Dealing with IoT Security- Do nothing, Do simple things, or Do it - - PowerPoint PPT Presentation

dealing with iot security do nothing do simple
SMART_READER_LITE
LIVE PREVIEW

Dealing with IoT Security- Do nothing, Do simple things, or Do it - - PowerPoint PPT Presentation

Mar 22, 2023 317 likes •441 views

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting IoT on A Rise IoT Security Frameworks and Standards NIST - International Cybersecurity Standardization for the Internet of

slide-1
SLIDE 1

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting

slide-2
SLIDE 2

IoT on A Rise

slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5

IoT Security Frameworks and Standards

  • NIST- International Cybersecurity Standardization for the Internet of Things (IoT)
  • OWASP- IoT Security Guidance
  • ISA/IEC 62443 - Standards to Secure Your Industrial Automation & Control Systems (IC32)
  • CTIA - Cybersecurity Certification Program for Cellular-Connected IoT Devices
  • Etc….
slide-6
SLIDE 6

IoT Security Attack Surface

IoT Security

Network – Services, Firewall

Application – Authentication, Authorization, Input Validation

Device Hardware – Physical Security, Local Storage, Encryption Mobile – Client Data Storage, Data Transport, API Cloud – Backend Server, Authorization, Update Security

slide-7
SLIDE 7

Security Review of IoT Environment

slide-8
SLIDE 8

IoT Security Testing- Do it Right !!!

IoT Application & Cloud

  • Authentication
  • Authorization
  • Encryption usage
  • Lockout
  • Brute force Login
  • Injection Attacks
  • XSS
  • SQL
  • Weak Password
  • Privilege Escalation

IoT Network

  • Insecure Server

Configuration

  • Default System

Passwords

  • Unpatched systems
  • Known Vulnerabilities &

Exploits

  • Insecure Firewall

Configuration

  • Information Leakage
  • Improper Error Handling
  • Weak cryptographic keys
  • Vulnerable Ciphers and

Protocols

  • Data Exfiltration

IoT Device Hardware

  • Device Firmware

Analysis

  • Binary Code Analysis
  • Spoofing
  • JTAG/UART Review
  • Fuzzing
  • Underlying Software &

application evaluation

  • Unencrypted

Communication IoT Mobile Interface

  • Device End Security
  • Sensitive information

stored in cache

  • Unencrypted Data

Storage

  • Files inspection
  • Excess Permissions

and Privileges

  • Device Lockout policy
  • Dynamic Analysis
  • Authentication
  • Authorization
  • Encryption usage
slide-9
SLIDE 9

You are not alone.

We Can Help.

slide-10
SLIDE 10

Spirent SecurityLabs Credentials

Certified & Experienced Security Consultants

 CATL

CTIA- IoT Cybersecurity Certification

 CREST

Global Certified Ethical Security Testers

 OSCP

Offensive Security Certified Professional

 CEH

Certified Ethical Hacker

 CISSP

Certified Information Systems Security Professional

 GXPN

GIAC Certified Exploit Researcher and Advanced Penetration Tester


 GPEN

GIAC Penetration Tester

 GICSP

Global Industrial Cyber Security Professional

 NSA ISAM

NSA InfoSec Assessment Methodology Certification

 CCENT

Cisco Certified Entry Networking Technician

 UCP

Unix Certified Programmer

 Security+, Server+

slide-11
SLIDE 11

Thank You!

SecurityLabs@Spirent.com

https://www.spirent.com/Products/SecurityLabs