and Advanced Penetration Tester 
  GPEN GIAC Penetration Tester  GICSP Global Industrial Cyber Security Professional  NSA ISAM NSA InfoSec Assessment Methodology Certification  CCENT Cisco Certified Entry Networking Technician  UCP Unix Certified Programmer  Security+, Server+

  9. Thank You! SecurityLabs@Spirent.com https://www.spirent.com/Products/SecurityLabs

Recommend


More recommend