Attacking & Defending Two versus two each player attacking ...
IoT Threats Seven Layers IoT Use Cases · 5 France 6 Italy 7 Canada 8 Norway 9 UK 10Bulgaria Top 50...
Transcript of IoT Threats Seven Layers IoT Use Cases · 5 France 6 Italy 7 Canada 8 Norway 9 UK 10Bulgaria Top 50...
IoT Threats IoT Use CasesSeven Layers of IoT Security
Summary
2017
8.4B DEVICES
20.4B DEVICES
2020
Gartner Gartner
*Excludes smartphones, tablets, and computers
2017
8.4B DEVICES
28.1B DEVICES
2020
IDCGartner
*Excludes smartphones, tablets, and computers
2017
8.4B DEVICES
1TDEVICES
2035
SoftBankGartner
*Excludes smartphones, tablets, and computers
Source: Infonetics Research
������������%$�� � �#��"����
���� �����!������&�
Source: Gartner
1�
Scan for telnet and/or known vulnerabilities
Brute force, stuffcreds, or exploit vulnerabilities
Same admincreds across all devices
2���� �
Install malware
Auto build thingbot
��������������
3����!
• DDoS• Banking trojans• PDoS, physical• Mine cryptocurrency• MiTM, data theft
• Darknet/s• Tor networks• Click, ad fraud • Political hacking• Cyber warfare
• Spy, surveillance• Credential stuffing• DNS redirect• Ransomware• Spam relay
Industries of Top 50 Attacking IPs
• China: 44%
• US: 6%
• Russia: 6%
• France: 4%
• Brazil: 3%
• Ukraine: 3%
• India: 2%
• Vietnam: 2%
• Japan: 1%
• Argentina: 1%
Top 10 Attacking Countries
Top 10 Attack Destination Countries
Country1 Spain
2 Hungary
3 US
4 Singapore
5 France
6 Italy
7 Canada
8 Norway
9 UK
10 Bulgaria
Top 50 Attacking IPs
• 36 of 50 in China
• 66% of IPs have been consistently attacking for 2 years
• Compromised IoT devices do not get cleaned up
Source: F5 Labs Threat Analysis Report "The Hunt for IoT", March 2018
84%Telco/ISP
14%Hosting
Manufacturing2%
••
•
••
400
600
990
1200
Spamhaus Brian Krebs OVH Dyn
Mirai DDoS attacksPrior world record
Connected devices
Broker
Traffic
IoT platform
Devices Internet Proxy Application
Traffic
SSL everywhere, avoid man in the middle
Connected devicesIoT platform
SSL offload
Broker
2. Revocation
© 2018 F5 Networks 20
SSL offload
Traffic
Cert-based authentication
Manage certificates – Good / bad / expired / compromised devices
Connected devicesIoT platform
Broker
© 2018 F5 Networks 21
Car / Sensor / Brake / Temperature
Topic
Enforce – Device topics and quality of service
Field Name Value SelectionType StandardService port Either type or select MQTT service portConfiguration AdvancedProtocol TCPMQTT Click to enable MQTT
© 2018 F5 Networks 22
SSL tunnels
MQTT brokers
Traffic
IoT App Azure
IoT App AWS
IoT App Data Center
SSL offload
Traffic steering based on content
Traffic steering to cloud, on-premises, hybrid, multi-cloud
Connected devicesData center / Private cloud
© 2018 F5 Networks 23
SSL
Broker
TLS CERTIFICATE SUBJECT ID
Traffic
Cert-based authentication
Do not rely on passwords: Use common name from the certificate in the headers to authenticate to the backend IoT application
IoT platformConnected devices
© 2018 F5 Networks 24
SSL tunnels
MQTT brokers
Traffic
Partition 2
Partition 1
Partition 3
SSL offload
Secure zones based on things
attributes
Agility to create different security zones, per group of devices or types of devices
Data center / Private cloudConnected devices
App: MQTT, CoAP, XMPP, AMQP
Session: SSL/TLS/DTLS
Transport: TCP/UDP
Network: IPv4, IPv6
Application: HTTP, DNS
Session: SSL/TLS/DTLS
Transport: TCP/UDP
Network: IPv4, IPv6
Web application IoT application
Verticals MQTT CoAP AMQP XMPP HTTP HTTP 2.0 WebSkt LWM2M
ManufacturingFactories, Mining
UtilitiesEnergy
Smart spacesHome, Building, City
TransportationCars, Public transit
Platform providersCloud, Service, Integration
MQTT ‒ Message Queuing Telemetry TransportCoAP ‒ Constrained Application ProtocolXMPP ‒ Extensible Messaging and Presence ProtocolAMQP ‒ Advanced Message Queuing Protocol
1.2.3.4.5.6.7.
... all of this makes up an IoT Firewall for your IoT applications and services
Connected cars
••••
•••
3rd party app
MQTT/TLS
HTTPS
Enterprise appsin data centerMQTT + iRules
ADC, Security, Traffic Management
MQTT broker & Enterprise Service Bus
Machine to Machine
HTTPS
3M to 8M vehicles
AMQP
MQTT
REST
JMS
Human to Machine Interface
Connected box
•
•
•
•
•
•
•
•
MQTT/WebsocketsMQTT client
Enterprise apps
in data center
MQTT + iRules
ADC, Security,
Traffic ManagementX.509 certs
installed5M-10M set-top boxes
MQTT
Extract JWT token from MQTT
message for authentication HMAC
MQTT client
MQTT broker & client
Power meters
••
••
Tiered data centerADC, Security,
Traffic Management.
CoAP
IPv6 CoAP (UDP)• Power meter on mesh• 2G/3G CMDA • Private network
Vacuum cleaners
•
•
•
•
•
90% MQTTRobot vacuum cleaner
AWS brokersMQTT + iRules ADC, Security,
Traffic Management
In-houseWiFi
MQTT
Updates
10% HTTP
•
•
•
•
•