Protecting Embedded Devices from Internet Threats
description
Transcript of Protecting Embedded Devices from Internet Threats
Protecting Embedded Devices from Internet
Threats
Founded in 1992
Device ProtectionFloodgate Packet Filter – Embedded Firewall
Floodgate SNMP
Secure AccessIconfidant SSH
Iconfidant SSL
Network ManagementEnvoy SNMP
Custom software design & implementation
Company Overview
Hacking drones constantly scan Internet connected devices looking for vulnerabilities
Reported incidentsElectronic road signs reprogrammed by hackers
Electronic billboard reprogrammed to display adult content
Sewage spill caused by comprised control system
Packet flood/DoS attacks growing sharply*102% increase in attacks from 2009-2010
1000% increase in attacks from 2005-2010
* Arbor Networks Security Report, 2010
Growing Threat for Embedded Devices
Three main threats for embedded devices
Data securityUnauthorized access of the data on the device
Intercepting communications with the device
Device securitySomeone actually hacking into and taking control of the device
DoS attacksPacket floods or other attacks disable or disrupt device function
Growing Threat for Embedded Devices
Phase 1: Embedded systems lack securityDevices wide open to Internet attacks
Communication to devices easy to intercept
Phase 2: EncryptionSecures communication & access to the device
Still vulnerable to DoS attacks
Phase 3: Secure, protected devicesEmbedded firewall for complete device protection
Control what packets are processed
Protect against DoS attacks
A Brief History of Device Security
Floodgate Packet Filter – portable embedded firewallProtects embedded systems for DoS attacks
Layer based callbacks allow easy integration with any embedded device
Supports any embedded OS
Unique two stage filtering engine for greater protection and control
Rules-based filtering – controls what packets are processed
Threshold-based filtering protects from DoS attacks
Configurable/customizable for any application
Device Security
Floodgate Operation
Two stage filtering engine provides greater control of what packets are processed by the embedded device.
Layer-based callbacks allow Floodgate to be easily inserted at any layer in the network stack
Icon Labs
3636 Westown Pkwy, Suite 203
West Des Moines, IA 50266
www.icon-labs.com
515-226-3443
Contact us for a trial