dealing with iot security do nothing do simple
play

Dealing with IoT Security- Do nothing, Do simple things, or Do it - PowerPoint PPT Presentation

Mar 22, 2023 •317 likes •437 views

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting IoT on A Rise IoT Security Frameworks and Standards NIST - International Cybersecurity Standardization for the Internet of

  1. Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting

  2. IoT on A Rise

  5. IoT Security Frameworks and Standards • NIST - International Cybersecurity Standardization for the Internet of Things (IoT) • OWASP - IoT Security Guidance • ISA/IEC 62443 - Standards to Secure Your Industrial Automation & Control Systems (IC32) • CTIA - Cybersecurity Certification Program for Cellular-Connected IoT Devices • Etc ….

  6. IoT Security Attack Surface Network – Services, Firewall IoT Security Application – Authentication, Authorization, Input Validation Device Hardware – Physical Security, Local Storage, Encryption Mobile – Client Data Storage, Data Transport, API Cloud – Backend Server, Authorization, Update Security

  7. Security Review of IoT Environment

  8. IoT Security Testing- Do it Right !!! IoT Network IoT Application & Cloud IoT Device Hardware IoT Mobile Interface • • • • Insecure Server Authentication Device Firmware Device End Security • • Configuration Authorization Analysis Sensitive information • • • Default System Encryption usage Binary Code Analysis stored in cache • • • Passwords Lockout Spoofing Unencrypted Data • • • Unpatched systems Brute force Login JTAG/UART Review Storage • • • • Known Vulnerabilities & Injection Attacks Fuzzing Files inspection • • • Exploits XSS Underlying Software & Excess Permissions • • Insecure Firewall SQL application evaluation and Privileges • • • Configuration Weak Password Unencrypted Device Lockout policy • • • Information Leakage Privilege Escalation Communication Dynamic Analysis • • Improper Error Handling Authentication • • Weak cryptographic keys Authorization • • Vulnerable Ciphers and Encryption usage Protocols • Data Exfiltration

  9. You are not alone. We Can Help.

  10. Spirent SecurityLabs Credentials Certified & Experienced Security Consultants  CATL CTIA- IoT Cybersecurity Certification  CREST Global Certified Ethical Security Testers  OSCP Offensive Security Certified Professional  CEH Certified Ethical Hacker  CISSP Certified Information Systems Security Professional  GXPN GIAC Certified Exploit Researcher and Advanced Penetration Tester 
  GPEN GIAC Penetration Tester  GICSP Global Industrial Cyber Security Professional  NSA ISAM NSA InfoSec Assessment Methodology Certification  CCENT Cisco Certified Entry Networking Technician  UCP Unix Certified Programmer  Security+, Server+

  11. Thank You! SecurityLabs@Spirent.com https://www.spirent.com/Products/SecurityLabs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By Sevan Janiyan What is pkgsrc Cross platform packaging system 23 listed platforms in 2015Q3 release notes Strive to keep local changes minimal

563 views • 44 slides
Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

3/23/2016 Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult conversations Dealing with angry customers Dealing with dissatisfied customers Problem solving model Three breakthrough techniques

637 views • 17 slides
CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO?

CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO?

CYBER SECURITY IS OUR SHARED RESPONSIBILITY WHAT ARE WE DEALING WITH AND WHAT DO WE NEED TO DO? NORTH DAKOTA CYBER SECURITY CONFERENCE Jay Beale, CTO and COO at InGuardians @jaybeale and @inguardians th , 2018 March 15

961 views • 50 slides
Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with

Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with

Clothing in the South Afric an CPI: E xc lusion of c le ar anc e sale s Patrick Kelly and Lee Everts Aim of this pape r To demonstrate a simple method for dealing with clothing prices in absence of quality adjustments Index 100 120 140

213 views • 18 slides
Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem:

Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem:

Dealing With I/O Dealing With I/O CS 105 Tour of the Black Holes of Computing Problem: I/O devices are slow Solution 1: wait for I/O CPU stops executing instructions

342 views • 9 slides
Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No answers are often wanted, but typically inappropriate. Security of an item depends much on the context in which it is used. Complex

770 views • 57 slides
Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research

Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research

Dealing with Adversarial Relationships in Information Security Daniel Crowley, Head of Research Daniel Crowley Head of Research X-Force Red Common Misconceptions #1: We Create Problems We do not create vulnerabilities, only find them QA

528 views • 37 slides
Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts

Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts

Cross Border Update Dermot Corry Dealing/Transaction Accounts Dealing/transaction accounts for Portfolio Bonds Policies usually include a range of unit holdings and deposit accounts There is often a transaction or dealing account

78 views • 6 slides
Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the

Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the

Conflicts of Interest: Dealing with the Inevitable! Conflicts of Interest: Dealing with the Inevitable! Conflicts of interest are inherent in all human relationships. Charlotte Jefferies Horty, Springer & Mattern Be Sensitive to,

222 views • 4 slides
Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

SEC204-S Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The cloud simplifies security. The cloud simplifies security. * When you understand how it works

1.76k views • 163 slides
SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (Joint work with Butler Lampson and Carl Ellison) 1 1 1 Outline context and history motivation and goals syntax

973 views • 38 slides
IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm - jvermillard@sierrawireless.com EclipseCON EU 2016 Introduction Managing connected devices Why it is simple to exploit non-secured systems How simple to have the minimum

1.14k views • 39 slides
8.1 Review In the previous lecture we began looking at algorithms for dealing with sequential

8.1 Review In the previous lecture we began looking at algorithms for dealing with sequential

CS/CNS/EE 253: Advanced Topics in Machine Learning Topic: Dealing with Partial Feedback #2 Lecturer: Daniel Golovin Scribe: Chris Berlind Date: Feb 1, 2010 8.1 Review In the previous lecture we began looking at algorithms for dealing with

505 views • 5 slides
Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Black Hat Europe 2008/03/25 Lockpicking & Physical Security Deviant Ollam 1. Locks are not complicated mechanisms Simple components Simple

1.56k views • 123 slides
Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two

Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two

Building Wealth Simple Steps to Financial Security Introduction/ Background 1) First of two foundation building workshops 2) Presented by Stanley Greene 3) Subject matter experts will lead subsequent workshops The Pennsylvania Treasury

700 views • 28 slides
WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping Radio broadcast Reduce TX powers! Encryption (WEP, TKIP, AES, IPsec) Authentication Shared secrets vs. stolen devices, large nets

964 views • 93 slides
Vote/Veto Meta-Classifier for Authorship Identification Roman Kern Christin Seifert Mario

Vote/Veto Meta-Classifier for Authorship Identification Roman Kern Christin Seifert Mario

Vote/Veto Meta-Classifier for Authorship Identification Roman Kern Christin Seifert Mario Zechner Michael Granitzer Institute of Knowledge Management Graz University of Technology { rkern, christin.seifert } @tugraz.at - Know-Center GmbH {

467 views • 22 slides
Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone (andrew.goldstone@rutgers.edu) Office hours: Murray 019, Thursdays 11:301:30 or by appointment September 30, 2019. Joyce (3). review: quotation direct I

429 views • 13 slides
Happy Bastille Day! model theory Elliotts program and descriptive set theorydescriptive set

Happy Bastille Day! model theory Elliotts program and descriptive set theorydescriptive set

Happy Bastille Day! model theory Elliotts program and descriptive set theorydescriptive set theory III Ilijas Farah (joint work with Bradd Hart and David Sherman and with George Elliott, Vern Paulsen, Christian Rosendal, Andrew Toms and

766 views • 28 slides
10/5/2020 NORTHEAST OHIO October 1, 2020 Slide Title Welcome to Northeast Ohio Virtual

10/5/2020 NORTHEAST OHIO October 1, 2020 Slide Title Welcome to Northeast Ohio Virtual

10/5/2020 NORTHEAST OHIO October 1, 2020 Slide Title Welcome to Northeast Ohio Virtual Transition Booster Sessions! Back to the Basics: Advocating for Your Transition-Age Loved One During COVID-19 and Beyond Hosted by: Planning Team: 1

360 views • 15 slides
1 Other Business Medical Insurance RB, MWH & TCD Changed Insurance Agents 4 BOD

1 Other Business Medical Insurance RB, MWH & TCD Changed Insurance Agents 4 BOD

Financial & Investment Review Board of Directors Meeting March 1, 2017 Financial Overview Tony support work for Trevor Dec 31, 2016 Financial Statements 2/26/17 Balance Sheet Preliminary 2017 Budget Draft Audit

373 views • 20 slides
Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee

Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee

Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee <lee@iit.edu> Agenda - Concurrency: what, why, how - Concurrency-related problems - Locks & Locking strategies - Concurrent programming with semaphores

1.8k views • 177 slides
Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis Reinhard Wilhelm Universitt des Saarlandes wilhelm@cs.uni-saarland.de 14. November 2013 Attribute Dependencies

879 views • 38 slides
Restricted Party Screening through Visual Compliance David W Sundvall , David W Sundvall , Senior

Restricted Party Screening through Visual Compliance David W Sundvall , David W Sundvall , Senior

Restricted Party Screening through Visual Compliance David W Sundvall , David W Sundvall , Senior Manager, Risk and Export Senior Manager, Risk and Export April 2019 April 2019 Why UCAR Conducts RPS Various U.S. government agencies

426 views • 16 slides

More recommend